# Improper Handling of Exceptional Conditions (CWE-755)

The product does not handle or incorrectly handles an exceptional condition.

**Stack:** JavaScript

- Prevalence: Medium 3 languages covered
- Impact: High 1 high-severity rules
- Prevention: Documented 4 fix examples

**OWASP:** Insecure Design (A04:2021-Insecure Design) - #4

## Description

When exceptional conditions are not properly handled, the product may enter an undefined state, crash, or expose sensitive information. This can lead to denial of service, information disclosure, or unexpected behavior.

## Prevention

Prevention strategies for Improper Handling of Exceptional Conditions based on 1 Shoulder detection rules.

### JavaScript

Use finally blocks to release resources (connections, file handles) on all code paths

## Warning Signs

- [MEDIUM] Resource at ... may not be released when exceptions occur
- [MEDIUM] code that allocates resources (files, connections, memory) within
try blocks but fails to release th

## Consequences

- DoS
- Read Application Data
- Execute Unauthorized Code

## Mitigations

- Anticipate all potential exceptional conditions and handle them appropriately
- Use try-catch blocks and proper error handling mechanisms
- Fail securely when an exception occurs

## Detection

- Total rules: 4
- Languages: go, javascript, typescript, python

## Rules by Language

### Javascript (1 rules)

- **Resource Exhaustion via Exception Handling** [MEDIUM]: Detects code that allocates resources (files, connections, memory) within
try blocks but fails to release them in finally blocks or error paths.

When exceptions occur, resources may not be properly cleaned up, leading
to resource exhaustion, memory leaks, and denial of service.
  - Remediation: Use finally blocks or try-with-resources pattern:

```javascript
// ✅ SAFE - Cleanup in finally
let connection;
try {
  connection = await db.getConnection();
  await connection.query(sql);
} catch (error) {
  logger.error('Query failed:', error);
  throw error;
} finally {
  if (connection) {
    await connection.release();
  }
}
```

### Typescript (1 rules)

- **Resource Exhaustion via Exception Handling** [MEDIUM]: Detects code that allocates resources (files, connections, memory) within
try blocks but fails to release them in finally blocks or error paths.

When exceptions occur, resources may not be properly cleaned up, leading
to resource exhaustion, memory leaks, and denial of service.
  - Remediation: Use finally blocks or try-with-resources pattern:

```javascript
// ✅ SAFE - Cleanup in finally
let connection;
try {
  connection = await db.getConnection();
  await connection.query(sql);
} catch (error) {
  logger.error('Query failed:', error);
  throw error;
} finally {
  if (connection) {
    await connection.release();
  }
}
```