EXC.BROADTHROWS
A method should throw exceptions appropriate to the abstraction level. When a method throws exceptions that are too general, like Exception and Throwable, it is difficult for callers to handle errors correctly and do appropriate error recovery.
Vulnerability and risk
When method throws exceptions that are too general, callers have to investigate what kind of problem happened so that they can handle it appropriately. Also, when a method code is changed and a new kind of exception is introduced, it's harder to force all callers to handle it properly.
Mitigation and prevention
A method should throw exceptions appropriate to the abstraction level. When necessary, low-level exceptions can be wrapped with higher-level exceptions.
Example 1
public void processFile(String fileName) throws Exception {
InputStream is = new FileInputStream(fileName);
// do something
}
public int calculateSum(Collection data) throws Throwable {
int sum = 0;
for (Iterator it = data.iterator(); it.hasNext();) {
String element = (String) it.next();
int i = Integer.parseInt(element);
sum += i;
}
return sum;
}
EXC.BROADTHROWS is reported for method 'processFile' declaration on line 15: The 'processFile' method throws a generic exception 'java.lang.Exception'.
EXC.BROADTHROWS is reported for method 'calculateSum' declaration on line 19: The 'calculateSum' method throws a generic exception 'java.lang.Throwable'.
External guidance
Security training
Application security training materials provided by Secure Code Warrior.