Error Handling
One of the most frequent ways a penetration tester (or attacker!) tries to exploit security flaws in software is by providing a program with unexpected input to induce an error condition. Developers should always use error-handling techniques to detect and mitigate these situations.
Most modern programming languages use a construct known as a try..catch clause to perform error handling. The try clause specifies command(s) to be executed and the catch clause executes if those commands generate any errors. The commands in the catch clause “catch” the errors and handle them appropriately. Here’s some pseudocode for a try..catch clause:
try {
some commands
}
catch {
other commands executed only if there is an error
}
Bash
Bash does not provide an explicit error-handling functionality. Instead of relying upon a nice try..catch function, developers who wish to implement error handling in Bash must write their own error-handling routines using...