Methods must not throw RuntimeException or Exception. Handling these exceptions requires catching RuntimeException, which is disallowed by rule ERR14-J. Do not catch NullPointerException or any of its ancestors. Moreover, throwing a RuntimeException can lead to subtle errors; for example, a caller cannot examine the exception to determine why it was thrown and consequently cannot attempt recovery.
Methods can throw a specific exception subclassed from Exception or RuntimeException. Note that it is permissible to construct an exception class specifically for a single throw statement.
The isCapitalized() method in this noncompliant code example accepts a string and returns true when it consists of a capital letter followed by lowercase letters. The method also throws a RuntimeException when passed a null string argument.
boolean isCapitalized(String s) {
if (s == null) {
throw new RuntimeException("Null String");
}
if (s.equals("")) {
return true;
}
String first = s.substring(0, 1);
String rest = s.substring(1);
return (first.equals(first.toUpperCase()) &&
rest.equals(rest.toLowerCase()));
}
|
A calling method must also violate rule ERR14-J. Do not catch NullPointerException or any of its ancestors to determine if the RuntimeException was thrown.
This compliant solution throws the (NullPointerException) to denote the specific exceptional condition.
boolean isCapitalized(String s) {
if (s == null) {
throw new NullPointerException();
}
if (s.equals("")) {
return true;
}
String first = s.substring(0, 1);
String rest = s.substring(1);
return (first.equals(first.toUpperCase()) &&
rest.equals(rest.toLowerCase()));
}
|
Note that the null check is redundant; if it were removed, the next call (s.equals("")) will throw a NullPointerException when s is null. However, the explicit null check is a good form because it explicitly indicates the programmer's intent. More complex code may require explicit testing of invariants and appropriate throw statements.
This noncompliant code example specifies the Exception class in the throws clause of the method declaration for the doSomething() method.
private void doSomething() throws Exception {
//...
}
|
This compliant solution declares a specific exception in the throws clause of the method declaration for the doSomething() method.
private void doSomething() throws IOException {
//...
}
|
EXC07-EX0: Classes that sanitize exceptions to comply with a security policy are permitted to translate specific exceptions into more general exceptions. This translation could potentially result in throwing RuntimeException or Exception in some cases, depending on the details of the security policy.
Throwing RuntimeException and Exception prevents classes from catching the intended exceptions without catching other unintended exceptions as well.
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
ERR07-J |
low |
likely |
medium |
P6 |
L2 |
CWE-397, "Declaration of Throws for Generic Exception" |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="55a3be35-9821-480f-8cf5-7bc192e21d08"><ac:plain-text-body><![CDATA[ |
[[Goetz 2004b |
AA. Bibliography#Goetz 04b]] |
|
]]></ac:plain-text-body></ac:structured-macro> |
|
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b809af42-ec49-452f-93a6-4707b4b9bb73"><ac:plain-text-body><![CDATA[ |
[[Tutorials 2008 |
AA. Bibliography#Tutorials 08]] |
[Unchecked Exceptions — The Controversy |
http://java.sun.com/docs/books/tutorial/essential/exceptions/runtime.html] |
]]></ac:plain-text-body></ac:structured-macro> |
ERR06-J. Do not let code throw undeclared checked exceptions 06. Exceptional Behavior (ERR)