# Improper Handling of Exceptional Conditions (CWE-755)

The product does not handle or incorrectly handles an exceptional condition.

**Stack:** JavaScript

- Prevalence: Média 3 linguagens cobertas
- Impact: Alto 1 regras de severidade alta
- Prevention: Documentada 4 exemplos de correção

**OWASP:** Insecure Design (A04:2021-Insecure Design) - #4

## Description

When exceptional conditions are not properly handled, the product may enter an undefined state, crash, or expose sensitive information. This can lead to denial of service, information disclosure, or unexpected behavior.

## Prevention

Estratégias de prevenção para Improper Handling of Exceptional Conditions baseadas em 1 regras de detecção do Shoulder.

### JavaScript

Use finally blocks to release resources (connections, file handles) on all code paths

## Warning Signs

- [MEDIUM] Resource at ... may not be released when exceptions occur
- [MEDIUM] code that allocates resources (files, connections, memory) within
try blocks but fails to release th

## Consequences

- DoS
- Ler dados da aplicação
- Executar código não autorizado

## Mitigations

- Antecipe todas as condições excepcionais potenciais e trate-as adequadamente
- Use blocos try-catch e mecanismos apropriados de tratamento de erros
- Falhe de forma segura quando ocorrer uma exceção

## Detection

- Total rules: 4
- Languages: go, javascript, typescript, python

## Rules by Language

### Javascript (1 rules)

- **Resource Exhaustion via Exception Handling** [MEDIUM]: Detects code that allocates resources (files, connections, memory) within
try blocks but fails to release them in finally blocks or error paths.

When exceptions occur, resources may not be properly cleaned up, leading
to resource exhaustion, memory leaks, and denial of service.
  - Remediation: Use finally blocks or try-with-resources pattern:

```javascript
// ✅ SAFE - Cleanup in finally
let connection;
try {
  connection = await db.getConnection();
  await connection.query(sql);
} catch (error) {
  logger.error('Query failed:', error);
  throw error;
} finally {
  if (connection) {
    await connection.release();
  }
}
```

### Typescript (1 rules)

- **Resource Exhaustion via Exception Handling** [MEDIUM]: Detects code that allocates resources (files, connections, memory) within
try blocks but fails to release them in finally blocks or error paths.

When exceptions occur, resources may not be properly cleaned up, leading
to resource exhaustion, memory leaks, and denial of service.
  - Remediation: Use finally blocks or try-with-resources pattern:

```javascript
// ✅ SAFE - Cleanup in finally
let connection;
try {
  connection = await db.getConnection();
  await connection.query(sql);
} catch (error) {
  logger.error('Query failed:', error);
  throw error;
} finally {
  if (connection) {
    await connection.release();
  }
}
```