ECC.EMPTY

An Empty Catch Clause (ECC.EMPTY) warning appears if nothing is written in a catch block. If you catch an exception, it would be better to process it rather than to ignore it.

Example 1

12     public void openFile(String name) {
13         try {
14             FileInputStream is = new FileInputStream(name);
15             // read file ...
16         } catch (FileNotFoundException e) {
17             // TODO Auto-generated catch block
18         }
19     }

ECC.EMPTY is reported for line 16: Empty catch clause

External guidance

• CWE-391: Unchecked Error Condition
• OWASP A6:2017 Security Misconfiguration
• STIG-ID:APP3120 Application has error handling vulnerabilities

Security training

Application security training materials provided by Secure Code Warrior.

• Dos Uncaught Errors Training Video - Test your skills with a training example