AttackFlow Findings Dictionary

Finding A Way To Try AttackFlow Enterprise Edition?

If so, click to download 15 days full version for free!

Ineffective Catch Block

Exception catch blocks with only logging may result in unstable system or denial of service

Severity

Low

Fix Cost

Medium

Trust Level

High

When handling an exception in catch blocks, we, developers, usually only log details with code such as below without thinking over what action should be taken further, too much;

            
try
{
String wholeFile = File.ReadAllText(path);
}
catch(IOException ioe)
{
logger.Error(ioe, “File exception occurred”, null);
}
                
    

Logging is an essential part of an exception handling, however, this is similar to ignoring the problem by without taking certain actions. For example, a resource acquired in the try block should have been released in the same catch block or better yet in a finally block.

Otherwise the resource will be reserved for an indeterminate amount of time, leaving system in possible denial of service situation.

When handling an exception in catch blocks, we, developers, usually only log details with code such as below without thinking over what action should be taken further, too much;

            
try
{
String wholeFile = FileUtils.readFileToString(path);
}
catch(IOException ioe)
{
LOGGER.log(Level.SEVERE, “File exception occurred”, ioe);
}
                
    

Logging is an essential part of an exception handling, however, this is similar to ignoring the problem by without taking certain actions. For example, a resource acquired in the try block should have been released in the same catch block or better yet in a finally block.

Otherwise the resource will be reserved for an indeterminate amount of time, leaving system in possible denial of service situation.

When handling an exception in catch blocks, we, developers, usually only log details with code such as below without thinking over what action should be taken further, too much;

            
try
{
String wholeFile = FileUtils.readFileToString(path);
}
catch(IOException ioe)
{
LOGGER.log(Level.SEVERE, “File exception occurred”, ioe);
}
                
    

Logging is an essential part of an exception handling, however, this is similar to ignoring the problem by without taking certain actions. For example, a resource acquired in the try block should have been released in the same catch block or better yet in a finally block.

Otherwise the resource will be reserved for an indeterminate amount of time, leaving system in possible denial of service situation.

Finding A Way To Purchase AttackFlow Enterprise Edition?

If so, click to buy now for yearly subscriptions!