# Unchecked Return Value (CWE-252)

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

**Stack:** JavaScript

- Prevalence: Średnia Pokryto 2 języków
- Impact: Wysoki 1 reguł o wysokim poziomie
- Prevention: Udokumentowane 2 przykładów poprawek

**OWASP:** Insecure Design (A04:2021-Insecure Design) - #4

## Description

When return values are not checked, the program may continue execution in an error state or with incorrect data, potentially leading to security vulnerabilities.

## Prevention

Strategie zapobiegania dla Unchecked Return Value oparte na 1 regułach detekcji Shoulder.

### JavaScript

Always check return values from critical operations like password comparison and database writes

## Warning Signs

- [HIGH] Return value from ... at ... is not checked
- [HIGH] critical operations (file system, database, authentication) whose
return values are not checked

## Consequences

- DoS
- Wykonanie nieautoryzowanego kodu
- Modyfikacja danych aplikacji

## Mitigations

- Zawsze sprawdzaj wartości zwracane przez funkcje
- Wykorzystuj ostrzeżenia kompilatora do wykrywania niesprawdzonych wartości zwracanych
- Odpowiednio obsługuj warunki błędów

## Detection

- Total rules: 2
- Languages: go, javascript, typescript

## Rules by Language

### Javascript (1 rules)

- **Unchecked Return Value from Critical Operations** [HIGH]: Detects critical operations (file system, database, authentication) whose
return values are not checked. Ignoring return values can lead to silent
failures, data corruption, and security vulnerabilities.

Critical operations that must have their return values checked include:
- File system operations (write, delete, chmod)
- Database operations (insert, update, delete)
- Authentication/authorization checks
- Cryptographic operations
  - Remediation: Always check return values from critical operations:

```javascript
// ✅ SAFE - Check return value
const result = await fs.writeFile(path, data);
if (!result.success) {
  logger.error('Write failed');
  throw new Error('Failed to write file');
}
```

### Typescript (1 rules)

- **Unchecked Return Value from Critical Operations** [HIGH]: Detects critical operations (file system, database, authentication) whose
return values are not checked. Ignoring return values can lead to silent
failures, data corruption, and security vulnerabilities.

Critical operations that must have their return values checked include:
- File system operations (write, delete, chmod)
- Database operations (insert, update, delete)
- Authentication/authorization checks
- Cryptographic operations
  - Remediation: Always check return values from critical operations:

```javascript
// ✅ SAFE - Check return value
const result = await fs.writeFile(path, data);
if (!result.success) {
  logger.error('Write failed');
  throw new Error('Failed to write file');
}
```