CWE-397: Declaration of Throws for Generic Exception
ID
CWE-397
Abstraction
Base
Structure
Simple
Status
Draft
Throwing overly broad exceptions promotes complex error handling code that is more likely to contain security vulnerabilities.
Declaring a method to throw Exception or Throwable makes it difficult for callers to perform proper error handling and error recovery. Java's exception mechanism, for example, is set up to make it easy for callers to anticipate what can go wrong and write code to handle each specific exceptional circumstance. Declaring that a method throws a generic form of exception defeats this system.
Modes of Introduction
| Phase | Note |
|---|---|
| Implementation |
Applicable Platforms
| Type | Class | Name | Prevalence |
|---|---|---|---|
| Language | C++ | ||
| Language | Java | ||
| Language | C# |
Relationships
| View | Weakness | |||||||
|---|---|---|---|---|---|---|---|---|
| # ID | View | Status | # ID | Name | Abstraction | Structure | Status | |
| CWE-1000 | Research Concepts | Draft | CWE-705 | Incorrect Control Flow Scoping | Class | Simple | Incomplete | |
| CWE-1000 | Research Concepts | Draft | CWE-221 | Information Loss or Omission | Class | Simple | Incomplete | |
| CWE-1000 | Research Concepts | Draft | CWE-703 | Improper Check or Handling of Exceptional Conditions | Pillar | Simple | Incomplete | |
Loading...