| Wiki Markup |
|---|
According to the Java Language Specification \[[JLS 05|AA. Java References#JLS 05]\] Sectionsection 11.2 "Compile-Time Checking of Exceptions": |
The unchecked exceptions classes are the class
RuntimeExceptionand its subclasses, and the classErrorand its subclasses. All other exception classes are checked exception classes.
...
Unchecked exception classes such as Error and its subclasses do not undergo compile time checking as it is tedious to account for all cases and recovery is generally difficult. However, most often recovery is not impossible, or at least a graceful exit that logs the error is feasible.
Noncompliant Code Example
This noncompliant code example generates a StackOverflowError due to as a result of infinite recursion. This would tend to exhaust the existing stack spaceexhausts the available stack space and may result in a denial of service.
| Code Block | ||
|---|---|---|
| ||
public class StackOverflow {
public static void main(String[] args) {
infiniteRun();
System.out.println("Continuing...");
}
private static void infiniteRun() {
infiniteRun();
}
}
|
...
This compliant solution shows how a try-catch block that can be used to capture java.lang.Error or java.lang.Throwable. A log entry can be made at this point followed by attempts to free system resources.
...
Note that this solution is an exception to EXC32-J. Do not catch RuntimeException since because it catches Throwable in an attempt to handle the error.
...
Allowing a system error to propagate right out of a Java program may result in a denial - of - service attack.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXC03- J | low | unlikely | medium | P2 | L3 |
...