# Improper Handling of Exceptional Conditions (CWE-755)

The product does not handle or incorrectly handles an exceptional condition.

**Stack:** JavaScript

- Prevalence: 보통 3개 언어 지원
- Impact: 높음 1개의 높은 심각도 규칙
- Prevention: 문서화됨 4개의 수정 예시

**OWASP:** Insecure Design (A04:2021-Insecure Design) - #4

## Description

When exceptional conditions are not properly handled, the product may enter an undefined state, crash, or expose sensitive information. This can lead to denial of service, information disclosure, or unexpected behavior.

## Prevention

1개의 Shoulder 탐지 규칙을 기반으로 한 Improper Handling of Exceptional Conditions 예방 전략.

### JavaScript

Use finally blocks to release resources (connections, file handles) on all code paths

## Warning Signs

- [MEDIUM] Resource at ... may not be released when exceptions occur
- [MEDIUM] code that allocates resources (files, connections, memory) within
try blocks but fails to release th

## Consequences

- DoS
- 애플리케이션 데이터 읽기
- 승인되지 않은 코드 실행

## Mitigations

- 발생 가능한 모든 예외 상황을 예측하고 적절히 처리하세요
- try-catch 블록과 적절한 오류 처리 메커니즘을 사용하세요
- 예외 발생 시 안전하게 실패하도록 처리하세요

## Detection

- Total rules: 4
- Languages: go, javascript, typescript, python

## Rules by Language

### Javascript (1 rules)

- **Resource Exhaustion via Exception Handling** [MEDIUM]: Detects code that allocates resources (files, connections, memory) within
try blocks but fails to release them in finally blocks or error paths.

When exceptions occur, resources may not be properly cleaned up, leading
to resource exhaustion, memory leaks, and denial of service.
  - Remediation: Use finally blocks or try-with-resources pattern:

```javascript
// ✅ SAFE - Cleanup in finally
let connection;
try {
  connection = await db.getConnection();
  await connection.query(sql);
} catch (error) {
  logger.error('Query failed:', error);
  throw error;
} finally {
  if (connection) {
    await connection.release();
  }
}
```

### Typescript (1 rules)

- **Resource Exhaustion via Exception Handling** [MEDIUM]: Detects code that allocates resources (files, connections, memory) within
try blocks but fails to release them in finally blocks or error paths.

When exceptions occur, resources may not be properly cleaned up, leading
to resource exhaustion, memory leaks, and denial of service.
  - Remediation: Use finally blocks or try-with-resources pattern:

```javascript
// ✅ SAFE - Cleanup in finally
let connection;
try {
  connection = await db.getConnection();
  await connection.query(sql);
} catch (error) {
  logger.error('Query failed:', error);
  throw error;
} finally {
  if (connection) {
    await connection.release();
  }
}
```