Unchecked Return Value (CWE-252) - Security Vulnerability

2 Prevención

Cómo corregir esta vulnerabilidad

Estrategias de prevención para Unchecked Return Value basadas en 2 reglas de detección de Shoulder.

🐹 Go Ver todo Go detalles →

Unchecked Error Return Values MEDIUM

Replace blank identifier _ with err and check error return values

+4 -1 go

- data, _ := ioutil.ReadFile(path)
+ data, err := ioutil.ReadFile(path)
+ if err != nil {
+     return fmt.Errorf("failed to read %s: %w", path, err)
+ }
  process(data)

🟨 JavaScript Ver todo JavaScript detalles →

Unchecked Return Value from Critical Operations HIGH

Always check return values from critical operations like password comparison and database writes

+4 -2 javascript

- bcrypt.compare(req.body.password, user.passwordHash);
- // Proceeds without checking the result
+ const isValid = await bcrypt.compare(req.body.password, user.passwordHash);
+ if (!isValid) {
+   return res.status(401).json({ error: 'Invalid credentials' });
+ }
  const token = generateToken(user);

3 Detección

Encuentra vulnerabilidades en tu código

Usa Shoulder para escanear tu código en busca de patrones Unchecked Return Value. 2 reglas.

terminal

# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=252

# Or scan entire project
npx @shoulderdev/cli trust .

Reglas de Detección (2)

🐹 Go 1 rules

Unchecked Error Return Values MEDIUM

Error return value ignored using blank identifier (_).

🟨 Javascript 1 rules

Unchecked Return Value from Critical Operations HIGH

Detects critical operations (file system, database, authentication) whose return values are not checked. Ignoring return values can lead to silent failures, data corruption, and security vulnerabilities. Critical operations that must have their return values checked include: - File system operations (write, delete, chmod) - Database operations (insert, update, delete) - Authentication/authorization checks - Cryptographic operations

🔷 Typescript 1 rules

Unchecked Return Value from Critical Operations HIGH

Detects critical operations (file system, database, authentication) whose return values are not checked. Ignoring return values can lead to silent failures, data corruption, and security vulnerabilities. Critical operations that must have their return values checked include: - File system operations (write, delete, chmod) - Database operations (insert, update, delete) - Authentication/authorization checks - Cryptographic operations

4 Señales de Alerta

Qué buscar en las revisiones de código

Estos patrones indican vulnerabilidades potenciales de Unchecked Return Value. Búscalos durante las revisiones de código y auditorías de seguridad.

🟠

Return value from ... at ... is not checked javascript-unchecked-return-value

🟠

critical operations (file system, database, authentication) whose return values are not checked javascript-unchecked-return-value

Unchecked Return Value