Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

17. Exceptional Behavior (EXC)

Created by Dhruv Mohindra, last modified by Robert Seacord (Manager) on Jun 08, 2010

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Guidelines

EXC00-J. Do not suppress or ignore checked exceptions

EXC01-J. Use a class dedicated to reporting exceptions

EXC02-J. Use exceptions only for exceptional conditions

EXC03-J. Use a logging API to log critical security exceptions

EXC04-J. Do not exit abruptly from a finally block

EXC05-J. Handle checked exceptions that can be thrown within a finally block

EXC06-J. Do not allow exceptions to transmit sensitive information

EXC07-J. Prevent exceptions while logging data

EXC08-J. Try to gracefully recover from system errors

EXC09-J. Prevent inadvertent calls to System.exit() or forced shutdown

EXC10-J. Do not let code throw undeclared checked exceptions

EXC11-J. Restore prior object state on method failure

EXC12-J. Do not allow unsanitized user input to be logged

EXC13-J. Throw specific exceptions as opposed to the more general RuntimeException or Exception

EXC14-J. Catch specific exceptions as opposed to the more general RuntimeException or Exception

EXC15-J. Do not catch NullPointerException

Risk Assessment Summary

Recommendations

Guideline	Severity	Likelihood	Remediation Cost	Priority	Level
EXC00- J	low	probable	medium	P4	L3
EXC01- J	medium	likely	high	P6	L2
EXC02- J	low	unlikely	medium	P2	L3
EXC03- J	low	probable	low	P6	L2
EXC04- J	low	probable	medium	P4	L3
EXC05- J	low	unlikely	medium	P2	L3
EXC06- J	medium	probable	high	P4	L3
EXC07- J	medium	likely	high	P6	L2
EXC08- J	low	unlikely	medium	P2	L3
EXC09- J	low	unlikely	medium	P2	L3
EXC10- J	low	unlikely	high	P1	L3
EXC11- J	low	probable	high	P2	L3
EXC12- J	medium	probable	medium	P8	L2
EXC13- J	low	likely	medium	P6	L2
EXC14- J	low	likely	medium	P6	L2
EXC15- J	medium	unlikely	medium	P4	L3

MET16-J. Ensure that the clone method calls super.clone The CERT Oracle Secure Coding Standard for Java EXC00-J. Do not suppress or ignore checked exceptions

No labels