You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@curator.apache.org by "Lavoie, John L" <jo...@optum.com> on 2014/03/10 22:15:45 UTC

Raising of raw Exceptions (HP Fortify SCA issues)

We have recently started including references to Curator in our code.  We run all of our own code through Fortify SCA for static analysis.  Fortify is not happy that our calls to Curator raise exceptions of the type Exception and is complaining about "Overly broad Catch".   Is there a reason Curator needs to throw such broad exceptions as opposed to the underlying exception that was really raised?

As an example, here is a utility method I've created, which Fortify doesn't like.
    public PathChildrenCache getCacheForPath(String requestedPath) {
        PathChildrenCache cache = new PathChildrenCache(client, requestedPath, true);
        try {
            cache.start(StartMode.BUILD_INITIAL_CACHE);
        } catch (Exception e) {
            LOG.error(e);
              // reraise goes here
        }
        return cache;
    }

John

This e-mail, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or entity
to which it is addressed. If the reader of this e-mail is not the intended
recipient or his or her authorized agent, the reader is hereby notified
that any dissemination, distribution or copying of this e-mail is
prohibited. If you have received this e-mail in error, please notify the
sender by replying to this message and delete this e-mail immediately.

Re: Raising of raw Exceptions (HP Fortify SCA issues)

Posted by John Vines <vi...@apache.org>.

I've brought this up before (https://issues.apache.org/jira/browse/
CURATOR-29 <https://sqrrldata.atlassian.net/browse/CURATOR-29> ), but was
closed as a 'style' difference.


On Mon, Mar 10, 2014 at 5:15 PM, Lavoie, John L <jo...@optum.com>wrote:

>  We have recently started including references to Curator in our code.
> We run all of our own code through Fortify SCA for static analysis.
> Fortify is not happy that our calls to Curator raise exceptions of the type
> Exception and is complaining about "Overly broad Catch".   Is there a
> reason Curator needs to throw such broad exceptions as opposed to the
> underlying exception that was really raised?
>
>
>
> As an example, here is a utility method I've created, which Fortify
> doesn't like.
>
>     *public* PathChildrenCache getCacheForPath(String requestedPath) {
>
>         PathChildrenCache cache = *new* PathChildrenCache(client,
> requestedPath, *true*);
>
>         *try* {
>
>             cache.start(StartMode.BUILD_INITIAL_CACHE);
>
>         } *catch* (Exception e) {
>
>             LOG.error(e);
>
>               // reraise goes here
>
>         }
>
>         *return* cache;
>
>     }
>
>
>
> John
>
>
> This e-mail, including attachments, may include confidential and/or
> proprietary information, and may be used only by the person or entity
> to which it is addressed. If the reader of this e-mail is not the intended
> recipient or his or her authorized agent, the reader is hereby notified
> that any dissemination, distribution or copying of this e-mail is
> prohibited. If you have received this e-mail in error, please notify the
> sender by replying to this message and delete this e-mail immediately.
>