Why you should care
Using return, break, throw, and continue from a finally block overwrites similar statements from the suspended try and catch blocks.
How we detect
CAST Highlight counts one occurrence each time a jump statement (break, continue, return and throw) would force control flow to leave a finally block.
Bad Code
try {
console.log('test')
}
catch(e) {
console.log(e);
}
finally{
throw new Error('Something bad happened'); // Noncompliant
}
Good Code
function foo() {
try {
return 1; // We expect 1 to be returned
} catch(err) {
return 2; // Or 2 in cases of error
}
}
References
https://wiki.sei.cmu.edu/confluence/display/java/ERR04-J.+Do+not+complete+abruptly+from+a+finally+block
https://owasp.org/www-community/vulnerabilities/Return_Inside_Finally_Block
https://owasp.org/www-community/vulnerabilities/Return_Inside_Finally_Block

About CAST and Highlight’s Code Insights
Over the last 25 years, CAST has leveraged unique knowledge on software quality measurement by analyzing thousands of applications and billions of lines of code. Based on this experience and community standards on programming best practices, Highlight implements hundreds of code insights across 15+ technologies to calculate health factors of a software.
