# Improper Handling of Exceptional Conditions (CWE-755)

The product does not handle or incorrectly handles an exceptional condition.

**Stack:** Python

- Prevalence: Mittel 3 Sprachen abgedeckt
- Impact: Hoch 1 Regeln mit hohem Schweregrad
- Prevention: Dokumentiert 4 Fix-Beispiele

**OWASP:** Insecure Design (A04:2021-Insecure Design) - #4

## Description

When exceptional conditions are not properly handled, the product may enter an undefined state, crash, or expose sensitive information. This can lead to denial of service, information disclosure, or unexpected behavior.

## Prevention

Präventionsstrategien für Improper Handling of Exceptional Conditions basierend auf 2 Shoulder-Erkennungsregeln.

### Python

Return error responses when security checks fail instead of continuing execution

Wrap database, file, network, and API operations in try/except with proper logging

## Warning Signs

- [HIGH] security checks (authentication, authorization, validation) inside
try/except blocks that return suc
- [MEDIUM] critical operations (database, file I/O, network calls, external APIs)
that lack proper exception ha

## Consequences

- DoS
- Anwendungsdaten lesen
- Nicht autorisierten Code ausführen

## Mitigations

- Alle potenziellen Ausnahmebedingungen vorhersehen und angemessen behandeln
- try-catch-Blöcke und geeignete Fehlerbehandlungsmechanismen verwenden
- Bei einer Ausnahme sicher fehlschlagen

## Detection

- Total rules: 4
- Languages: go, javascript, typescript, python

## Rules by Language

### Python (2 rules)

- **Security Check Failing Open** [HIGH]: Detects security checks (authentication, authorization, validation) inside
try/except blocks that return success on exception. This causes the system
to "fail open" - granting access when security checks fail.
  - Remediation: Return an error response when security checks fail instead of continuing execution.

```python
from flask import request, abort

@app.route('/api/admin')
def admin_endpoint():
    try:
        user = authenticate(request.headers.get('Authorization'))
        check_admin_permission(user)
    except (AuthenticationError, PermissionError):
        abort(403)  # Fail closed - deny access

    return {'data': get_admin_data()}
```

Learn more: https://shoulder.dev/learn/python/cwe-755/failing-open
- **Missing Exception Handling in Critical Operations** [MEDIUM]: Detects critical operations (database, file I/O, network calls, external APIs)
that lack proper exception handling. Uncaught exceptions can crash the application,
leak sensitive information, or leave the system in an inconsistent state.
  - Remediation: Wrap database, file, network, and API operations in try/except blocks.

```python
import logging
import requests

logger = logging.getLogger(__name__)

def fetch_data(url):
    try:
        response = requests.get(url, timeout=5)
        response.raise_for_status()
        return response.json()
    except requests.RequestException as e:
        logger.error(f"Request failed: {e}")
        return None
```

Learn more: https://shoulder.dev/learn/python/cwe-755/uncaught-exception