# Resource Exhaustion via Exception Handling

- ID: javascript-resource-exhaustion-exceptions
- Severity: MEDIUM
- CWE: CWE-755 (CWE-755)
- Languages: JavaScript, TypeScript
- Frameworks: nodejs, express, fastify, nextjs

## Description

Detects code that allocates resources (files, connections, memory) within
try blocks but fails to release them in finally blocks or error paths.

When exceptions occur, resources may not be properly cleaned up, leading
to resource exhaustion, memory leaks, and denial of service.

## Detection Message

Resource at {location} may not be released when exceptions occur

## Remediation

Use finally blocks or try-with-resources pattern:

```javascript
// ✅ SAFE - Cleanup in finally
let connection;
try {
  connection = await db.getConnection();
  await connection.query(sql);
} catch (error) {
  logger.error('Query failed:', error);
  throw error;
} finally {
  if (connection) {
    await connection.release();
  }
}
```

## Documentation

[object Object]

## Related Rules

- **Incomplete Error Handling** [MEDIUM]: 
- **Security Check Failing Open** [HIGH]: 
- **Missing Exception Handling in Critical Operations** [MEDIUM]: