38 lines
1.7 KiB
Plaintext
38 lines
1.7 KiB
Plaintext
=== is related to: S2738
|
|
|
|
=== on 21 Nov 2014, 15:15:15 Freddy Mallet wrote:
|
|
My 2 cents [~ann.campbell.2]:
|
|
|
|
* For me this rule duplicates RSPEC-1181 in Java
|
|
* And catching an Exception in Java is not at all an issue. I would even say that this is a good practice at some levels when you want to be sure to catch all possible exceptions. this is only an issue if you catch Error or Throwable exception
|
|
|
|
|
|
=== on 24 Nov 2014, 13:53:02 Ann Campbell wrote:
|
|
\[~freddy.mallet] I specifically asked [~nicolas.peru] about that & he disagreed & saw this as separate from RSPEC-1181.
|
|
|
|
=== on 25 Nov 2014, 10:56:40 Freddy Mallet wrote:
|
|
I'm going to say it differently : as a Java developer I do believe that this rule is useless and even misleading. Indeed the best practice is the following one:
|
|
|
|
* Most of the time we should catch only specialized exceptions
|
|
* But as soon we are located at the boundary of a technical stack (SonarQube <-> Plugins, Web <-> EJB, ...), generic exceptions (but not Throwable and Error, see RSPEC-1181) should be caught.
|
|
|
|
So if we activate this rule on our own portfolio, we'll generate lot of false-positives.
|
|
|
|
=== on 4 Dec 2014, 19:04:12 Ann Campbell wrote:
|
|
\[~freddy.mallet] it sounds like you'd like to see this rule closed. Does the fact that it replaces a PMD rule change your mind?
|
|
|
|
=== on 5 Dec 2014, 08:21:50 Freddy Mallet wrote:
|
|
Let me think twice about this rule [~ann.campbell.2] :), thanks
|
|
|
|
=== on 2 Feb 2015, 20:31:14 Sébastien Gioria wrote:
|
|
Could be tag OWASP Top10 2013 A6
|
|
|
|
|
|
it 's CERT Secure Coding ERR53-J
|
|
|
|
=== on 3 Feb 2015, 20:19:01 Ann Campbell wrote:
|
|
Thanks [~sebastien.gioria].
|
|
|
|
I'm going to skip the CERT reference; it's about ``++throw++``-ing rather than ``++catch++``-ing. Also, I don't understand how this ties to OWASP A6.
|
|
|