Except block handles ‘BaseException’¶
ID: py/catch-base-exception Kind: problem Severity: recommendation Precision: very-high Tags: - reliability - readability - convention - external/cwe/cwe-396 Query suites: - python-security-and-quality.qls
Click to see the query in the CodeQL repository
All exception classes in Python derive from
BaseException has three important subclasses,
Exception from which all errors and normal exceptions derive,
KeyboardInterrupt which is raised when the user interrupts the program from the keyboard and
SystemExit which is raised by the
sys.exit() function to terminate the program.
SystemExit are special they should not be grouped together with other
BaseException, rather than its subclasses may prevent proper handling of
SystemExit. It is easy to catch
BaseException accidentally as it is caught implicitly by an empty
SystemExit separately. Do not use the plain
In these examples, a function
application.main() is called that might raise
SystemExit. In the first two functions,
BaseException is caught, but this will discard
KeyboardInterrupt. In the third function,
SystemExit is caught, leaving
KeyboardInterrupt to propagate.
In these examples
KeyboardInterrupt is accidentally ignored.
def call_main_program_implicit_handle_base_exception(): try: #application.main calls sys.exit() when done. application.main() except Exception as ex: log(ex) except: pass def call_main_program_explicit_handle_base_exception(): try: #application.main calls sys.exit() when done. application.main() except Exception as ex: log(ex) except BaseException: pass def call_main_program_fixed(): try: #application.main calls sys.exit() when done. application.main() except Exception as ex: log(ex) except SystemExit: pass
Python Language Reference: The try statement, Exceptions.
M. Lutz, Learning Python, Section 35.3: Exception Design Tips and Gotchas, O’Reilly Media, 2013.
Python Tutorial: Errors and Exceptions.
Common Weakness Enumeration: CWE-396.