Vulnerability

Exceptions should not be ignored

Description

    The rule "Exceptions should not be ignored" in PL/SQL code means that any errors or exceptions that occur during the execution of the code should be handled properly. This means that the code should include appropriate exception handling blocks to catch any errors that may occur. The code should also include appropriate logging and error messages to ensure that any errors are properly recorded and reported. This rule is important to ensure that any errors that occur during the execution of the code are handled properly and do not cause any unexpected or undesired behavior.

Key Benefits

  • Improved Error Handling : Exceptions should not be ignored as they provide an effective way to handle errors and prevent the application from crashing.
  • Better Debugging : Ignoring exceptions can make it difficult to debug the application. By not ignoring exceptions, developers can easily identify the source of the error and fix it quickly.
  • Enhanced Security : Ignoring exceptions can lead to security vulnerabilities. By not ignoring exceptions, developers can ensure that the application is secure and protected from malicious attacks.

 

Non-compliant Code Example

DECLARE errorLog_ EXCEPTION; 
BEGIN
	FOR i IN 1 .. CUSTOMER_TABLE.COUNT
		LOOP
			IF CUSTOMER_TABLE(i) IS NOT NULL THEN
				DBMS_OUTPUT.PUT( i || ' = (' || CUSTOMER_TABLE(i).Name || ', ' || CUSTOMER_TABLE(i).PhoneNumber || ')' );
			END IF;
		END LOOP;
EXCEPTION
  WHEN ERRORS THEN
	RETURN;                 --Non compliant code (Exception is ignored by simply returning)
END CUSTOMER_TABLE_ITERATION;

Compliant Code Example

BEGIN
	FOR i IN 1 .. CUSTOMER_TABLE.COUNT
		LOOP
			IF CUSTOMER_TABLE(i) IS NOT NULL THEN
				DBMS_OUTPUT.PUT( i || ' = (' || CUSTOMER_TABLE(i).Name || ', ' || CUSTOMER_TABLE(i).PhoneNumber || ')' );
			END IF;
		END LOOP;
EXCEPTION
  WHEN ERRORS THEN
	Log_Errors ( 'Error Log...' || Chr(10) ||
		DBMS_UTILITY.FORMAT_ERROR_STACK() );
    Log_Errors ( 'Error Log...' || Chr(10) ||
		DBMS_UTILITY.FORMAT_ERROR_BACKTRACE() );
    DBMS_OUTPUT.PUT_LINE ( '----------' );
    RAISE;                  --Compliant code (Process error properly)
END CUSTOMER_TABLE_ITERATION;
Visual Expert 2023
 VEPLSQLRULE24