TRY100¶

Use of a try … except block where the except block does not contain anything other than comments and a continue statement is considered bad security practice.

Whilst an attacker may be trying to exploit exceptions in your code, you should, at the very least, log these exceptions.

Some runtime errors that may be caused by insufficient permissions should not be allowed to continue control flow, and should stop execution of the program.

This will only apply to the generic explicit Exception except type, or an empty except type.

Example¶

This is bad

try:
    do_things
except Exception:
    # do nothing!
    continue

This is also bad

try:
    do_things
except:
    # do nothing!
    continue

Fixes¶

Fix the reason why the exception occurs
Consider using a raise from statement
Add logging to the except blog

PyCharm Python Security plugin

Navigation

TRY100¶

Example¶

Fixes¶