Unchecked Return Value (CWE-252) - Security Vulnerability

2 Prevenção

Como corrigir esta vulnerabilidade

Estratégias de prevenção para Unchecked Return Value baseadas em 2 regras de detecção do Shoulder.

🐹 Go Ver tudo Go detalhes →

Unchecked Error Return Values MEDIUM

Replace blank identifier _ with err and check error return values

+4 -1 go

- data, _ := ioutil.ReadFile(path)
+ data, err := ioutil.ReadFile(path)
+ if err != nil {
+     return fmt.Errorf("failed to read %s: %w", path, err)
+ }
  process(data)

🟨 JavaScript Ver tudo JavaScript detalhes →

Unchecked Return Value from Critical Operations HIGH

Always check return values from critical operations like password comparison and database writes

+4 -2 javascript

- bcrypt.compare(req.body.password, user.passwordHash);
- // Proceeds without checking the result
+ const isValid = await bcrypt.compare(req.body.password, user.passwordHash);
+ if (!isValid) {
+   return res.status(401).json({ error: 'Invalid credentials' });
+ }
  const token = generateToken(user);

3 Detecção

Encontre vulnerabilidades no seu código

Use o Shoulder para escanear seu código em busca de padrões Unchecked Return Value. 2 regras.

terminal

# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=252

# Or scan entire project
npx @shoulderdev/cli trust .

Regras de Detecção (2)

🐹 Go 1 rules

Unchecked Error Return Values MEDIUM

Error return value ignored using blank identifier (_).

🟨 Javascript 1 rules

Unchecked Return Value from Critical Operations HIGH

Detects critical operations (file system, database, authentication) whose return values are not checked. Ignoring return values can lead to silent failures, data corruption, and security vulnerabilities. Critical operations that must have their return values checked include: - File system operations (write, delete, chmod) - Database operations (insert, update, delete) - Authentication/authorization checks - Cryptographic operations

🔷 Typescript 1 rules

Unchecked Return Value from Critical Operations HIGH

Detects critical operations (file system, database, authentication) whose return values are not checked. Ignoring return values can lead to silent failures, data corruption, and security vulnerabilities. Critical operations that must have their return values checked include: - File system operations (write, delete, chmod) - Database operations (insert, update, delete) - Authentication/authorization checks - Cryptographic operations

4 Sinais de Alerta

O que observar nas revisões de código

Estes padrões indicam vulnerabilidades potenciais de Unchecked Return Value. Procure-os durante revisões de código e auditorias de segurança.

🟠

Return value from ... at ... is not checked javascript-unchecked-return-value

🟠

critical operations (file system, database, authentication) whose return values are not checked javascript-unchecked-return-value

Unchecked Return Value