RFR: 8316964: Security tools should not call System.exit [v3]
Valerie Peng
valeriep at openjdk.org
Wed Oct 18 17:33:36 UTC 2023
On Mon, 16 Oct 2023 14:32:33 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> src/java.security.jgss/windows/classes/sun/security/krb5/internal/tools/Ktab.java line 82:
>>
>>> 80: }
>>> 81:
>>> 82: private static class ExitException extends RuntimeException {
>>
>> If we want to use ExitException as internal exception, perhaps it's easier to not extending RuntimeException? This way we can rely on compiler to flag all methods which throw it and handle it accordingly.
>
> Well, not sure if makes code simpler. For the 3 tools where `ExitException` is used, all `run` methods explicitly catch it and returns the exit code. Therefore it's not likely to be ignored. On the other hand, if I make it a checked exception, I would need to add a lot (more than 10) of `throws ExitException` in methods where it could be thrown and they are noises to this code change. After all, `ExitException` is unrecoverable and IMO should be a `RuntimeException`.
Yes, it comes with a price. It's up to you then.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/15951#discussion_r1364236882
More information about the security-dev
mailing list