ABSTRACT

Ignoring an exception can cause the program to overlook unexpected states and conditions.

EXPLANATION

Just about every serious attack on a software system begins with the violation of a programmer's assumptions. After the attack, the programmer's assumptions seem flimsy and poorly founded, but before an attack many programmers would defend their assumptions well past the end of their lunch break.

Two dubious assumptions that are easy to spot in code are "this function call can never fail" and "it doesn't matter if this call fails". When a programmer ignores an exception, they implicitly state that they are operating under one of these assumptions.

Example 1: The following code ignores several exceptions that could be thrown while executing the insert statement.


PROCEDURE do_it_all
IS
BEGIN
BEGIN
INSERT INTO table1 VALUES(...);
COMMIT;
EXCEPTION
WHEN OTHERS THEN NULL;
END;
END do_it_all;


An exception could be thrown because the table does not exist, a required value is not provided, or some other reason. If a failure occurs, there is no way to tell because the procedure will not report the failure or record what type of failure has occurred.

REFERENCES

[1] Standards Mapping - OWASP Top 10 2007 - (OWASP 2007) A6 Information Leakage and Improper Error Handling

[2] Standards Mapping - OWASP Top 10 2004 - (OWASP 2004) A7 Improper Error Handling

[3] Standards Mapping - Security Technical Implementation Guide Version 3 - (STIG 3) APP3120 CAT II

[4] Standards Mapping - FIPS200 - (FISMA) AU

[5] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 391

[6] Steven Feuerstein Oracle PL/SQL Best Practices O'Reilly

[7] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 - (PCI 1.2) Requirement 6.3.1.2, Requirement 6.5.6

[8] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0 - (PCI 2.0) Requirement 6.5.5

[9] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 - (PCI 1.1) Requirement 6.5.7