Unchecked Error Condition (CWE-391) - Security Vulnerability

Unchecked Error Condition

The product does not properly check when a function or operation returns a value that is associated with an error condition.

When error conditions are not checked, the application may continue with invalid or unexpected state, potentially leading to crashes, data corruption, or security vulnerabilities.

Prevalencia

Media

3 lenguajes cubiertos

Impacto

Alto

1 reglas de severidad alta

Prevención

Documentada

3 ejemplos de corrección

2 Prevención

Cómo corregir esta vulnerabilidad

Estrategias de prevención para Unchecked Error Condition basadas en 3 reglas de detección de Shoulder.

🐹 Go Ver todo Go detalles →

Empty Error Handling LOW

Log or return errors instead of silently swallowing them

+2 -0 go

  _, err := db.Exec("DELETE FROM sessions WHERE expired = true")
  if err != nil {
+     log.Printf("session cleanup failed: %v", err)
+     return err
  }

🟨 JavaScript Ver todo JavaScript detalles →

Unhandled Promise Rejection HIGH

Always handle promise rejections with .catch() or try/catch in async functions

+7 -2 javascript

  app.post('/create', async (req, res) => {
-   const user = await User.create(req.body);
-   res.json(user);
+   try {
+     const user = await User.create(req.body);
+     res.json(user);
+   } catch (error) {
+     logger.error('User creation failed:', error);
+     res.status(500).json({ error: 'Could not create user' });
+   }
  });

🐍 Python Ver todo Python detalles →

Empty Exception Handler MEDIUM

Log exceptions or handle them explicitly instead of silently swallowing with pass

+11 -6 python

- def get_data():
-     try:
-         data = fetch_sensitive_data()
-         return {'data': data}
-     except:
-         pass
+ import logging
+ 
+ logger = logging.getLogger(__name__)
+ 
+ def get_data():
+     try:
+         data = fetch_sensitive_data()
+         return {'data': data}
+     except Exception as e:
+         logger.error(f"Failed to fetch data: {e}", exc_info=True)
+         return {'error': 'Data unavailable'}, 500

3 Detección

Encuentra vulnerabilidades en tu código

Usa Shoulder para escanear tu código en busca de patrones Unchecked Error Condition. 3 reglas.

terminal

# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=391

# Or scan entire project
npx @shoulderdev/cli trust .

Reglas de Detección (3)

🐹 Go 1 rules

Empty Error Handling LOW

Error check block is empty, silently swallowing errors.

🟨 Javascript 1 rules

Unhandled Promise Rejection HIGH

Detects promises that are created or called without proper rejection handlers. Unhandled promise rejections can cause application crashes, expose sensitive error information, and lead to inconsistent application state. In Node.js, unhandled promise rejections will terminate the process in future versions, making this a critical reliability and security issue.

🔷 Typescript 1 rules

Unhandled Promise Rejection HIGH

🐍 Python 1 rules

Empty Exception Handler MEDIUM

Detects empty except blocks that silently swallow exceptions. This can hide security-critical errors, authentication failures, or data validation issues.

4 Señales de Alerta

Qué buscar en las revisiones de código

Estos patrones indican vulnerabilidades potenciales de Unchecked Error Condition. Búscalos durante las revisiones de código y auditorías de seguridad.

🟠

Promise at ... lacks rejection handler (.catch or try-catch) javascript-unhandled-promise-rejection

🟠

promises that are created or called without proper rejection handlers javascript-unhandled-promise-rejection

🟡

empty except blocks that silently swallow exceptions python-empty-except-block

🔍

Escanea tu base de código para Unchecked Error Condition

Shoulder CLI encuentra patrones vulnerables en toda tu base de código.

npx shoulder trust Ver todas las reglas