• Suppressing/ignoring checked exceptions
  • Disclosing sensitive information
  • Logging sensitive data
  • Restoring objects to prior state, if a method fails
  • Avoid using statements that suppress exceptions
  • Prevent access to untrusted code that terminates JVM
  • Never catch NullPointException
  • Never allow methods to throw RuntimeException, Exception, or Throwable
  • Never throw undeclared checked exceptions
  • Never let checked exceptions escape from finally block

Erroneous Exceptional Behaviors: Suppressing or Ignoring Checked Exceptions

  • java.lang.InterruptedException is thrown when a thread is interrupted while sleeping or waiting
  • The run() method of Runnable interface cannot throw a checked exception but should handle InterruptedException

Vulnerable Code

  • In the below example, code catches and suppresses InterruptedException
  • The run() method caller fails to check that an interrupted exception has occurred

Secure Code

  • In the below code, run() method appropriately catches the InterruptedException
  • It restores the status of the current thread by promptly calling interrupt() method

Erroneous Exceptional Behaviors: Suppressing or Ignoring Checked Exceptions (Cont’d)

Vulnerable Code

  • The code prints the exception’s stack trace
  • Exception’s stack trace is used for debugging purposes but it may also result in suppressing the exception
  • Printing the stack trace can provide information to attacker about the structure and state of the process
  • This code snippet does not evaluate the expressions or statements that occur after the try block throws exceptions

Secure Code

  • The secure code uses FileNotFoundException
  • It requests the user to specify the desired file name

Erroneous Exceptional Behaviors: Disclosing Sensitive Information

  • Throwing exceptions without filtering sensitive information may result in information leaks
  • It may provide attackers with information that can be used to perform further exploits

Vulnerable Code

  • The example code provides a user with contents and layout of the file system

Secure Code

  • The code implements the policy that only files in the c:/homepath can be accessed by the user
  • File.getCanonicalFile() method is also used to canonicalize the file subsequent path name

Erroneous Exceptional Behaviors: Disclosing Sensitive Information (Cont’d)

Vulnerable Code

  • The example code throws a general exception after a logged exception leaks the file system layout information to the attacker

Secure Code

  • The code implements the policy that only files in the c:\homepath\file1 and c:\homepath\file2 can be accessed by the user