# Detection of Error Condition Without Action (CWE-390)

The product detects a specific error, but takes no actions to handle the error.

- Prevalence: 中 1 言語をカバー
- Impact: ミディアム レビュー推奨
- Prevention: 文書化済み 1 件の修正例

**OWASP:** Insecure Design (A04:2021-Insecure Design) - #4

## Description

Empty catch blocks or error handlers that don't actually handle the error can mask problems and lead to undefined behavior. The product may continue operating in an error state, leading to crashes or security vulnerabilities.

## Prevention

1 件の Shoulder 検出ルールに基づく Detection of Error Condition Without Action の予防策。

### JavaScript

Log errors with context, respond to users, and propagate or handle appropriately

## Warning Signs

- [MEDIUM] Catch block at line ... has incomplete error handling
- [MEDIUM] empty catch blocks and incomplete error handling patterns that silently swallow errors

## Consequences

- DoS
- 未承認コードの実行
- アプリケーションデータの変更

## Mitigations

- エラーは少なくともログ記録するなど、常に適切に処理する
- 適切なエラーリカバリまたはフェイルセーフ動作を実装する
- 空の例外ハンドラを検出するためにリンターを使用する

## Detection

- Total rules: 1
- Languages: javascript, typescript

## Rules by Language

### Javascript (1 rules)

- **Incomplete Error Handling** [MEDIUM]: Detects empty catch blocks and incomplete error handling patterns that silently swallow errors.
  - Remediation: Implement proper error handling with recovery, logging, and user feedback.

### Typescript (1 rules)

- **Incomplete Error Handling** [MEDIUM]: Detects empty catch blocks and incomplete error handling patterns that silently swallow errors.
  - Remediation: Implement proper error handling with recovery, logging, and user feedback.