CT: Be wary of letting constructors throw exceptions. (CT_CONSTRUCTOR_THROW)[](https://spotbugs.readthedocs.io/en/stable/bugDescriptions.html#ct-be-wary-of-letting-constructors-throw-exceptions-ct-constructor-throw)
Classes that throw exceptions in their constructors are vulnerable to Finalizer attacks

A finalizer attack can be prevented, by declaring the class final, using an empty finalizer declared as final, or by a clever use of a private constructor.

See [SEI CERT Rule OBJ-11](https://wiki.sei.cmu.edu/confluence/display/java/OBJ11-J.+Be+wary+of+letting+constructors+throw+exceptions) for more information.

public class BankOperations {
    public BankOperations() {
      this(performSSNVerification());
    }
   
    private BankOperations(boolean secure) {
      // secure is always true
      // Constructor without any security checks
    }
   
    private static boolean performSSNVerification() {
      // Returns true if data entered is valid, else throws a SecurityException
      // Assume that the attacker just enters invalid SSN, so this method always throws the exception
      throw new SecurityException("Invalid SSN!");
    }
   
    // ...remainder of BankOperations class definition
  }

[ERROR] Medium: Exception thrown in class org.apache.commons.io.BankOperations at new org.apache.commons.io.BankOperations() will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. [org.apache.commons.io.BankOperations, org.apache.commons.io.BankOperations] At BankOperations.java:[line 5]At BankOperations.java:[line 5] CT_CONSTRUCTOR_THROW