coverity&fortify1--Poor Error Handling: Overly Broad Catch

1.Alarm description:

Multiple catch blocks look ugly and cumbersome, but using a "concise" catch block to capture high-level exception classes (such as Exception) may confuse exceptions that require special handling, or catch exceptions that should not be caught. The exception is caught at this point in the program. In essence, catching exceptions that are too large in scope defeats the purpose of "Java class-defined exceptions".

2. Risk:

This approach can be very dangerous when new exceptions are thrown as the program grows. New exception types will not be noticed.

3.Example:

try{
    //IOoperation
    //
}
catch(Exception ex){
    Log(ex);
}

Fortify recommends that you handle possible exceptions separately. Because different types of exceptions require different handling methods, you should enumerate all possible exceptions in try{} and then handle them separately. The correct code is as follows:

try {
    //IOoperation
    //
}
catch (IOException e) {
    logger.error("doExchange failed", e);
}
catch (InvocationTargetException e) {
    logger.error("doExchange failed", e);
}
catch (SQLException e) {
    logger.error("doExchange failed", e);
}

　

The above is the detailed content of coverity&fortify1--Poor Error Handling: Overly Broad Catch. For more information, please follow other related articles on the PHP Chinese website!