Database Reference
In-Depth Information
• Static analysis:
◦ FindBugs:
http://findbugs.sourceforge.net/
Return inside the finally block
The vulnerability code for the
return
statement inside the
finally
block is
EH05
.
All errors that might occur or are thrown in the
try
block will be ignored by the
return
statement in the
finally
block:
Object ObjectHandlingMethod() {
Object o = null;
....
try {
o = MethodErrorThrower();
}
finally {
CleanUpRoutines();
return o;
}
}
Object HandlerErrorThrower(){
...
if (size == 0) {
throw new EmptyStackException();
}
catch{
logerror()
}
...
}
An exception is thrown in the other method, called from the core class. An error was
caught and even properly logged, but it wasn't propagated back to the caller. The
return
statement in the
finally
block is choking any exceptions, making the code not only un-
safe, but also very hard to maintain.
Search WWH ::
Custom Search