logo

Declaration of Catch for Generic Exception

Draft Base
Structure: Simple
Description

Catching overly broad exceptions promotes complex error handling code that is more likely to contain security vulnerabilities.

Extended Description

Multiple catch blocks can get ugly and repetitive, but "condensing" catch blocks by catching a high-level class like Exception can obscure exceptions that deserve special treatment or that should not be caught at this point in the program. Catching an overly broad exception essentially defeats the purpose of a language's typed exceptions, and can become particularly dangerous if the program grows and begins to throw new types of exceptions. The new exception types will not receive any attention.
Common Consequences 1
Scope: Non-RepudiationOther

Impact: Hide Activities

A generic exception can hide details about unexpected adversary activities by making it difficult to properly troubleshoot error conditions during execution.
Detection Methods 1
Automated Static AnalysisHigh
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
Demonstrative Examples 1
The following code excerpt handles three types of exceptions in an identical fashion.

Code Example:

Good
Java
java
At first blush, it may seem preferable to deal with these exceptions in a single catch block, as follows:

Code Example:

Bad
Java
java
However, if doExchange() is modified to throw a new type of exception that should be handled in some different kind of way, the broad catch block will prevent the compiler from pointing out the situation. Further, the new catch block will now also handle exceptions derived from RuntimeException such as ClassCastException, and NullPointerException, which is not the programmer's intent.
References 4
Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors
Katrina Tsipenyuk, Brian Chess, and Gary McGraw
NIST Workshop on Software Security Assurance Tools Techniques and MetricsNIST
07-11-2005
https://samate.nist.gov/SSATTM_Content/papers/Seven%20Pernicious%20Kingdoms%20-%20Taxonomy%20of%20Sw%20Security%20Errors%20-%20Tsipenyuk%20-%20Chess%20-%20McGraw.pdf
ID: REF-6
24 Deadly Sins of Software Security
Michael Howard, David LeBlanc, and John Viega
McGraw-Hill
2010
ID: REF-44
Automated Source Code Reliability Measure (ASCRM)
Object Management Group (OMG)
01-2016
http://www.omg.org/spec/ASCRM/1.0/
ID: REF-961
Automated Source Code Security Measure (ASCSM)
Object Management Group (OMG)
01-2016
http://www.omg.org/spec/ASCSM/1.0/
ID: REF-962
Applicable Platforms
Languages:
C++ : UndeterminedJava : UndeterminedC# : UndeterminedPython : Undetermined
Modes of Introduction
Implementation
Related Weaknesses
ChildOf: Incorrect Control Flow Scoping (CWE-705)
ChildOf: Improper Handling of Exceptional Conditions (CWE-755)
ChildOf: Information Loss or Omission (CWE-221)
Taxonomy Mapping
  • 7 Pernicious Kingdoms
  • Software Fault Patterns
  • OMG ASCSM
  • OMG ASCRM