SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 2

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 3

changes.mady.by.user Fred Long

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki Markup
According to
JLS,
 \[[JLS 05|AA. Java References#JLS 05]\] Section 11.2:

"The unchecked exceptions classes are the class RuntimeException and its subclasses, and the class Error and its subclasses. All other exception classes are checked exception classes."

...

Code Block
bgColor#ccccff
public class StackOverflow {
  public static void main(String[] args) {
    infiniteRun();
    System.out.println("Continuing...");
  }
    
  private static void infiniteRun() {
    try {
      infiniteRun();
    }catch(Throwable t) {
      System.out.println("Handling error...");
      //free cache, release resources and log error to file
    }
  }
}

Risk Assessment

TODOAllowing a system error to propagate right out of a Java program may result in a denial-of-service attack.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

CTL00-J

?? low ??

unlikely

?? medium

P??

L??

Automated Detection

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[Kalinovsky 04|AA. Java References#Kalinovsky 04]\] Chapter 16, Intercepting Control Flow - Intercepting System Errors
\[[JLS 05|AA. Java References#JLS 05]\] Section 11.2, Compile-Time Checking of
Covert Java, Chapter 16, Intercepting Control Flow - Intercepting System Errors
JLS, 11.2 Compile-Time Checking of 
Exceptions