You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@fineract.apache.org by "Thisura (JIRA)" <ji...@apache.org> on 2017/06/14 13:31:00 UTC
[jira] [Updated] (FINERACT-437) Fix security vulnerabilities of
using generic exceptions and catching throwable and errors
[ https://issues.apache.org/jira/browse/FINERACT-437?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Thisura updated FINERACT-437:
-----------------------------
Labels: gsoc2017 (was: )
> Fix security vulnerabilities of using generic exceptions and catching throwable and errors
> ------------------------------------------------------------------------------------------
>
> Key: FINERACT-437
> URL: https://issues.apache.org/jira/browse/FINERACT-437
> Project: Apache Fineract
> Issue Type: Bug
> Components: Accounting, Organization
> Reporter: Thisura
> Assignee: Markus Geiss
> Priority: Minor
> Labels: gsoc2017
>
> There are two types of vulnerabilities related to exceptions reported by sonar
> 1. Generic exceptions should never be thrown
> [MITRE, CWE-397|http://cwe.mitre.org/data/definitions/397.html] - Declaration of Throws for Generic Exception
> 2. Throwable and Error should not be caught
> [MITRE, CWE-396|http://cwe.mitre.org/data/definitions/396.html] - Declaration of Catch for Generic Exception
> [CERT, ERR07-J|https://www.securecoding.cert.org/confluence/x/BoB3AQ] - Do not throw RuntimeException, Exception, or Throwable
> The rationale behind these vulnerabilities are explained in above links. The proposed solutions are as follows.
> 1. Generic exceptions should never be thrown => Define and throw a dedicated exception instead of using a generic one.
> 2. Throwable and Error should not be caught => Catch Exception instead of Throwable.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)