Delete java rule S112: 'Generic exceptions should never be thrown'

We’re using SonarQube Community Edition Version 9.3 (build 51899).

I’m keep getting bugged by java:S112, ’ Generic exceptions should never be thrown’ because I use ‘throws Exception’ several places. The suggestion to use a more specific exception type is not a good one as that will leak implementation details. The example for CWE-397 claims that it is important for all clients to know that the implementation is done using a SQL database and not a message queue. I don’t believe there are any real world scenarios where this is true. The entire rule should be removed.

Hello @blirp

Let me share my view on the topic:

The suggestion to use a more specific exception type is not a good one as that will leak implementation details.

I’m unsure about this claim. Using generic exceptions makes it less straightforward to know the kind of exceptions thrown, but you can not claim that it will hide implementation details, because the exception will be thrown at one point when using the method (otherwise, why bother declaring it?). It seems to me that you can guess the list by “playing” a bit with the method. In other words: it will not leak anything since the information is anyway not hidden.

Does it make sense to you?

I understand your position, but I’m not worried about the knowledge of the implementation. I worry about the dependency on the implementation. As I said, clients won’t care if the save is done using a SQL Database or a Message Queue. The declaration of a possible SQLException means clients depend on that RDBMS, and that the clients must recompile if the implementation changes to a Message Queue. That is not low coupling and it is not separation of concerns. IOW. this declaring of possible exceptions, is at odds with two vastly more powerful design principles. Therefore it should be discarded.