# Empty Exception Block (CWE-1069)

An exception block is empty, which swallows the exception and prevents proper error handling.

- Prevalence: Medium 1 language covered
- Impact: Medium Review recommended
- Prevention: Documented 1 fix examples

**OWASP:** Insecure Design (A04:2021-Insecure Design) - #4

## Description

Empty catch blocks hide errors and make debugging difficult. They can also mask security issues by silently catching and ignoring exceptions that should be handled or logged.

## Prevention

Prevention strategies for Empty Exception Block based on 1 Shoulder detection rules.

### Node.js

Add error logging or re-throwing to catch blocks to avoid silencing failures

## Warning Signs

- [MEDIUM] Empty catch block at ... silently swallows exceptions
- [MEDIUM] empty catch blocks that silently swallow exceptions without
any error handling, logging, or recovery

## Consequences

- Hide Activities
- DoS

## Mitigations

- Always handle or log exceptions in catch blocks
- If ignoring an exception is intentional, add a comment explaining why
- Use static analysis to detect empty exception handlers

## Detection

- Total rules: 1
- Languages: javascript, typescript

## Rules by Language

### Javascript (1 rules)

- **Empty Catch Block** [MEDIUM]: Detects empty catch blocks that silently swallow exceptions without
any error handling, logging, or recovery logic.

Empty catch blocks hide errors and make debugging extremely difficult.
They can mask security issues, data corruption, and system failures.
  - Remediation: Add proper error handling:

```javascript
try {
  await riskyOperation();
} catch (error) {
  logger.error('Operation failed:', error);
  // Handle or re-throw the error
  throw error;
}
```

### Typescript (1 rules)

- **Empty Catch Block** [MEDIUM]: Detects empty catch blocks that silently swallow exceptions without
any error handling, logging, or recovery logic.

Empty catch blocks hide errors and make debugging extremely difficult.
They can mask security issues, data corruption, and system failures.
  - Remediation: Add proper error handling:

```javascript
try {
  await riskyOperation();
} catch (error) {
  logger.error('Operation failed:', error);
  // Handle or re-throw the error
  throw error;
}
```