The method throws a generic exception making it harder for callers to do a good job of error handling and recovery.
Declaring a method to throw Exception
or Throwable
makes it difficult for callers to do good error handling and error recovery. Java's exception mechanism is set up to make it easy for callers to anticipate what can go wrong and write code to handle each specific exceptional circumstance. Declaring that a method throws a generic form of exception defeats this system.
Example: The following method throws three types of exceptions.
public void doExchange()
throws IOException, InvocationTargetException,
SQLException {
...
}
public void doExchange()
throws Exception {
...
}
doExchange()
introduces a new type of exception that should be treated differently than previous exceptions, there is no easy way to enforce this requirement.
[1] Standards Mapping - OWASP Top 10 2007 - (OWASP 2007) A6 Information Leakage and Improper Error Handling
[2] Standards Mapping - OWASP Top 10 2004 - (OWASP 2004) A7 Improper Error Handling
[3] Standards Mapping - Security Technical Implementation Guide Version 3 - (STIG 3) APP3120 CAT II
[4] Standards Mapping - FIPS200 - (FISMA) AU
[5] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 397
[6] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 - (PCI 1.2) Requirement 6.3.1.2, Requirement 6.5.6
[7] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0 - (PCI 2.0) Requirement 6.5.5
[8] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 - (PCI 1.1) Requirement 6.5.7