Why you should care

Exception handling is the process in JSP to handle runtime errors. Any number of exceptions can arise when JSP page is executed. Without defining or declaring the errors, the error is not undeclared and is left unverified causing it have security risks and flawed resiliency which is not ideal for the code.

Business Impacts

It is recommended to declare an error page so that the code has fewer security risks which boosts code resiliency.

Production Risk

CAST Recommendations

References

https://docs.oracle.com/cd/E19159-01/819-3669/bnalq/index.html
https://docs.oracle.com/cd/E19316-01/819-3669/bnahi/index.html

Style Guide

How we detect

This code insight shows while a thrown exception’s stack trace proves extremely useful for developers when debugging their code, it is rarely desirable to share an entire exception stack trace with the software’s users.
Lengthy stack traces are not aesthetically pleasing and can increase security risks by exposing information that does not need to be released. JSPs allow developers to catch and handle exceptions in the code, resulting in more secure and aesthetically pleasing exception handling.

About CAST and Highlight’s Code Insights

Over the last 25 years, CAST has leveraged unique knowledge on software quality measurement by analyzing thousands of applications and billions of lines of code. Based on this experience and community standards on programming best practices, Highlight implements hundreds of code insights across 15+ technologies to calculate health factors of a software.

See features How it works