CRITICAL
Rule Definition
Care must be taken if completion of a try-catch block occurs as a result of executing a return. If a finally block also returns a value, then that return supersedes any previous return in the try-catch block. Also, if an exception was thrown in the try or catch blocks that was not caught, then execution of a return in the finally block prevents the exception from being thrown to the caller (because it is not possible for the caller to simultaneously evaluate the return and catch the exception). This is also valid for break or continue instructions.
Violation Code Sample
try {
...
throw IllegalArgumentException();
}
finally {
// VIOLATION: the IllegalArgumentException will never be delivered to the caller. The finally block will cause the exception to be discarded.
return r;
}
Fixed Code Sample
try { ... throw IllegalArgumentException(); // the IllegalArgumentException will be delivered to the caller } finally { /* ... */ }
Reference
OWASP
http://www.owasp.org/index.php/Return_Inside_Finally_Block
CERT
https://www.securecoding.cert.org/confluence/display/java/ERR04-J.+Do+not+exit+abruptly+from+a+finally+block
Puzzle 36: Indecision from the book "Java Puzzlers: Traps, Pitfalls, and Corner Cases" By Joshua Bloch, Neal Gafter
http://www.javapuzzlers.com/
Related Technologies
JEE
Technical Criterion
Programming Practices - Error and Exception Handling
About CAST Appmarq
CAST Appmarq is by far the biggest repository of data about real IT systems. It's built on thousands of analyzed applications, made of 35 different technologies, by over 300 business organizations across major verticals. It provides IT Leaders with factual key analytics to let them know if their applications are on track.