Original exception should be preserved when rethrowing a new exception

mikolg · April 3, 2026, 10:00am

Why is this an issue?

When catching an exception and throwing a new one without passing the original exception as a cause, the original stack trace and context are lost.

This leads to:

Loss of valuable debugging information (root cause, stack trace)
Increased difficulty in diagnosing production issues
Reduced observability in logs and monitoring systems

In Java, exception chaining is supported via constructors that accept a Throwable cause or via initCause(). Not using this mechanism breaks the exception propagation chain.

What is the impact?

Debugging becomes significantly harder because the root cause is hidden
Logging systems and APM tools cannot reconstruct the full failure path
Error handling logic higher in the stack may behave incorrectly due to missing context
In distributed systems, tracing failures becomes much more complex

What could happen in case of a successful attack?

While this is primarily a reliability issue, in security-sensitive contexts it may:

Obscure the origin of failures caused by malicious input
Make it harder to detect exploitation patterns
Complicate forensic analysis after an incident

Noncompliant Code Example

try {
    process();
} catch (SomeException e) {
    throw new AnotherException("error text");
}

Compliant Code Example

try {
    process();
} catch (SomeException e) {
    throw new AnotherException("error text", e);
}

ganncamp · April 6, 2026, 11:29am

Hi,

Welcome to the community and thanks for this report!

I think we already have a rule that fits this bill. Can you take a look at java:S1166 and see if it will work for your case?

Thx,
Ann

mikolg · April 6, 2026, 12:05pm

Oh, I see—you’re right.

But please check next example. This rule does not detect that the original exception is not used when CommonException is created.

} catch (Throwable e) {
    if (isRollbackNeeded(e)) {
        try {
            client.rollback(sessionId, "operation failed: " + e.getMessage());
        } catch (Throwable rollbackException) {
            throw rollbackFailed(e, rollbackException);
        }
    }
    throw new CommonException(
            Errors.INTERNAL_SERVER_ERROR.getCode() + ": " +
            Errors.INTERNAL_SERVER_ERROR.getDescription()
    );
}

ganncamp · April 6, 2026, 12:34pm

Hi,

Fair point and thanks for the example. Can you give your context for this? I.e. are you on SonarQube Cloud? SonarQube for IDE (flavor and version)? SonarQube self-managed (flavor and version)?

Thx,
Ann

mikolg · April 7, 2026, 1:46am

We are using self hosted Community Build
v26.3.0.120487

ganncamp · April 7, 2026, 11:59am

Hi,

Thanks for confirming you’re on a current version. I’ve flagged this for the language experts.

Ann

asya.vorobeva · April 8, 2026, 11:17am

Hi @mikolg,

Thanks a lot for your finding! I could reproduce the issue, and created a JIRA ticket to fix the problem.

Topic		Replies	Views
S1166 blind at exception concatenation Report False-positive / False-negative... java	4	824	November 26, 2019
S2139 should not be triggered for this specific case Report False-positive / False-negative... java , sonarqube	7	4430	April 6, 2022
Split S1166 to two rules: logger vs. new exception New rules / language support java	2	1350	January 30, 2019
False positive for Rule java:S1166 Report False-positive / False-negative... java , sonarqube-cloud	5	1316	March 7, 2023
Either log or rethrow this exception due to multiple exceptions? SonarQube Server / Community Build	2	1371	November 16, 2023