Unchecked Error Condition (CWE-391) - Security Vulnerability

Unchecked Error Condition

The product does not properly check when a function or operation returns a value that is associated with an error condition.

When error conditions are not checked, the application may continue with invalid or unexpected state, potentially leading to crashes, data corruption, or security vulnerabilities.

보급률

보통

3개 언어 지원

영향

높음

1개의 높은 심각도 규칙

예방

문서화됨

3개의 수정 예시

2 예방

이 취약점을 수정하는 방법

3개의 Shoulder 탐지 규칙을 기반으로 한 Unchecked Error Condition 예방 전략.

🐹 Go 모두 보기 Go 자세히 →

Empty Error Handling LOW

Log or return errors instead of silently swallowing them

+2 -0 go

  _, err := db.Exec("DELETE FROM sessions WHERE expired = true")
  if err != nil {
+     log.Printf("session cleanup failed: %v", err)
+     return err
  }

🟨 JavaScript 모두 보기 JavaScript 자세히 →

Unhandled Promise Rejection HIGH

Always handle promise rejections with .catch() or try/catch in async functions

+7 -2 javascript

  app.post('/create', async (req, res) => {
-   const user = await User.create(req.body);
-   res.json(user);
+   try {
+     const user = await User.create(req.body);
+     res.json(user);
+   } catch (error) {
+     logger.error('User creation failed:', error);
+     res.status(500).json({ error: 'Could not create user' });
+   }
  });

🐍 Python 모두 보기 Python 자세히 →

Empty Exception Handler MEDIUM

Log exceptions or handle them explicitly instead of silently swallowing with pass

+11 -6 python

- def get_data():
-     try:
-         data = fetch_sensitive_data()
-         return {'data': data}
-     except:
-         pass
+ import logging
+ 
+ logger = logging.getLogger(__name__)
+ 
+ def get_data():
+     try:
+         data = fetch_sensitive_data()
+         return {'data': data}
+     except Exception as e:
+         logger.error(f"Failed to fetch data: {e}", exc_info=True)
+         return {'error': 'Data unavailable'}, 500

3 탐지

코드에서 취약점 찾기

Shoulder를 사용하여 코드에서 Unchecked Error Condition 패턴을 스캔하세요. 3 규칙.

터미널

# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=391

# Or scan entire project
npx @shoulderdev/cli trust .

탐지 규칙 (3)

🐹 Go 1 rules

Empty Error Handling LOW

Error check block is empty, silently swallowing errors.

🟨 Javascript 1 rules

Unhandled Promise Rejection HIGH

Detects promises that are created or called without proper rejection handlers. Unhandled promise rejections can cause application crashes, expose sensitive error information, and lead to inconsistent application state. In Node.js, unhandled promise rejections will terminate the process in future versions, making this a critical reliability and security issue.

🔷 Typescript 1 rules

Unhandled Promise Rejection HIGH

🐍 Python 1 rules

Empty Exception Handler MEDIUM

Detects empty except blocks that silently swallow exceptions. This can hide security-critical errors, authentication failures, or data validation issues.

4 경고 신호

코드 리뷰에서 주의할 점

이 패턴은 잠재적인 Unchecked Error Condition 취약점을 나타냅니다. 코드 리뷰와 보안 감사 중에 찾아보세요.

🟠

Promise at ... lacks rejection handler (.catch or try-catch) javascript-unhandled-promise-rejection

🟠

promises that are created or called without proper rejection handlers javascript-unhandled-promise-rejection

🟡

empty except blocks that silently swallow exceptions python-empty-except-block

🔍

코드베이스를 스캔하세요: Unchecked Error Condition

Shoulder CLI는 전체 코드베이스에서 취약한 패턴을 찾아냅니다.

npx shoulder trust 모든 규칙 보기