Database Reference
In-Depth Information
◦ JProfiler: http://www.ej-technologies.com/products/jprofiler/over-
view.html
• Static analysis:
◦ FindBugs: http://findbugs.sourceforge.net/
Return inside the finally block
The vulnerability code for the return statement inside the finally block is EH05 .
All errors that might occur or are thrown in the try block will be ignored by the return
statement in the finally block:
Object ObjectHandlingMethod() {
Object o = null;
....
try {
o = MethodErrorThrower();
}
finally {
CleanUpRoutines();
return o;
}
}
Object HandlerErrorThrower(){
...
if (size == 0) {
throw new EmptyStackException();
}
catch{
logerror()
}
...
}
An exception is thrown in the other method, called from the core class. An error was
caught and even properly logged, but it wasn't propagated back to the caller. The return
statement in the finally block is choking any exceptions, making the code not only un-
safe, but also very hard to maintain.
Search WWH ::




Custom Search