[ https://issues.apache.org/jira/browse/FINERACT-437?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Shaik Nazeer Hussain resolved FINERACT-437. ------------------------------------------- Resolution: Fixed Assignee: Santosh Math (was: Markus Geiss) Fix Version/s: 1.1.0 > Fix security vulnerabilities of using generic exceptions and catching > throwable and errors > ------------------------------------------------------------------------------------------ > > Key: FINERACT-437 > URL: https://issues.apache.org/jira/browse/FINERACT-437 > Project: Apache Fineract > Issue Type: Bug > Components: Accounting, Organization > Reporter: Thisura > Assignee: Santosh Math > Priority: Minor > Labels: gsoc2017 > Fix For: 1.1.0 > > > There are two types of vulnerabilities related to exceptions reported by sonar > 1. Generic exceptions should never be thrown > [MITRE, CWE-397|http://cwe.mitre.org/data/definitions/397.html] - Declaration > of Throws for Generic Exception > 2. Throwable and Error should not be caught > [MITRE, CWE-396|http://cwe.mitre.org/data/definitions/396.html] - Declaration > of Catch for Generic Exception > [CERT, ERR07-J|https://www.securecoding.cert.org/confluence/x/BoB3AQ] - Do > not throw RuntimeException, Exception, or Throwable > The rationale behind these vulnerabilities are explained in above links. The > proposed solutions are as follows. > 1. Generic exceptions should never be thrown => Define and throw a dedicated > exception instead of using a generic one. > 2. Throwable and Error should not be caught => Catch Exception instead of > Throwable. -- This message was sent by Atlassian JIRA (v6.4.14#64029)