# Improper Handling of Exceptional Conditions (CWE-755)

The product does not handle or incorrectly handles an exceptional condition.

**Stack:** JavaScript

- Prevalence: Mittel 3 Sprachen abgedeckt
- Impact: Hoch 1 Regeln mit hohem Schweregrad
- Prevention: Dokumentiert 4 Fix-Beispiele

**OWASP:** Insecure Design (A04:2021-Insecure Design) - #4

## Description

When exceptional conditions are not properly handled, the product may enter an undefined state, crash, or expose sensitive information. This can lead to denial of service, information disclosure, or unexpected behavior.

## Prevention

Präventionsstrategien für Improper Handling of Exceptional Conditions basierend auf 1 Shoulder-Erkennungsregeln.

### JavaScript

Use finally blocks to release resources (connections, file handles) on all code paths

## Warning Signs

- [MEDIUM] Resource at ... may not be released when exceptions occur
- [MEDIUM] code that allocates resources (files, connections, memory) within
try blocks but fails to release th

## Consequences

- DoS
- Anwendungsdaten lesen
- Nicht autorisierten Code ausführen

## Mitigations

- Alle potenziellen Ausnahmebedingungen vorhersehen und angemessen behandeln
- try-catch-Blöcke und geeignete Fehlerbehandlungsmechanismen verwenden
- Bei einer Ausnahme sicher fehlschlagen

## Detection

- Total rules: 4
- Languages: go, javascript, typescript, python

## Rules by Language

### Javascript (1 rules)

- **Resource Exhaustion via Exception Handling** [MEDIUM]: Detects code that allocates resources (files, connections, memory) within
try blocks but fails to release them in finally blocks or error paths.

When exceptions occur, resources may not be properly cleaned up, leading
to resource exhaustion, memory leaks, and denial of service.
  - Remediation: Use finally blocks or try-with-resources pattern:

```javascript
// ✅ SAFE - Cleanup in finally
let connection;
try {
  connection = await db.getConnection();
  await connection.query(sql);
} catch (error) {
  logger.error('Query failed:', error);
  throw error;
} finally {
  if (connection) {
    await connection.release();
  }
}
```

### Typescript (1 rules)

- **Resource Exhaustion via Exception Handling** [MEDIUM]: Detects code that allocates resources (files, connections, memory) within
try blocks but fails to release them in finally blocks or error paths.

When exceptions occur, resources may not be properly cleaned up, leading
to resource exhaustion, memory leaks, and denial of service.
  - Remediation: Use finally blocks or try-with-resources pattern:

```javascript
// ✅ SAFE - Cleanup in finally
let connection;
try {
  connection = await db.getConnection();
  await connection.query(sql);
} catch (error) {
  logger.error('Query failed:', error);
  throw error;
} finally {
  if (connection) {
    await connection.release();
  }
}
```