ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S1181/java/rule.adoc
Egon Okerman d1417e82f8
Modify CWE and OWASP Top 10 links to follow standard link format (APPSEC-1134) (#3529) 
* Fix all CWE references

* Fix all OWASP references

* Fix missing CWE prefixes
2024-01-15 17:15:56 +01:00

51 lines
1.3 KiB
Plaintext
Raw Blame History

== Why is this an issue?
``++Throwable++`` is the superclass of all errors and exceptions in Java. ``++Error++`` is the superclass of all errors, which are not meant to be caught by applications.
Catching either ``++Throwable++`` or ``++Error++`` will also catch ``++OutOfMemoryError++`` and ``++InternalError++``, from which an application should not attempt to recover.
=== Noncompliant code example
[source,java]
----
try { /* ... */ } catch (Throwable t) { /* ... */ }
try { /* ... */ } catch (Error e) { /* ... */ }
----
=== Compliant solution
[source,java]
----
try { /* ... */ } catch (RuntimeException e) { /* ... */ }
try { /* ... */ } catch (MyException e) { /* ... */ }
----
== Resources
* CWE - https://cwe.mitre.org/data/definitions/396[CWE-396 - Declaration of Catch for Generic Exception]
* https://wiki.sei.cmu.edu/confluence/display/java/ERR08-J.+Do+not+catch+NullPointerException+or+any+of+its+ancestors[CERT, ERR08-J.] - Do not catch NullPointerException or any of its ancestors
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
=== Message
Catch Exception instead of [Throwable|Error]
'''
== Comments And Links
(visible only on this page)
include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink