JD.CATCH

Klocwork reports a JD.CATCH issue when it finds a catch block with an unwanted exception such as java.lang.NullPointerException. A list of possible exceptions is in the Parameters section.

Vulnerability and risk

Exceptions, as their names implies, should be used only for exceptional conditions; they should never be used for ordinary control flow. Using exceptions for control flow dramatically reduces performance, maintainability, and readability of the code.

Mitigation and prevention

Change the code to code that does a preventive check (full null, array index, and so on).

Example 1

Copy
      String test1(String my) {
         try {
             return my.substring(1,4);
         } catch (NullPointerException e) {
             return "";
         }
     }

JD.CATCH is reported on line 12: Catching 'java.lang.NullPointerException' explicitly is usually a bad practice. Use preventive checks on data instead.

Security training

Application security training materials provided by Secure Code Warrior.