# Improper Check for Unusual or Exceptional Conditions (CWE-754)

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

- Prevalence: 中 1 言語をカバー
- Impact: ハイ 1 件の重大度ハイのルール
- Prevention: 文書化済み 1 件の修正例

**OWASP:** Insecure Design (A04:2021-Insecure Design) - #4

## Description

Failing to check for error conditions, return values, or exceptional cases can lead to undefined behavior, crashes, or security vulnerabilities when these conditions occur.

## Prevention

1 件の Shoulder 検出ルールに基づく Improper Check for Unusual Conditions の予防策。

### JavaScript

Use multi-phase migrations with data backup before destructive DDL operations like DROP TABLE or DROP COLUMN

## Warning Signs

- [HIGH] Migration contains potentially destructive operation: .... Add safety checks and data preservation logic.

## Consequences

- DoS
- 未承認コードの実行
- アプリケーションデータの読み取り

## Mitigations

- すべての戻り値とエラー条件をチェックする
- エッジケースや例外的な条件を明示的に処理する
- 防御的プログラミングの実践を取り入れる

## Detection

- Total rules: 1
- Languages: javascript, typescript

## Rules by Language

### Javascript (1 rules)

- **TypeORM Unsafe Database Migration** [HIGH]: Unsafe migrations with DROP TABLE/COLUMN operations without backups cause permanent
data loss and application crashes from schema mismatches.
  - Remediation: Backup data before destructive operations and use multi-phase migrations.

```typescript
export class SafeColumnRemoval implements MigrationInterface {
  public async up(queryRunner: QueryRunner): Promise<void> {
    // Backup before dropping
    await queryRunner.query(`
      CREATE TABLE "user_email_backup" AS
      SELECT id, email FROM "user"
    `);
    await queryRunner.dropColumn('user', 'email');
  }
}
```

Learn more: https://shoulder.dev/learn/typescript/cwe-754/unsafe-migration

### Typescript (1 rules)

- **TypeORM Unsafe Database Migration** [HIGH]: Unsafe migrations with DROP TABLE/COLUMN operations without backups cause permanent
data loss and application crashes from schema mismatches.
  - Remediation: Backup data before destructive operations and use multi-phase migrations.

```typescript
export class SafeColumnRemoval implements MigrationInterface {
  public async up(queryRunner: QueryRunner): Promise<void> {
    // Backup before dropping
    await queryRunner.query(`
      CREATE TABLE "user_email_backup" AS
      SELECT id, email FROM "user"
    `);
    await queryRunner.dropColumn('user', 'email');
  }
}
```

Learn more: https://shoulder.dev/learn/typescript/cwe-754/unsafe-migration