CS.EMPTY.CATCH

Nothing is written in a catch block. If you catch an exception, it is better to process it than ignore it.

Example 1

1
2
3
4
5
6
7
8
  class FileHandler {
      public void Open(String name) {
          try {
              // opening file ...
          } catch (FileNotFoundException e) {   // defect - no statements in the 'catch' clause
          }
      }
  }

External guidance

• OWASP A6:2017 Security Misconfiguration
• STIG-ID:APP3120 Application has error handling vulnerabilities

Security training

Application security training materials provided by Secure Code Warrior.

• Security Misconfiguration Training Video - Test your skills with a training example