FilesExpand file tree

 main

/

CatchingBaseException.ql

Copy path

BlameMore file actions

BlameMore file actions

Latest commit

 

History

History

History

30 lines (26 loc) · 834 Bytes

 main

/

CatchingBaseException.ql

Top

File metadata and controls

• Code
• Blame

30 lines (26 loc) · 834 Bytes

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

/**

* @name Except block handles 'BaseException'

* @description Handling 'BaseException' means that system exits and keyboard interrupts may be mis-handled.

* @kind problem

* @tags quality

* reliability

* error-handling

* external/cwe/cwe-396

* @problem.severity recommendation

* @sub-severity high

* @precision very-high

* @id py/catch-base-exception

*/

import python

import semmle.python.ApiGraphs

predicate doesnt_reraise(ExceptStmt ex) { ex.getAFlowNode().getBasicBlock().reachesExit() }

predicate catches_base_exception(ExceptStmt ex) {

ex.getType() = API::builtin("BaseException").getAValueReachableFromSource().asExpr()

or

not exists(ex.getType())

}

from ExceptStmt ex

where

catches_base_exception(ex) and

doesnt_reraise(ex)

select ex, "Except block directly handles BaseException."