# Declaration of Catch for Generic Exception (CWE-396)

Catching overly broad exceptions defeats the purpose of typed exceptions and can result in unexpected behavior.

- Prevalence: 특정 1개 언어 지원
- Impact: 보통 검토 권장
- Prevention: 문서화됨 1개의 수정 예시

**OWASP:** Insecure Design (A04:2021-Insecure Design) - #4

## Description

When exceptions are caught too broadly (e.g., catching Exception instead of specific types), the code may inadvertently catch and suppress exceptions it wasn't designed to handle, hiding bugs or security issues.

## Prevention

### Python

Catch specific exceptions instead of bare except: or except BaseException

## Warning Signs

- [LOW] overly broad exception handlers (bare except: or except BaseException)
that catch system exceptions 

## Consequences

- DoS
- 활동 은폐

## Mitigations

- 처리 방법을 아는 구체적인 예외 타입만 catch하세요
- 제대로 처리할 수 없는 예외는 다시 throw 하세요
- 예상치 못한 예외는 다시 throw 하기 전에 로그에 남기세요

## Detection

- Total rules: 1
- Languages: python

## Rules by Language

### Python (1 rules)

- **Overly Broad Exception Handler** [LOW]: Detects overly broad exception handlers (bare except: or except BaseException)
that catch system exceptions like KeyboardInterrupt, SystemExit, which should
not be caught in normal error handling.
  - Remediation: Catch specific exceptions or use Exception instead of bare except or BaseException.

```python
try:
    process_data()
except ValueError as e:
    logger.error(f"Invalid value: {e}")
except IOError as e:
    logger.error(f"IO error: {e}")
```

Learn more: https://shoulder.dev/learn/python/cwe-396/broad-exception