Having problems with your account or logging in?
A lot of changes are happening in the community right now. Some may affect you. READ MORE HERE
Highlighted
Valued Contributor.. sswargam Valued Contributor..
Valued Contributor..
2988 views

Poor Error Handling: Throw Inside Finally is not relevant for try-with-resources statements

Fortify SCA is flagging an issue with Poor Error Handling: Throw Inside Finally and should be a flase positive.

At a minimum, the compiler expects the IOException from Closeable.close() on the try-with-resources statement to be handled when used without catch or finally block.

Fortify SCA 16.10 scan:

TryResourcesFPR_SCA-16-10.png

Fortify SCA 17.20 scan:TryResourcesFPR_SCA-17-20.png

The resolution does not make sense. Poor Error Handling: Throw Inside Finally is Not an Issue when it flags on try-with-resources statement. (Note: Fortify SCA 16.10 has this on a different line)

resolvedMethod() example suggestion resolves the Fortify finding.. Though resolvedMethod() example does not handle exception elegantly​, it however is a non-passive code change when compared to flaggedMethod() semantics..

Can you confirm it is a false postive and will there be a patch for this?

Labels (1)
Tags (1)
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.