BackPokémon is a legendary cartoon once upon a time. It became famous worldwide in the early 2000s and took place in the minds of many children. In recent years, it came to the fore again with the Pokémon GO game, and many people played it widely worldwide. People tried to catch a Pokémon on the streets with phones in their hands for a long time. The fact that people took to the streets and encouraged walking thanks to Pokémon GO was one of the positive comments about the game because mobile devices and computers had accustomed people to inactivity. Many entrepreneurs made Pokémon clothes, toys, and stickers, which left their mark on an era. Pokémon is the abbreviation of the phrase "Poketto Monsuta," which means "pocket monsters" in Japanese. The characters in the cartoon aim to catch all Pokémon, complete the Pokedex, and become the strongest Pokémon trainers.
So, what does all this have to do with software? One of the crucial issues of software development is error and exception handling. One of the responsibilities of software developers is to foresee possible problems and take precautions.
Trying to catch every exception using the general exception (or generic exception) is called Pokemon Catching. According to common opinion and best practices, using the general exception and catching all errors and exceptions in the same way is often the wrong approach. Software developers must catch and handle each exception separately, except for some cases.
According to many tools that analyze codes, using the general exception is a factor that decreases code quality.
It may be helpful to briefly explain the distinction between "error" and "exception";
An error is a critical situation that occurs when the user performs an unexpected action. It usually refers to system-level problems that developers cannot fix.
An exception is an event that occurs during program execution and disrupts the normal flow. It is usually an application-level anomaly that developers can catch and manage.
The only advantage of Pokemon Catching is that it reduces code complexity.
For example, a program has five exceptions: ArgumentNullException, WebException, InvalidCastException, OutOfMemoryException, and DivideByZeroException. In this case, we have two options to catch them:
try {
// do something
} catch(ArgumentNullException e) {
…
} catch(WebException e) {
...
} catch(InvalidCastException e) {
...
} catch(OutOfMemoryException e) {
...
} catch(DivideByZeroException e) {
...
}
or
try {
...
} catch(Exception e) {
...
}
Undoubtedly, in the second option, we see
a piece of code that is extremely easy to write. There is no other advantage of Pokemon Catching.
Simple and readable codes, away from complexity, are incredibly crucial, especially when large-scale software reaches thousands of lines of code. From this perspective, the second option is preferable due to the Clean Code approach. But the situation is a little different here. We can't sacrifice security to write clean code because when we catch all types of exceptions with Pokemon Catching method, we may cause security vulnerabilities and uncontrollable errors. Record number 397 in The Common Weakness Enumeration (CWE) relates to using the general exception, and its use is discouraged. A non-profit, US-based organization created for engineering and technical guidance called Mitre presents and manages this list. Software vulnerabilities are detected regularly and announced annually, and the CWE list is updated. The list in question is a significant reference point for systems that measure software quality. In this respect, if we want to write safe and robust codes, it would be beneficial to refrain from using Pokemon Catching and not try to catch every exception without thinking.
The opposite of the Pokemon approach is the Yoda approach. In this method, there is no place for try-catch blocks in your code based on the words of Yoda, the wise character of Star Wars, "do or do not, there is no try". Of course, there is no harm if we properly use the opportunities allowed by programming languages. The critical point is that whatever we do, let's do it knowingly and with awareness. Whether we want to catch Pokemon or listen to Yoda's philosophy, we can write secure and robust codes as long as we act by revealing the reasons and knowing the consequences. Resources: https://cwe.mitre.org/data/definitions/397 [Access date: 25.09.2023] https://samate.nist.gov/SSATTM_Content/papers/Seven%20Pernicious%20Kingdoms%20-%20Taxonomy%20of%20Sw%20Security%20Errors%20-%20Tsipenyuk%20-%20Chess%20-%20McGraw.pdf [Access date: 22.09.2023] https://www.infoworld.com/article/2073800/beware-the-dangers-of-generic-exceptions.html [Access date: 22.09.2023] https://doc.casthighlight.com/alt_genericcatches-avoid-generic-catch/#:~:text=In%20almost%20all%20cases%2C%20it's,in%20app%2Dlevel%20error%20handling. [Access date: 29.09.2023] https://softwareengineering.stackexchange.com/questions/164256/is-catching-general-exceptions-really-a-bad-thing [Access date: 29.09.2023] https://everything2.com/title/Yoda+Exception+Handling [Access date: 29.09.2023] https://www.siberguvenlik.web.tr/index.php/2022/05/30/mitre-attck-framework-nedir/ [Access date: 30.09.2023]
