Empty Exception Block

Incomplete Variant

Structure: Simple

Description

An invokable code block contains an exception handling block that does not contain any code, i.e. is empty.

Extended Description

When an exception handling block (such as a Catch and Finally block) is used, but that block is empty, this can prevent the product from running reliably. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability.

Common Consequences 1

Scope: Other

Impact: Reduce Reliability

Potential Mitigations 1

Phase: Implementation

For every exception block add code that handles the specific exception in the way intended by the application.

Demonstrative Examples 1

ID : DX-213

In the following Java example, the code catches an ArithmeticException.

Code Example:Bad
Java
java

Since the exception block is empty, no action is taken.

In the code below the exception has been logged and the bad execution has been handled in the desired way allowing the program to continue in an expected way.

Code Example:Good
Java
java

References 1

Automated Source Code Reliability Measure (ASCRM)

Object Management Group (OMG)

01-2016

http://www.omg.org/spec/ASCRM/1.0/

ID: REF-961

Applicable Platforms

Languages:

Not Language-Specific : Undetermined

Related Weaknesses

ChildOf:

Empty Code Block (CWE-1071)

Taxonomy Mapping

OMG ASCRM