TRY100¶

Use of a try … except block where the except block does not contain anything other than comments and a continue statement is considered bad security practice.

Whilst an attacker may be trying to exploit exceptions in your code, you should, at the very least, log these exceptions.

Example¶

try:
    do_things
except ThisBadException:
    # do nothing!
    continue

Fixes¶

Fix the reason why the exception occurs
Consider using a raise from statement
Add logging to the except blog

Fork me on GitHub