# Improper Handling of Exceptional Conditions (CWE-755)

The product does not handle or incorrectly handles an exceptional condition.

**Stack:** JavaScript

- Prevalence: Media 3 lenguajes cubiertos
- Impact: Alto 1 reglas de severidad alta
- Prevention: Documentada 4 ejemplos de corrección

**OWASP:** Insecure Design (A04:2021-Insecure Design) - #4

## Description

When exceptional conditions are not properly handled, the product may enter an undefined state, crash, or expose sensitive information. This can lead to denial of service, information disclosure, or unexpected behavior.

## Prevention

Estrategias de prevención para Improper Handling of Exceptional Conditions basadas en 1 reglas de detección de Shoulder.

### JavaScript

Use finally blocks to release resources (connections, file handles) on all code paths

## Warning Signs

- [MEDIUM] Resource at ... may not be released when exceptions occur
- [MEDIUM] code that allocates resources (files, connections, memory) within
try blocks but fails to release th

## Consequences

- DoS
- Leer datos de la aplicación
- Ejecutar código no autorizado

## Mitigations

- Anticipa todas las condiciones excepcionales potenciales y manéjalas adecuadamente
- Usa bloques try-catch y mecanismos adecuados de manejo de errores
- Falla de forma segura cuando ocurra una excepción

## Detection

- Total rules: 4
- Languages: go, javascript, typescript, python

## Rules by Language

### Javascript (1 rules)

- **Resource Exhaustion via Exception Handling** [MEDIUM]: Detects code that allocates resources (files, connections, memory) within
try blocks but fails to release them in finally blocks or error paths.

When exceptions occur, resources may not be properly cleaned up, leading
to resource exhaustion, memory leaks, and denial of service.
  - Remediation: Use finally blocks or try-with-resources pattern:

```javascript
// ✅ SAFE - Cleanup in finally
let connection;
try {
  connection = await db.getConnection();
  await connection.query(sql);
} catch (error) {
  logger.error('Query failed:', error);
  throw error;
} finally {
  if (connection) {
    await connection.release();
  }
}
```

### Typescript (1 rules)

- **Resource Exhaustion via Exception Handling** [MEDIUM]: Detects code that allocates resources (files, connections, memory) within
try blocks but fails to release them in finally blocks or error paths.

When exceptions occur, resources may not be properly cleaned up, leading
to resource exhaustion, memory leaks, and denial of service.
  - Remediation: Use finally blocks or try-with-resources pattern:

```javascript
// ✅ SAFE - Cleanup in finally
let connection;
try {
  connection = await db.getConnection();
  await connection.query(sql);
} catch (error) {
  logger.error('Query failed:', error);
  throw error;
} finally {
  if (connection) {
    await connection.release();
  }
}
```