# Detection of Error Condition Without Action (CWE-390)

The product detects a specific error, but takes no actions to handle the error.

- Prevalence: Mittel 1 Sprachen abgedeckt
- Impact: Mittel Review empfohlen
- Prevention: Dokumentiert 1 Fix-Beispiele

**OWASP:** Insecure Design (A04:2021-Insecure Design) - #4

## Description

Empty catch blocks or error handlers that don't actually handle the error can mask problems and lead to undefined behavior. The product may continue operating in an error state, leading to crashes or security vulnerabilities.

## Prevention

Präventionsstrategien für Detection of Error Condition Without Action basierend auf 1 Shoulder-Erkennungsregeln.

### JavaScript

Log errors with context, respond to users, and propagate or handle appropriately

## Warning Signs

- [MEDIUM] Catch block at line ... has incomplete error handling
- [MEDIUM] empty catch blocks and incomplete error handling patterns that silently swallow errors

## Consequences

- DoS
- Nicht autorisierten Code ausführen
- Anwendungsdaten ändern

## Mitigations

- Fehler immer angemessen behandeln, sei es nur durch Logging
- Geeignete Fehlerwiederherstellung oder Fail-Safe-Verhalten umsetzen
- Linting-Tools nutzen, um leere Exception-Handler zu erkennen

## Detection

- Total rules: 1
- Languages: javascript, typescript

## Rules by Language

### Javascript (1 rules)

- **Incomplete Error Handling** [MEDIUM]: Detects empty catch blocks and incomplete error handling patterns that silently swallow errors.
  - Remediation: Implement proper error handling with recovery, logging, and user feedback.

### Typescript (1 rules)

- **Incomplete Error Handling** [MEDIUM]: Detects empty catch blocks and incomplete error handling patterns that silently swallow errors.
  - Remediation: Implement proper error handling with recovery, logging, and user feedback.