Why you should care
Using return, break, throw, and continue from a finally block overwrites similar statements from the suspended try and catch blocks.How we detect
CAST Highlight counts one occurrence each time a jump statement (break, continue, return and throw) would force control flow to leave a finally block. Bad Codetry {
console.log('test')
}
catch(e) {
console.log(e);
}
finally{
throw new Error('Something bad happened'); // Noncompliant
}
function foo() {
try {
return 1; // We expect 1 to be returned
} catch(err) {
return 2; // Or 2 in cases of error
}
}
References
https://wiki.sei.cmu.edu/confluence/display/java/ERR04-J.+Do+not+complete+abruptly+from+a+finally+block https://owasp.org/www-community/vulnerabilities/Return_Inside_Finally_BlockAbout CAST and Highlight’s Code Insights
Over the last 25 years, CAST has leveraged unique knowledge on software quality measurement by analyzing thousands of applications and billions of lines of code. Based on this experience and community standards on programming best practices, Highlight implements hundreds of code insights across 15+ technologies to calculate health factors of a software.
For reference only. For the complete details please refer the original article
https://doc.casthighlight.com/alt_outoffinallyjumps-the-code-contains-too-many-jump-instructions-that-derive-the-control-flow-out-of-a-finally-structure/
https://doc.casthighlight.com/alt_outoffinallyjumps-the-code-contains-too-many-jump-instructions-that-derive-the-control-flow-out-of-a-finally-structure/
Comments