mirror of
https://github.com/github/codeql.git
synced 2026-03-28 18:28:17 +01:00
37 lines
943 B
Plaintext
37 lines
943 B
Plaintext
/**
|
|
* @name Generic catch clause
|
|
* @description Catching all exceptions with a generic catch clause may be overly
|
|
* broad, which can make errors harder to diagnose.
|
|
* @kind problem
|
|
* @problem.severity recommendation
|
|
* @precision high
|
|
* @id cs/catch-of-all-exceptions
|
|
* @tags reliability
|
|
* maintainability
|
|
* external/cwe/cwe-396
|
|
*/
|
|
|
|
import csharp
|
|
import semmle.code.csharp.frameworks.System
|
|
|
|
class GenericCatchClause extends CatchClause {
|
|
GenericCatchClause() {
|
|
this instanceof GeneralCatchClause
|
|
or
|
|
this = any(SpecificCatchClause scc |
|
|
scc.getCaughtExceptionType() instanceof SystemExceptionClass and
|
|
not scc.hasFilterClause()
|
|
)
|
|
}
|
|
}
|
|
|
|
from GenericCatchClause gcc
|
|
where
|
|
forall(ThrowStmt throw |
|
|
// ok to catch all exceptions if they may be rethrown
|
|
gcc.getBlock().getAChildStmt+() = throw
|
|
|
|
|
exists(throw.getExpr())
|
|
)
|
|
select gcc, "Generic catch clause."
|