Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

10. Exceptional Behavior (EXC)

Created by Dhruv Mohindra, last modified on Mar 06, 2009

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Recommendations

EXC00-J. Do not suppress or ignore checked exceptions

EXC01-J. Do not allow exceptions to transmit sensitive information

EXC02-J. Prevent exceptions while logging data

EXC03-J. Try to recover gracefully from system errors

EXC04-J. Prevent against inadvertent calls to System.exit() or forced shutdown

EXC05-J. Use a class dedicated to reporting exceptions

EXC06-J. Be wary of code that can throw undeclared checked exceptions

Rules

EXC30-J. Do not exit abruptly from a finally block

EXC31-J. Handle checked exceptions that can be thrown within a finally block

EXC32-J. Do not catch RuntimeException

EXC33-J. Do not throw RuntimeException or Exception

Risk Assessment Summary

Recommendations

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
EXC00-J	medium	probable	high	P4	L3
EXC01-J	medium	probable	high	P4	L3
EXC02-J	low	unlikely	high	P1	L3
EXC03-J	low	unlikely	medium	P2	L3
EXC04-J	low	unlikely	medium	P2	L3

Rules

Rules	Severity	Likelihood	Remediation Cost	Priority	Level
EXC30-J	low	unlikely	medium	P2	L3
EXC31-J	low	unlikely	medium	P2	L3

MET32-J. Ensure that constructors do not call overridable methods The CERT Sun Microsystems Secure Coding Standard for Java EXC00-J. Do not suppress or ignore checked exceptions

No labels