# Improper Handling of Exceptional Conditions (CWE-755)

The product does not handle or incorrectly handles an exceptional condition.

**Stack:** Python

- Prevalence: 中 3 言語をカバー
- Impact: ハイ 1 件の重大度ハイのルール
- Prevention: 文書化済み 4 件の修正例

**OWASP:** Insecure Design (A04:2021-Insecure Design) - #4

## Description

When exceptional conditions are not properly handled, the product may enter an undefined state, crash, or expose sensitive information. This can lead to denial of service, information disclosure, or unexpected behavior.

## Prevention

2 件の Shoulder 検出ルールに基づく Improper Handling of Exceptional Conditions の予防策。

### Python

Return error responses when security checks fail instead of continuing execution

Wrap database, file, network, and API operations in try/except with proper logging

## Warning Signs

- [HIGH] security checks (authentication, authorization, validation) inside
try/except blocks that return suc
- [MEDIUM] critical operations (database, file I/O, network calls, external APIs)
that lack proper exception ha

## Consequences

- DoS
- アプリケーションデータの読み取り
- 未承認コードの実行

## Mitigations

- 起こり得るすべての例外的状況を想定し、適切に処理する
- try-catch ブロックと適切なエラー処理メカニズムを使用する
- 例外発生時はセキュアにフェイルする

## Detection

- Total rules: 4
- Languages: go, javascript, typescript, python

## Rules by Language

### Python (2 rules)

- **Security Check Failing Open** [HIGH]: Detects security checks (authentication, authorization, validation) inside
try/except blocks that return success on exception. This causes the system
to "fail open" - granting access when security checks fail.
  - Remediation: Return an error response when security checks fail instead of continuing execution.

```python
from flask import request, abort

@app.route('/api/admin')
def admin_endpoint():
    try:
        user = authenticate(request.headers.get('Authorization'))
        check_admin_permission(user)
    except (AuthenticationError, PermissionError):
        abort(403)  # Fail closed - deny access

    return {'data': get_admin_data()}
```

Learn more: https://shoulder.dev/learn/python/cwe-755/failing-open
- **Missing Exception Handling in Critical Operations** [MEDIUM]: Detects critical operations (database, file I/O, network calls, external APIs)
that lack proper exception handling. Uncaught exceptions can crash the application,
leak sensitive information, or leave the system in an inconsistent state.
  - Remediation: Wrap database, file, network, and API operations in try/except blocks.

```python
import logging
import requests

logger = logging.getLogger(__name__)

def fetch_data(url):
    try:
        response = requests.get(url, timeout=5)
        response.raise_for_status()
        return response.json()
    except requests.RequestException as e:
        logger.error(f"Request failed: {e}")
        return None
```

Learn more: https://shoulder.dev/learn/python/cwe-755/uncaught-exception