Uploaded image for project: 'Rules Repository'
  1. Rules Repository
  2. RSPEC-1166

Exception handlers should preserve the original exceptions

    XMLWordPrintable

    Details

    • Message:
      Either log or rethrow this exception.
    • List of parameters:
      Hide

      key = exceptions
      description = List of exceptions which should not be checked. Use a simple dash ('-') character to check all exceptions.
      default = java.lang.InterruptedException, java.lang.NumberFormatException, java.text.ParseException, java.net.MalformedURLException,java.time.format.DateTimeParseException

      Show
      key = exceptions description = List of exceptions which should not be checked. Use a simple dash ('-') character to check all exceptions. default = java.lang.InterruptedException, java.lang.NumberFormatException, java.text.ParseException, java.net.MalformedURLException,java.time.format.DateTimeParseException
    • Default Severity:
      Major
    • Impact:
      Low
    • Likelihood:
      High
    • Targeted languages:
      C#, C++
    • Covered Languages:
      Java
    • Remediation Function:
      Constant/Issue
    • Constant Cost:
      10min
    • Analysis Scope:
      Main Sources
    • CERT:
      ERR00-J.
    • CWE:
      CWE-778
    • OWASP:
      A10
    • PMD:
      AvoidLosingExceptionInformation, AvoidRethrowingException, PreserveStackTrace, UseCorrectExceptionLogging, AvoidThrowingNewInstanceOfSameException

      Description

      When handling a caught exception, the original exception's message and stack trace should be logged or passed forward.

      Noncompliant Code Example

      try {
        /* ... */ 
      } catch (Exception e) {   // Noncompliant - exception is lost
        LOGGER.info("context");
      }   
      
      try {
        /* ... */ 
      } catch (Exception e) {  // Noncompliant - exception is lost (only message is preserved)
        LOGGER.info(e.getMessage()); 
      }   
      
      try {
        /* ... */ 
      } catch (Exception e) {  // Noncompliant - original exception is lost 
        throw new RuntimeException("context"); 
      }
      

      Compliant Solution

      try {
        /* ... */ 
      } catch (Exception e) { 
        LOGGER.info(e);  // exception is logged
      } 
      
      try {
        /* ... */ 
      } catch (Exception e) {
        throw new RuntimeException(e);   // exception stack trace is propagated
      }
      
      try {
        /* ... */
      } catch (RuntimeException e) {
        doSomething();
        throw e;  // original exception passed forward
      } catch (Exception e) {
        throw new RuntimeException(e);  // Conversion into unchecked exception is also allowed
      }
      

      Exceptions

      InterruptedException, NumberFormatException, DateTimeParseException, ParseException and MalformedURLException exceptions are arguably used to indicate nonexceptional outcomes. Similarly, handling NoSuchMethodException is often required when dealing with the Java reflection API.
      Because they are part of Java, developers have no choice but to deal with them. This rule does not verify that those particular exceptions are correctly handled.

      int myInteger;
      try {
        myInteger = Integer.parseInt(myString);
      } catch (NumberFormatException e) {
        // It is perfectly acceptable to not handle "e" here
        myInteger = 0;
      }
      

      Furthermore, no issue will be raised if the exception message is logged with additional information, as it shows that the developer added some context to the error message.

      try {
        /* ... */
      } catch (Exception e) {
        String message = "Exception raised while authenticating user: " + e.getMessage();
        LOGGER.warn(message); // Compliant - exception message logged with some contextual information
      }
      

      See

        Attachments

          Issue Links

          1.
          ABAP RSPEC-5986 Language-Specification Active Unassigned
          2.
          PL/SQL RSPEC-5987 Language-Specification Active Unassigned

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              freddy.mallet Freddy Mallet (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated: