Improper Handling of Exceptional Conditions (CWE-755)

Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

When exceptional conditions are not properly handled, the product may enter an undefined state, crash, or expose sensitive information. This can lead to denial of service, information disclosure, or unexpected behavior.

व्यापकता

मध्यम

3 भाषाएँ कवर की गईं

प्रभाव

उच्च

1 उच्च गंभीरता वाले नियम

रोकथाम

प्रलेखित

4 फिक्स उदाहरण

2 रोकथाम

इस भेद्यता को कैसे ठीक करें

4 Shoulder डिटेक्शन नियमों पर आधारित Improper Handling of Exceptional Conditions के लिए रोकथाम रणनीतियाँ।

🐹 Go सब देखें Go विवरण →

Incomplete Error Handling MEDIUM

Always check error return values before using other results

+2 -2 go

  result, err := process()
- if result == nil {
-     return
+ if err != nil {
+     return fmt.Errorf("process failed: %w", err)
  }
  useResult(result)

🟨 JavaScript सब देखें JavaScript विवरण →

Resource Exhaustion via Exception Handling MEDIUM

Use finally blocks to release resources (connections, file handles) on all code paths

+8 -4 javascript

- const connection = await pool.getConnection();
- const result = await connection.query(sql);
- connection.release();
- return result;
+ let connection;
+ try {
+   connection = await pool.getConnection();
+   const result = await connection.query(sql);
+   return result;
+ } finally {
+   if (connection) await connection.release();
+ }

🐍 Python सब देखें Python विवरण →

Security Check Failing Open HIGH

Return error responses when security checks fail instead of continuing execution

+8 -8 python

- from flask import request
- 
- @app.route('/api/admin')
- def admin_data():
-     try:
-         user = authenticate(request.headers.get('Authorization'))
-     except Exception:
-         pass  # Auth failed but continues
+ from flask import request, abort
+ 
+ @app.route('/api/admin')
+ def admin_data():
+     try:
+         user = authenticate(request.headers.get('Authorization'))
+     except Exception:
+         abort(403)
      return {'admin_data': get_sensitive_data()}

Missing Exception Handling in Critical Operations MEDIUM

Wrap database, file, network, and API operations in try/except with proper logging

+13 -5 python

- import requests
- 
- def fetch_data(url):
-     response = requests.get(url)
-     return response.json()
+ import logging
+ import requests
+ 
+ logger = logging.getLogger(__name__)
+ 
+ def fetch_data(url):
+     try:
+         response = requests.get(url, timeout=5)
+         response.raise_for_status()
+         return response.json()
+     except requests.RequestException as e:
+         logger.error(f"Request failed: {e}")
+         return None

3 पहचान

अपने कोड में भेद्यताएँ खोजें

Improper Handling of Exceptional Conditions पैटर्न के लिए अपने कोडबेस को स्कैन करने के लिए Shoulder का उपयोग करें। 4 नियम.

टर्मिनल

# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=755

# Or scan entire project
npx @shoulderdev/cli trust .

पहचान नियम (4)

🐍 Python 2 rules

Security Check Failing Open HIGH

Detects security checks (authentication, authorization, validation) inside try/except blocks that return success on exception. This causes the system to "fail open" - granting access when security checks fail.

Missing Exception Handling in Critical Operations MEDIUM

Detects critical operations (database, file I/O, network calls, external APIs) that lack proper exception handling. Uncaught exceptions can crash the application, leak sensitive information, or leave the system in an inconsistent state.

🐹 Go 1 rules

Incomplete Error Handling MEDIUM

Function returns error but caller does not check err != nil.

🟨 Javascript 1 rules

Resource Exhaustion via Exception Handling MEDIUM

Detects code that allocates resources (files, connections, memory) within try blocks but fails to release them in finally blocks or error paths. When exceptions occur, resources may not be properly cleaned up, leading to resource exhaustion, memory leaks, and denial of service.

🔷 Typescript 1 rules

Resource Exhaustion via Exception Handling MEDIUM

4 चेतावनी संकेत

कोड समीक्षा में किन बातों पर ध्यान दें

ये पैटर्न संभावित Improper Handling of Exceptional Conditions भेद्यताओं का संकेत देते हैं। कोड समीक्षा और सुरक्षा ऑडिट के दौरान इन्हें देखें।

🟠

security checks (authentication, authorization, validation) inside try/except blocks that return suc python-failing-open

🟡

Resource at ... may not be released when exceptions occur javascript-resource-exhaustion-exceptions

🟡

code that allocates resources (files, connections, memory) within try blocks but fails to release th javascript-resource-exhaustion-exceptions

🟡

critical operations (database, file I/O, network calls, external APIs) that lack proper exception ha python-uncaught-exception

🔍

अपने कोडबेस को इसके लिए स्कैन करें: Improper Handling of Exceptional Conditions

Shoulder CLI आपके पूरे कोडबेस में भेद्य पैटर्न खोजता है।

npx shoulder trust सभी नियम देखें