SIN 9CATCHING EXCEPTIONS

OVERVIEW OF THE SIN

Exception handling is an often misused feature of programming languages and operating systems. Basically, if something’s gone wrong, and you don’t know exactly how to correct it, then the only safe thing you can do is to exit the application. Trying to do anything else may lead to an unstable application, and an unstable application is typically some amount of work away from being an exploitable application.

Three related sins are Sin 11, “Failure to Handle Errors”; Sin 13, “Race Conditions”; and Sin 12, “Information Leakage.”

CWE REFERENCES

CWE also recognizes catching broad exceptions as an issue.

CWE-396: Declaration of Catch for Generic Exception

AFFECTED LANGUAGES

As is often the case, C and ...

Get 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.