Category: SEI CERT Oracle Secure Coding Standard for Java - Guidelines 07. Exceptional Behavior (ERR)
Stable
Summary
Weaknesses in this category are related to the rules and recommendations in the Exceptional Behavior (ERR) section of the SEI CERT Oracle Secure Coding Standard for Java.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-248 | Uncaught Exception | An exception is thrown from a function, but it is not caught. |
| CWE-382 | J2EE Bad Practices: Use of System.exit() | A J2EE application uses System.exit(), which also shuts down its container. |
| CWE-397 | Declaration of Throws for Generic Exception | The product throws or raises an overly broad exceptions that can hide important details and produce inappropriate responses to certain conditions. |
| CWE-459 | Incomplete Cleanup | The product does not properly "clean up" and remove temporary or supporting resources after they have been used. |
| CWE-460 | Improper Cleanup on Thrown Exception | The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow. |
| CWE-584 | Return Inside Finally Block | The code has a return statement inside a finally block, which will cause any thrown exception in the try block to be discarded. |
| CWE-703 | Improper Check or Handling of Exceptional Conditions | The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product. |
| CWE-705 | Incorrect Control Flow Scoping | The product does not properly return control flow to the proper location after it has completed a task or detected an unusual condition. |
| CWE-754 | Improper Check for Unusual or Exceptional Conditions | The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product. |
| CWE-1133 | Weaknesses Addressed by the SEI CERT Oracle Coding Standard for Java | CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the online wiki that reflects that current rules and recommendations of the SEI CERT Oracle Coding Standard for Java. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.