New CWE listing?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

New CWE listing?

G. Ann Campbell

I work for SonarSource SA, the makers of SonarQube, and I'm working to map our rule repository to the CWE. 

In doing so, I noticed that CWE-705, Incorrect Control Flow Scoping, has as a child CWE-584, Return Inside Finally Block

What it does not have as a child, and what I do not see in CWE at all, is Exceptions should not be thrown in "finally" blocks, which has the same bad effects as a "return" in a "finally".

So... I'm hoping that bringing this issue up here is the proper first step to getting the latter added to the CWE. If not, what is?


G. Ann CAMPBELL | SonarSource
Product Owner