Empty Exception Block
An invokable code block contains an exception handling block that does not contain any code, i.e. is empty.
When an exception handling block (such as a Catch and Finally block) is used, but that block is empty, this can prevent the product from running reliably. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability.
The following examples help to illustrate the nature of this weakness and describe methods or techniques which can be used to mitigate the risk.
Note that the examples here are by no means exhaustive and any given weakness may have many subtle varieties, each of which may require different detection methods or runtime controls.
In the following Java example, the code catches an ArithmeticException.
Since the exception block is empty, no action is taken.
In the code below the exception has been logged and the bad execution has been handled in the desired way allowing the program to continue in an expected way.
Weaknesses in this category are related to poor coding practices.
Weaknesses in this category are related to the CISQ Quality Measures for Reliability, as documented in 2016 with the Automated Source Code CISQ Reliability Measure (AS...
This view (slice) covers all the elements in CWE.
CWE identifiers in this view (slice) are quality issues that only indirectly make it easier to introduce a vulnerability and/or make the vulnerability more difficult t...