SEI CERT Oracle Secure Coding Standard for Java - Guidelines 07. Exceptional Behavior (ERR)

A category in the Common Weakness Enumeration published by The MITRE Corporation.

  • Source

    CWE Catalog - 4.14

  • Identifier

    CWE-1141

  • Status

    Stable

Contents

Summary

Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

Weaknesses in this category are related to the rules and recommendations in the Exceptional Behavior (ERR) section of the SEI CERT Oracle Secure Coding Standard for Java.

Weaknesses

Declaration of Throws for Generic Exception

Throwing overly broad exceptions promotes complex error handling code that is more likely to contain security vulnerabilities.

Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the pro...

Improper Check or Handling of Exceptional Conditions

The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.

Improper Cleanup on Thrown Exception

The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow.

Incomplete Cleanup

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

Incorrect Control Flow Scoping

The product does not properly return control flow to the proper location after it has completed a task or detected an unusual condition.

J2EE Bad Practices: Use of System.exit()

A J2EE application uses System.exit(), which also shuts down its container.

Return Inside Finally Block

The code has a return statement inside a finally block, which will cause any thrown exception in the try block to be discarded.

Uncaught Exception

An exception is thrown from a function, but it is not caught.

Concepts

Weaknesses Addressed by the SEI CERT Oracle Coding Standard for Java

CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the online wiki that reflects that current rules and recommen...

See Also

  1. SEI CERT Oracle Coding Standard for Java : Rule 07. Exceptional Behavior (ERR)

    The Software Engineering Institute

  2. SEI CERT Oracle Coding Standard for Java : Rec 07. Exceptional Behavior (ERR)

    The Software Engineering Institute

Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.