Poor Error Handling: Throw Inside Finally is not relevant for try-with-resources statements
Fortify SCA is flagging an issue with Poor Error Handling: Throw Inside Finally and should be a flase positive.
At a minimum, the compiler expects the IOException from Closeable.close() on the try-with-resources statement to be handled when used without catch or finally block.
Fortify SCA 16.10 scan:
Fortify SCA 17.20 scan:
The resolution does not make sense. Poor Error Handling: Throw Inside Finally is Not an Issue when it flags on try-with-resources statement. (Note: Fortify SCA 16.10 has this on a different line)
resolvedMethod() example suggestion resolves the Fortify finding.. Though resolvedMethod() example does not handle exception elegantly, it however is a non-passive code change when compared to flaggedMethod() semantics..
Can you confirm it is a false postive and will there be a patch for this?