16f6c0aecf
Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in.
66 lines
2.3 KiB
Plaintext
66 lines
2.3 KiB
Plaintext
== Why is this an issue?
|
|
|
|
``++java.lang.Error++`` and its subclasses represent abnormal conditions, such as ``++OutOfMemoryError++``, which should only be encountered by the Java Virtual Machine.
|
|
|
|
|
|
=== Noncompliant code example
|
|
|
|
[source,java]
|
|
----
|
|
public class MyException extends Error { /* ... */ } // Noncompliant
|
|
----
|
|
|
|
|
|
=== Compliant solution
|
|
|
|
[source,java]
|
|
----
|
|
public class MyException extends Exception { /* ... */ } // Compliant
|
|
----
|
|
|
|
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
Extend "java.lang.Exception" or one of its subclasses.
|
|
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
=== on 16 Aug 2013, 08:48:32 Freddy Mallet wrote:
|
|
Is implemented by \http://jira.codehaus.org/browse/SONARJAVA-293
|
|
|
|
=== on 19 Aug 2013, 23:49:03 Ann Campbell wrote:
|
|
Dinesh, you've rewritten the description to say that Errors "should never happen," but that's not a very helpful statement. Bad things "should never happen" to good people. But they do.
|
|
|
|
|
|
What was wrong with saying that it's something that "should only be thrown by the Java Virtual Machine or by classes belonging to technical libraries interacting directly with hardware."? I thought that was a great explanation.
|
|
|
|
=== on 20 Aug 2013, 07:25:46 Dinesh Bolkensteyn wrote:
|
|
Well I think we can safely drop the low-level classes part.
|
|
|
|
Even if you're dealing with hardware (let's say a cryptographic random number generator), there isn't any real good reason to throw an instance of Error. If there's an IO error, if it gets unplugged, all those things can happen and should be dealt with.
|
|
|
|
Errors from the JVM prevents your code from being executed - that's a totally different situation that you can't really deal with, because your code is not executed.
|
|
|
|
Adding a low level exception is opening the doors to exceptions to this rule, and I don't think it is a good idea.
|
|
|
|
|
|
But you're right, I prefer your version except for the 'low-level' part, so I suggest to just remove that and we'll be done.
|
|
|
|
=== on 2 Feb 2015, 20:14:08 Sébastien Gioria wrote:
|
|
Part of OWASP Top10 2013 A6
|
|
|
|
=== on 3 Feb 2015, 20:07:38 Ann Campbell wrote:
|
|
\[~sebastien.gioria], I don't understand how this ties to OWASP A6. Can you point me in the right direction?
|
|
|
|
endif::env-github,rspecator-view[]
|