[jira] [Resolved] (FINERACT-437) Fix security vulnerabilities of using generic exceptions and catching throwable and errors

[Shaik Nazeer Hussain (JIRA)]

     [ 
https://issues.apache.org/jira/browse/FINERACT-437?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Shaik Nazeer Hussain resolved FINERACT-437.
-------------------------------------------
       Resolution: Fixed
         Assignee: Santosh Math  (was: Markus Geiss)
    Fix Version/s: 1.1.0

> Fix security vulnerabilities of using generic exceptions and catching 
> throwable and errors
> ------------------------------------------------------------------------------------------
>
>                 Key: FINERACT-437
>                 URL: https://issues.apache.org/jira/browse/FINERACT-437
>             Project: Apache Fineract
>          Issue Type: Bug
>          Components: Accounting, Organization
>            Reporter: Thisura
>            Assignee: Santosh Math
>            Priority: Minor
>              Labels: gsoc2017
>             Fix For: 1.1.0
>
>
> There are two types of vulnerabilities related to exceptions reported by sonar
> 1. Generic exceptions should never be thrown
> [MITRE, CWE-397|http://cwe.mitre.org/data/definitions/397.html] - Declaration 
> of Throws for Generic Exception
> 2. Throwable and Error should not be caught
> [MITRE, CWE-396|http://cwe.mitre.org/data/definitions/396.html] - Declaration 
> of Catch for Generic Exception
> [CERT, ERR07-J|https://www.securecoding.cert.org/confluence/x/BoB3AQ] - Do 
> not throw RuntimeException, Exception, or Throwable
> The rationale behind these vulnerabilities are explained in above links. The 
> proposed solutions are as follows.
> 1. Generic exceptions should never be thrown =>  Define and throw a dedicated 
> exception instead of using a generic one.
> 2. Throwable and Error should not be caught => Catch Exception instead of 
> Throwable. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)