Improper error handling can enable attacks and lead to unwanted behavior. Parts of the system may receive unintended input, which may result in altered control flow, arbitrary control of a resource, or arbitrary code execution.
1def error_handling_pass_noncompliant():
2 number = input("Enter number:\n")
3 try:
4 int(number)
5 except Exception:
6 # Noncompliant: has improper error handling.
7 pass
1def error_handling_continue_noncompliant():
2 number = input("Enter number:\n")
3 for i in range(10):
4 try:
5 int(number)
6 except Exception:
7 # Noncompliant: has improper error handling.
8 continue
1def error_handling_compliant():
2 number = input("Enter number:\n")
3 try:
4 int(number)
5 except ValueError:
6 # Compliant: has proper error handling.
7 print(number, "is not an integer.")