Rule Definition
Exceptions are a mechanism to interrupt a program for signaling run-time anomalies in the code. In Python the common way for object type checking is to 'try' methods and properties. Thus well-defined exceptions are expected to appear and often the desired reaction is to silently ignore them.
A catch-all except clause (one that captures all types of exceptions) when not properly handled ascribes this behaviour to every exception, included the unexpected. This practice should be avoided because it hinders debugging.
Remediation
The exception must be handled correctly according to its type. If no exception type is declared or if a high-level cath-all exception type is used, the body of the exception block should execute specific code or inform if something wrong happened.
Violation Code Sample
>>> try:
>>> doSomething()
>>> except: # no exception type declared
>>> pass # empty handler
Fixed Code Sample
>>> # easy remediation
>>> try:
>>> doSomething()
>>> except:
>>> logging.debug("Someting happened")
>>> # better remediation
>>> try:
>>> doSomething()
>>> except SomeException as e:
>>> logging.debug("Something happened:" + e.error)
>>> except:
>>> logging.debug("Something unexpected happened ...")
Reference
CISQ OMG ASCRM-RLB-01
Related Technologies
Technical Criterion
PCI-DSS4-Requirement-6.2.4 - Software engineering techniques or other methods are defined and in use by software development personnel to prevent or mitigate common software attacks and related vulnerabilities
About CAST Appmarq
CAST Appmarq is by far the biggest repository of data about real IT systems. It's built on thousands of analyzed applications, made of 35 different technologies, by over 300 business organizations across major verticals. It provides IT Leaders with factual key analytics to let them know if their applications are on track.