Details

      Description

      Our build-service task creates code like this:

      public DatabaseTablePersistenceImpl() {
      		setModelClass(DatabaseTable.class);		try {
      			Field field = BasePersistenceImpl.class.getDeclaredField(
      					"_dbColumnNames");			field.setAccessible(true);			Map<String, String> dbColumnNames = new HashMap<String, String>();			dbColumnNames.put("uuid", "uuid_");			field.set(this, dbColumnNames);
      		}
      		catch (Exception e) {
      			if (_log.isDebugEnabled()) {
      				_log.debug(e, e);
      			}
      		}
      	}
      

      Some code analyzers, Fortify in this case, say that the Catch method can be improved, as follows:

      Abstract:
      The catch block at DatabaseTablePersistenceImpl.java handles a broad swath of exceptions, potentially trapping dissimilar issues or problems that should not be dealt with at this point in the program.

      Explanation:
      Multiple catch blocks can get repetitive, but "condensing" catch blocks by catching a high-level class such as Exception can obscure exceptions that deserve special treatment or that should not be caught at this point in the program. Catching an overly broad exception essentially defeats the purpose of Java's typed exceptions, and can become particularly dangerous if the program grows and begins to throw new types of exceptions. The new exception types will not receive any attention.

      Example: The following code excerpt handles three types of exceptions in an identical fashion.

        try {
          doExchange();
        }
        catch (IOException e) {
          logger.error("doExchange failed", e);
        }
        catch (InvocationTargetException e) {
          logger.error("doExchange failed", e);
        }
        catch (SQLException e) {
          logger.error("doExchange failed", e);
        }
      

      However, if doExchange() is modified to throw a new type of exception that should be handled in some different kind of way, the broad catch block will prevent the compiler from pointing out the situation. Further, the new catch block will now also handle exceptions derived from RuntimeException such as ClassCastException, and NullPointerException, which is not the programmer's intent.

      Improving the Catch method as noted would help make our code align with stricter standards, such as with the Department of Defense.

        Attachments

          Activity

            People

            • Assignee:
              support-lep@liferay.com SE Support
              Reporter:
              christopher.lui Christopher Lui
            • Votes:
              1 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:

                Packages

                Version Package