 
                            Methods are forbidden to must not throw RuntimeException or Exception; handling , Exception, or Throwable. Handling these exceptions requires catching RuntimeException, which is forbidden in guideline EXC14disallowed by ERR08-J.  Catch specific exceptions as opposed to the more general RuntimeException or ExceptionDo not catch NullPointerException or any of its ancestors. Moreover, throwing a RuntimeException can lead to subtle errors, ; for instanceexample, a caller cannot examine the exception to determine why it was thrown , and consequently cannot attempt recovery.
Instead, prefer throwing a more Methods can throw a specific exception , subclassed from Exception or RuntimeException. Note that it is permissible to construct an exception class specifically for a single throw statement.
Noncompliant Code Example
This The isCapitalized() method in this noncompliant code example accepts a string and returns true when it the string consists of a capital letter followed by lowercase letters. To handle corner cases, it checks for various exceptional conditions and throws exceptions when they are likely to disrupt normal operationThe method also throws a RuntimeException when passed a null string argument.
| Code Block | ||
|---|---|---|
| 
 | ||
| 
boolean isCapitalized(String s) {
  if (s == null) {
    throw new RuntimeException("Null String");
  }
  if (s.equals("")) {
    return true;
  }
  String first = s.substring(0, 1);
  String rest = s.substring(1);
  return (first.equals(first.toUpperCase()) &&
          rest.equals(rest.toLowerCase()));
}
 | 
To handle the case of passing in a null string parameter, code calling this method may require catching RuntimeException, which is a violation of guideline EXC14-J. Catch specific exceptions as opposed to the more general RuntimeException or ExceptionA calling method must also violate ERR08-J. Do not catch NullPointerException or any of its ancestors to determine whether the RuntimeException was thrown.
Compliant Solution
This compliant solution throws a specific exception (NullPointerException) to denote the particular specific exceptional condition.:
| Code Block | ||
|---|---|---|
| 
 | ||
| boolean isCapitalized(String s) { if (s == null) { // redundant; shown for clarity throw new NullPointerException();// redundant; shown for clarity } // redundant; shown for clarity if (s.equals("")) { return true; } String first = s.substring(0, 1); String rest = s.substring(1); return (first.equals(first.toUpperCase()) && rest.equals(rest.toLowerCase())); } | 
Although the explicit throw statement is redundant in this small example, more Note that the null check is redundant; if it were removed, the subsequent call to s.equals("") would throw a NullPointerException when s is null. However, the null check explicitly indicates the programmer's intent. More complex code may require explicit testing of invariants and appropriate throw statements.
Noncompliant Code Example
This noncompliant code example uses a broad specifies the Exception class in the throws clause of the method declaration of for the doSomething() method.:
| Code Block | ||
|---|---|---|
| 
 | ||
| 
private void doSomething() throws Exception {
  //...
}
 | 
Compliant Solution
To be compliant, be as specific as possible when declaring exceptions while continuing to respect the required abstraction level.This compliant solution declares a more specific exception class in the throws clause of the method declaration for the doSomething() method:
| Code Block | ||
|---|---|---|
| 
 | ||
| 
private void doSomething() throws IOException {
  //...
}
 | 
...
Exceptions
EXC13ERR07-J-EX0: Classes that sanitize exceptions to comply with a security policy are permitted to translate specific exceptions into more general exceptions. This translation could potentially result in throwing RuntimeException, Exception, or Exception Throwable in some cases, depending on the details requirements of the security policy.EXC13-EX1: Widely used pre-existing APIs whose previous versions contain methods that throw RuntimeException or Exception may continue to do so, to preserve backwards compatibility. We strongly encourage maintainers of such APIs to consider deprecating such methods, replacing them with methods that throw more specific exceptions.
Risk Assessment
Throwing RuntimeException and , Exception, or Throwable prevents classes from catching the intended exceptions without catching other unintended exceptions as well.
| Rule | Severity | Likelihood | 
|---|
| Detectable | Repairable | Priority | Level | 
|---|
| ERR07-J | 
| Low | Likely | 
| Yes | 
| No | P6 | L2 | 
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
Bibliography
| Wiki Markup | 
|---|
| \[[Goetz 2004b|AA. Bibliography#Goetz 04b]\]
\[[MITRE 2009|AA. Bibliography#MITRE 09]\] [CWE ID 397|http://cwe.mitre.org/data/definitions/397.html] "Declaration of Throws for Generic Exception", [CWE ID 537|http://cwe.mitre.org/data/definitions/537.html] "Information Leak Through Java Runtime Error Message"
\[[Tutorials 2008|AA. Bibliography#Tutorials 08]\] [Unchecked Exceptions — The Controversy|http://java.sun.com/docs/books/tutorial/essential/exceptions/runtime.html] | 
Automated Detection
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| CodeSonar | 
 | JAVA.STRUCT.EXCP.BROAD | Broad throws clause | ||||||
| Klocwork | 
 | EXC.BROADTHROWS | |||||||
| Parasoft Jtest | 
 | CERT.ERR07.NTX CERT.ERR07.NTERR | Avoid declaring methods to throw general or unchecked Exception types Do not throw exception types which are too general or are unchecked exceptions | ||||||
| SonarQube | 
 | S112 | Generic exceptions should never be thrown | 
Related Guidelines
Bibliography
...
EXC12-J. Do not log unsanitized user input 06. Exceptional Behavior (EXC) EXC14-J. Catch specific exceptions as opposed to the more general RuntimeException or Exception