# Detection of Error Condition Without Action (CWE-390)

The product detects a specific error, but takes no actions to handle the error.

- Prevalence: 中 覆盖 1 种语言
- Impact: 中 建议审查
- Prevention: 已记录 1 个修复示例

**OWASP:** Insecure Design (A04:2021-Insecure Design) - #4

## Description

Empty catch blocks or error handlers that don't actually handle the error can mask problems and lead to undefined behavior. The product may continue operating in an error state, leading to crashes or security vulnerabilities.

## Prevention

基于 1 条 Shoulder 检测规则的 Detection of Error Condition Without Action 预防策略。

### JavaScript

Log errors with context, respond to users, and propagate or handle appropriately

## Warning Signs

- [MEDIUM] Catch block at line ... has incomplete error handling
- [MEDIUM] empty catch blocks and incomplete error handling patterns that silently swallow errors

## Consequences

- 拒绝服务 (DoS)
- 执行未授权代码
- 修改应用程序数据

## Mitigations

- 始终适当地处理错误,哪怕只是记录到日志
- 实现适当的错误恢复或故障安全行为
- 使用 lint 工具检测空的异常处理器

## Detection

- Total rules: 1
- Languages: javascript, typescript

## Rules by Language

### Javascript (1 rules)

- **Incomplete Error Handling** [MEDIUM]: Detects empty catch blocks and incomplete error handling patterns that silently swallow errors.
  - Remediation: Implement proper error handling with recovery, logging, and user feedback.

### Typescript (1 rules)

- **Incomplete Error Handling** [MEDIUM]: Detects empty catch blocks and incomplete error handling patterns that silently swallow errors.
  - Remediation: Implement proper error handling with recovery, logging, and user feedback.