Uploaded image for project: 'Apache Fineract'
  1. Apache Fineract
  2. FINERACT-437

Fix security vulnerabilities of using generic exceptions and catching throwable and errors

    XMLWordPrintableJSON

    Details

      Description

      There are two types of vulnerabilities related to exceptions reported by sonar

      1. Generic exceptions should never be thrown
      MITRE, CWE-397 - Declaration of Throws for Generic Exception

      2. Throwable and Error should not be caught
      MITRE, CWE-396 - Declaration of Catch for Generic Exception
      CERT, ERR07-J - Do not throw RuntimeException, Exception, or Throwable

      The rationale behind these vulnerabilities are explained in above links. The proposed solutions are as follows.

      1. Generic exceptions should never be thrown => Define and throw a dedicated exception instead of using a generic one.

      2. Throwable and Error should not be caught => Catch Exception instead of Throwable.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                santoshmath Santosh Math
                Reporter:
                thisura Thisura
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: