# Improper Handling of Exceptional Conditions (CWE-755)

The product does not handle or incorrectly handles an exceptional condition.

**Stack:** Python

- Prevalence: Średnia Pokryto 3 języków
- Impact: Wysoki 1 reguł o wysokim poziomie
- Prevention: Udokumentowane 4 przykładów poprawek

**OWASP:** Insecure Design (A04:2021-Insecure Design) - #4

## Description

When exceptional conditions are not properly handled, the product may enter an undefined state, crash, or expose sensitive information. This can lead to denial of service, information disclosure, or unexpected behavior.

## Prevention

Strategie zapobiegania dla Improper Handling of Exceptional Conditions oparte na 2 regułach detekcji Shoulder.

### Python

Return error responses when security checks fail instead of continuing execution

Wrap database, file, network, and API operations in try/except with proper logging

## Warning Signs

- [HIGH] security checks (authentication, authorization, validation) inside
try/except blocks that return suc
- [MEDIUM] critical operations (database, file I/O, network calls, external APIs)
that lack proper exception ha

## Consequences

- DoS
- Odczyt danych aplikacji
- Wykonanie nieautoryzowanego kodu

## Mitigations

- Przewiduj wszystkie możliwe sytuacje wyjątkowe i odpowiednio je obsługuj
- Stosuj bloki try-catch i właściwe mechanizmy obsługi błędów
- W razie wyjątku zawiódź w bezpieczny sposób

## Detection

- Total rules: 4
- Languages: go, javascript, typescript, python

## Rules by Language

### Python (2 rules)

- **Security Check Failing Open** [HIGH]: Detects security checks (authentication, authorization, validation) inside
try/except blocks that return success on exception. This causes the system
to "fail open" - granting access when security checks fail.
  - Remediation: Return an error response when security checks fail instead of continuing execution.

```python
from flask import request, abort

@app.route('/api/admin')
def admin_endpoint():
    try:
        user = authenticate(request.headers.get('Authorization'))
        check_admin_permission(user)
    except (AuthenticationError, PermissionError):
        abort(403)  # Fail closed - deny access

    return {'data': get_admin_data()}
```

Learn more: https://shoulder.dev/learn/python/cwe-755/failing-open
- **Missing Exception Handling in Critical Operations** [MEDIUM]: Detects critical operations (database, file I/O, network calls, external APIs)
that lack proper exception handling. Uncaught exceptions can crash the application,
leak sensitive information, or leave the system in an inconsistent state.
  - Remediation: Wrap database, file, network, and API operations in try/except blocks.

```python
import logging
import requests

logger = logging.getLogger(__name__)

def fetch_data(url):
    try:
        response = requests.get(url, timeout=5)
        response.raise_for_status()
        return response.json()
    except requests.RequestException as e:
        logger.error(f"Request failed: {e}")
        return None
```

Learn more: https://shoulder.dev/learn/python/cwe-755/uncaught-exception