1.7 KiB
try_except_pass
Description
Errors in Python code bases are typically communicated using
Exceptions
. An exception object is 'raised' in the event of
an error and can be 'caught' at a later point in the program, typically
some error handling or logging action will then be performed.
However, it is possible to catch an exception and silently ignore it. This is illustrated with the following example
try:
do_some_stuff()except Exception:
pass
This pattern is considered bad practice in general, but also represents a potential security issue. A larger than normal volume of errors from a service can indicate an attempt is being made to disrupt or interfere with it. Thus errors should, at the very least, be logged.
There are rare situations where it is desirable to suppress errors,
but this is typically done with specific exception types, rather than
the base Exception class (or no type). To accommodate this, the test may
be configured to ignore 'try, except, pass' where the exception is
typed. For example, the following would not generate a warning if the
configuration option checked_typed_exception
is set to
False:
try:
do_some_stuff()except ZeroDivisionError:
pass
Available Since
- Bandit v0.13.0
Config Options
try_except_pass:
check_typed_exception: True
Sample Output
>> Issue: Try, Except, Pass detected.
Severity: Low Confidence: High
Location: ./examples/try_except_pass.py:4
3 a = 1
4 except:
5 pass