BaseDraft

CWE-397Declaration of Throws for Generic Exception

Category: other

Description

The product throws or raises an overly broad exceptions that can hide important details and produce inappropriate responses to certain conditions. Declaring a method to throw Exception or Throwable promotes generic error handling procedures that make it difficult for callers to perform proper error handling and error recovery. For example, Java's exception mechanism makes it easy for callers to anticipate what can go wrong and write code to handle each specific exceptional circumstance. Declaring that a method throws a generic form of exception defeats this system.

Common consequences· 1

  • Non-Repudiation / Other — Hide Activities, Alter Execution Logic
    Throwing a generic exception can hide details about unexpected adversary activities by making it difficult to properly troubleshoot error conditions during execution.

References

  1. https://cwe.mitre.org/data/definitions/397.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Declaration of Catch for Generic Exception
CWE
Improper Cleanup on Thrown Exception
CWE
Insufficient Documentation of Error Handling Techniques
CWE
Missing Standardized Error Handling Mechanism
CWE
Improper Handling of Exceptional Conditions
CWE
Improper Following of Specification by Caller
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.