-
Type:
Bug
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 1.1.0
-
Component/s: Accounting, Organization
-
Labels:
There are two types of vulnerabilities related to exceptions reported by sonar
1. Generic exceptions should never be thrown
MITRE, CWE-397 - Declaration of Throws for Generic Exception
2. Throwable and Error should not be caught
MITRE, CWE-396 - Declaration of Catch for Generic Exception
CERT, ERR07-J - Do not throw RuntimeException, Exception, or Throwable
The rationale behind these vulnerabilities are explained in above links. The proposed solutions are as follows.
1. Generic exceptions should never be thrown => Define and throw a dedicated exception instead of using a generic one.
2. Throwable and Error should not be caught => Catch Exception instead of Throwable.
- links to