Home >Java >javaTutorial >coverity&fortify1--Poor Error Handling: Overly Broad Catch

coverity&fortify1--Poor Error Handling: Overly Broad Catch

PHP中文网
PHP中文网Original
2017-07-15 18:12:183718browse

1.Alarm description:

Multiple catch blocks look ugly and cumbersome, but using a "concise" catch block to capture high-level exception classes (such as Exception) may confuse exceptions that require special handling, or catch exceptions that should not be caught. The exception is caught at this point in the program. In essence, catching exceptions that are too large in scope defeats the purpose of "Java class-defined exceptions".


2. Risk:

This approach can be very dangerous when new exceptions are thrown as the program grows. New exception types will not be noticed.

3.Example:

try{
    //IOoperation
    //
}
catch(Exception ex){
    Log(ex);
}

Fortify recommends that you handle possible exceptions separately. Because different types of exceptions require different handling methods, you should enumerate all possible exceptions in try{} and then handle them separately. The correct code is as follows:

try {
    //IOoperation
    //
}
catch (IOException e) {
    logger.error("doExchange failed", e);
}
catch (InvocationTargetException e) {
    logger.error("doExchange failed", e);
}
catch (SQLException e) {
    logger.error("doExchange failed", e);
}

 

The above is the detailed content of coverity&fortify1--Poor Error Handling: Overly Broad Catch. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn