EXC00-J. Do not suppress or ignore checked exceptions
EXC01-J. Do not allow exceptions to transmit sensitive information
EXC02-J. Prevent exceptions while logging data
EXC03-J. Try to recover gracefully from system errors
EXC04-J. Prevent against inadvertent calls to System.exit() or forced shutdown
EXC05-J. Use a class dedicated to reporting exceptions
EXC06-J. Do not let code throw undeclared checked exceptions
EXC07-J. Restore prior object state on method failure
EXC08-J. Use a logging API to log critical security exceptions
EXC30-J. Do not exit abruptly from a finally block
EXC31-J. Handle checked exceptions that can be thrown within a finally block
EXC32-J. Do not catch RuntimeException
EXC33-J. Do not throw RuntimeException or Exception
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
EXC00- J |
low |
probable |
medium |
P4 |
L3 |
EXC01- J |
medium |
probable |
high |
P4 |
L3 |
EXC02- J |
medium |
likely |
high |
P6 |
L2 |
EXC03- J |
low |
unlikely |
medium |
P2 |
L3 |
EXC04- J |
low |
unlikely |
medium |
P2 |
L3 |
EXC05- J |
medium |
likely |
high |
P6 |
L2 |
EXC06- J |
low |
unlikely |
high |
P1 |
L3 |
EXC07- J |
low |
probable |
high |
P2 |
L3 |
EXC08- J |
low |
probable |
low |
P6 |
L2 |
Rules |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
EXC30- J |
low |
probable |
medium |
P4 |
L3 |
EXC31- J |
low |
unlikely |
medium |
P2 |
L3 |
EXC32- J |
low |
likely |
medium |
P6 |
L2 |
EXC33- J |
low |
likely |
medium |
P6 |
L2 |
MET35-J. Ensure that the clone method calls super.clone The CERT Sun Microsystems Secure Coding Standard for Java EXC00-J. Do not suppress or ignore checked exceptions