베타 Shoulder는 베타 버전입니다 — 결과가 가끔 잘못될 수 있습니다. 여러분의 피드백이 다음에 무엇을 고칠지 결정합니다. 피드백 공유
Shoulder.dev

개발자를 위한 위협 인텔리전스
⚠️

Improper Handling of Exceptional Conditions

🛡️ 4 개의 규칙이 이를 탐지합니다

Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

When exceptional conditions are not properly handled, the product may enter an undefined state, crash, or expose sensitive information. This can lead to denial of service, information disclosure, or unexpected behavior.

보급률
보통
3개 언어 지원
영향
높음
1개의 높은 심각도 규칙
예방
문서화됨
4개의 수정 예시
2 예방
2 예방

이 취약점을 수정하는 방법

4개의 Shoulder 탐지 규칙을 기반으로 한 Improper Handling of Exceptional Conditions 예방 전략.

🐹 Go 모두 보기 Go 자세히 →
Incomplete Error Handling MEDIUM

Always check error return values before using other results

+2 -2 go 
  result, err := process()
- if result == nil {
-     return
+ if err != nil {
+     return fmt.Errorf("process failed: %w", err)
  }
  useResult(result)
🟨 JavaScript 모두 보기 JavaScript 자세히 →
Resource Exhaustion via Exception Handling MEDIUM

Use finally blocks to release resources (connections, file handles) on all code paths

+8 -4 javascript 
- const connection = await pool.getConnection();
- const result = await connection.query(sql);
- connection.release();
- return result;
+ let connection;
+ try {
+   connection = await pool.getConnection();
+   const result = await connection.query(sql);
+   return result;
+ } finally {
+   if (connection) await connection.release();
+ }
🐍 Python 모두 보기 Python 자세히 →
Security Check Failing Open HIGH

Return error responses when security checks fail instead of continuing execution

+8 -8 python 
- from flask import request
- 
- @app.route('/api/admin')
- def admin_data():
-     try:
-         user = authenticate(request.headers.get('Authorization'))
-     except Exception:
-         pass  # Auth failed but continues
+ from flask import request, abort
+ 
+ @app.route('/api/admin')
+ def admin_data():
+     try:
+         user = authenticate(request.headers.get('Authorization'))
+     except Exception:
+         abort(403)
      return {'admin_data': get_sensitive_data()}
Missing Exception Handling in Critical Operations MEDIUM

Wrap database, file, network, and API operations in try/except with proper logging

+13 -5 python 
- import requests
- 
- def fetch_data(url):
-     response = requests.get(url)
-     return response.json()
+ import logging
+ import requests
+ 
+ logger = logging.getLogger(__name__)
+ 
+ def fetch_data(url):
+     try:
+         response = requests.get(url, timeout=5)
+         response.raise_for_status()
+         return response.json()
+     except requests.RequestException as e:
+         logger.error(f"Request failed: {e}")
+         return None
3 탐지
3 탐지

코드에서 취약점 찾기

Shoulder를 사용하여 코드에서 Improper Handling of Exceptional Conditions 패턴을 스캔하세요. 4 규칙.

터미널
# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=755

# Or scan entire project
npx @shoulderdev/cli trust .

탐지 규칙 (4)

4 경고 신호
4 경고 신호

코드 리뷰에서 주의할 점

이 패턴은 잠재적인 Improper Handling of Exceptional Conditions 취약점을 나타냅니다. 코드 리뷰와 보안 감사 중에 찾아보세요.

🟠
security checks (authentication, authorization, validation) inside try/except blocks that return suc python-failing-open
🟡
Resource at ... may not be released when exceptions occur javascript-resource-exhaustion-exceptions
🟡
code that allocates resources (files, connections, memory) within try blocks but fails to release th javascript-resource-exhaustion-exceptions
🟡
critical operations (database, file I/O, network calls, external APIs) that lack proper exception ha python-uncaught-exception
🔍

코드베이스를 스캔하세요: Improper Handling of Exceptional Conditions

Shoulder CLI는 전체 코드베이스에서 취약한 패턴을 찾아냅니다.

npx shoulder trust 모든 규칙 보기