logo

Declaration of Catch for Generic Exception

Draft Base
Structure: Simple
Description

This weakness occurs when code catches a generic exception type like 'Exception' or 'Throwable', which can hide specific errors and create insecure error handling logic.

Extended Description

While it may seem cleaner to catch a broad exception like 'Exception' instead of writing multiple specific catch blocks, this practice is risky. It masks the true nature of errors, preventing you from handling different failure scenarios appropriately. Exceptions that deserve special recovery logic, or that shouldn't be caught at that point in the program, get lumped together and ignored. As your application evolves and starts throwing new, more specific exception types, this broad catch will silently swallow them all. This defeats the core purpose of a typed exception system, making your code less robust and secure over time. It often leads to complex, bug-prone error handling that can introduce vulnerabilities, as critical failures go unnoticed and unlogged.
Common Consequences 1
Scope: Non-RepudiationOther

Impact: Hide Activities

A generic exception can hide details about unexpected adversary activities by making it difficult to properly troubleshoot error conditions during execution.
Detection Methods 1
Automated Static AnalysisHigh
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
Demonstrative Examples 1
The following code excerpt handles three types of exceptions in an identical fashion.

Code Example:

Good
Java
java
At first blush, it may seem preferable to deal with these exceptions in a single catch block, as follows:

Code Example:

Bad
Java
java
However, if doExchange() is modified to throw a new type of exception that should be handled in some different kind of way, the broad catch block will prevent the compiler from pointing out the situation. Further, the new catch block will now also handle exceptions derived from RuntimeException such as ClassCastException, and NullPointerException, which is not the programmer's intent.
References 4
Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors
Katrina Tsipenyuk, Brian Chess, and Gary McGraw
NIST Workshop on Software Security Assurance Tools Techniques and MetricsNIST
07-11-2005
https://samate.nist.gov/SSATTM_Content/papers/Seven%20Pernicious%20Kingdoms%20-%20Taxonomy%20of%20Sw%20Security%20Errors%20-%20Tsipenyuk%20-%20Chess%20-%20McGraw.pdf
ID: REF-6
24 Deadly Sins of Software Security
Michael Howard, David LeBlanc, and John Viega
McGraw-Hill
2010
ID: REF-44
Automated Source Code Reliability Measure (ASCRM)
Object Management Group (OMG)
01-2016
http://www.omg.org/spec/ASCRM/1.0/
ID: REF-961
Automated Source Code Security Measure (ASCSM)
Object Management Group (OMG)
01-2016
http://www.omg.org/spec/ASCSM/1.0/
ID: REF-962
Applicable Platforms
Languages:
C++ : UndeterminedJava : UndeterminedC# : UndeterminedPython : Undetermined
Modes of Introduction
Implementation
Related Weaknesses
ChildOf: Incorrect Control Flow Scoping (CWE-705)
ChildOf: Improper Handling of Exceptional Conditions (CWE-755)
ChildOf: Information Loss or Omission (CWE-221)
Taxonomy Mapping
  • 7 Pernicious Kingdoms
  • Software Fault Patterns
  • OMG ASCSM
  • OMG ASCRM