JD.CATCH
Klocwork reports a JD.CATCH issue when it finds a catch block with an unwanted exception such as java.lang.NullPointerException. A list of possible exceptions is in the Parameters section.
Vulnerability and risk
Exceptions, as their names implies, should be used only for exceptional conditions; they should never be used for ordinary control flow. Using exceptions for control flow dramatically reduces performance, maintainability, and readability of the code.
Mitigation and prevention
Change the code to code that does a preventive check (full null, array index, and so on).
Example 1
String test1(String my) {
try {
return my.substring(1,4);
} catch (NullPointerException e) {
return "";
}
}
JD.CATCH is reported on line 12: Catching 'java.lang.NullPointerException' explicitly is usually a bad practice. Use preventive checks on data instead.
External guidance
Security training
Application security training materials provided by Secure Code Warrior.