Why you should care

When an exception occurs during programming, it is usually caught in a catch block. Empty catch is when an exception occurs but the program fails because nothing occurs. As a result, they are a common source for obtaining errors in the code, and then executing these errors. It is also inefficient since it catches nothing and executes nothing.

Business Impacts

Empty catch blocks are considered a risk from a business perspective as it can pose security issues. Risks can involve programmers and/or the company are unaware of the security being compromised.

Security Risk

CAST Recommendations

CAST Recommends enforcing a Style Guide for the company that strongly suggests avoiding the use of empty-catch blocks to solve a problem in the code. Instead teams should be encouraged to collaborate and work on the problem together through communication.

References

https://stackoverflow.com/questions/1234343/why-are-empty-catch-blocks-a-bad-idea

Style Guide

How we detect

This code insight shows that catching an exception provides robustness treatment or error management. A catch doing nothing can masks an error, allowing the program to pursue and ignore the problem.

Cloud Readiness

Versions & Deprecated Code

Ineffective use of the provided stack: Having an empty catch in the program can mask errors that can misinterpreted when migrating to the cloud.

About CAST and Highlight’s Code Insights

Over the last 25 years, CAST has leveraged unique knowledge on software quality measurement by analyzing thousands of applications and billions of lines of code. Based on this experience and community standards on programming best practices, Highlight implements hundreds of code insights across 15+ technologies to calculate health factors of a software.

See features How it works