Sebastien Lannez informed me...

There is an issue/bad security practice in one of the class. I discovered it because it caused application crashes in one of our secure environment.

ParserATNSimulator.java (line 273)

public static final boolean TURN_OFF_LR_LOOP_ENTRY_BRANCH_OPT = boolean.parseBoolean(System.getenv("TURN_OFF_LR_LOOP_ENTRY_BRANCH_OPT"));

This line should be rewritten such that it catches SecurityException. Acessing environment variables is sometime forbidden in secure environment (like PCI compliant system…). The code change should be as simple as doing:

public static final boolean TURN_OFF_LR_LOOP_ENTRY_BRANCH_OPT = boolean.parseBoolean(getSafeEnv("TURN_OFF_LR_LOOP_ENTRY_BRANCH_OPT"));

and then :

public static String getSafeEnv(String envName) {
   try {
     return = System.getenv("TURN_OFF_LR_LOOP_ENTRY_BRANCH_OPT"));
   } catch(SecurityException e) {
     // do nothing
   }
   return "";
 }

Note that you could also want to catch all Exception…

I can't properly catch the exception and resume execution because it occurs in your library. If I catch it, then I can't resume where it was thrown.

For this particular security issue (retrieving an environment variable), if you are not allowed to do it, then it is just fine to use the default value given it is also the expected behavior when the environment variable is missing.

Only when there is no fallback or default behavior the Security Exception must be handled by the calling app (for example when the lib is trying to access a file that is not located in a permitted folder but required for the lib to execute properly).