Unchecked Return Value (CWE-252) - Security Vulnerability

2 Prévention

Comment corriger cette vulnérabilité

Stratégies de prévention pour Unchecked Return Value basées sur 2 règles de détection Shoulder.

🐹 Go Tout voir Go détails →

Unchecked Error Return Values MEDIUM

Replace blank identifier _ with err and check error return values

+4 -1 go

- data, _ := ioutil.ReadFile(path)
+ data, err := ioutil.ReadFile(path)
+ if err != nil {
+     return fmt.Errorf("failed to read %s: %w", path, err)
+ }
  process(data)

🟨 JavaScript Tout voir JavaScript détails →

Unchecked Return Value from Critical Operations HIGH

Always check return values from critical operations like password comparison and database writes

+4 -2 javascript

- bcrypt.compare(req.body.password, user.passwordHash);
- // Proceeds without checking the result
+ const isValid = await bcrypt.compare(req.body.password, user.passwordHash);
+ if (!isValid) {
+   return res.status(401).json({ error: 'Invalid credentials' });
+ }
  const token = generateToken(user);

3 Détection

Trouvez les vulnérabilités dans votre code

Utilisez Shoulder pour scanner votre code à la recherche de patterns Unchecked Return Value. 2 règles.

terminal

# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=252

# Or scan entire project
npx @shoulderdev/cli trust .

Règles de Détection (2)

🐹 Go 1 rules

Unchecked Error Return Values MEDIUM

Error return value ignored using blank identifier (_).

🟨 Javascript 1 rules

Unchecked Return Value from Critical Operations HIGH

Detects critical operations (file system, database, authentication) whose return values are not checked. Ignoring return values can lead to silent failures, data corruption, and security vulnerabilities. Critical operations that must have their return values checked include: - File system operations (write, delete, chmod) - Database operations (insert, update, delete) - Authentication/authorization checks - Cryptographic operations

🔷 Typescript 1 rules

Unchecked Return Value from Critical Operations HIGH

Detects critical operations (file system, database, authentication) whose return values are not checked. Ignoring return values can lead to silent failures, data corruption, and security vulnerabilities. Critical operations that must have their return values checked include: - File system operations (write, delete, chmod) - Database operations (insert, update, delete) - Authentication/authorization checks - Cryptographic operations

4 Signes d'Alerte

Ce qu'il faut surveiller lors des revues de code

Ces patterns indiquent des vulnérabilités potentielles Unchecked Return Value. Recherchez-les lors des revues de code et des audits de sécurité.

🟠

Return value from ... at ... is not checked javascript-unchecked-return-value

🟠

critical operations (file system, database, authentication) whose return values are not checked javascript-unchecked-return-value

Unchecked Return Value