Unchecked Error Condition (CWE-391) - Security Vulnerability

Unchecked Error Condition

The product does not properly check when a function or operation returns a value that is associated with an error condition.

When error conditions are not checked, the application may continue with invalid or unexpected state, potentially leading to crashes, data corruption, or security vulnerabilities.

Prevalência

Média

3 linguagens cobertas

Impacto

Alto

1 regras de severidade alta

Prevenção

Documentada

3 exemplos de correção

2 Prevenção

Como corrigir esta vulnerabilidade

Estratégias de prevenção para Unchecked Error Condition baseadas em 3 regras de detecção do Shoulder.

🐹 Go Ver tudo Go detalhes →

Empty Error Handling LOW

Log or return errors instead of silently swallowing them

+2 -0 go

  _, err := db.Exec("DELETE FROM sessions WHERE expired = true")
  if err != nil {
+     log.Printf("session cleanup failed: %v", err)
+     return err
  }

🟨 JavaScript Ver tudo JavaScript detalhes →

Unhandled Promise Rejection HIGH

Always handle promise rejections with .catch() or try/catch in async functions

+7 -2 javascript

  app.post('/create', async (req, res) => {
-   const user = await User.create(req.body);
-   res.json(user);
+   try {
+     const user = await User.create(req.body);
+     res.json(user);
+   } catch (error) {
+     logger.error('User creation failed:', error);
+     res.status(500).json({ error: 'Could not create user' });
+   }
  });

🐍 Python Ver tudo Python detalhes →

Empty Exception Handler MEDIUM

Log exceptions or handle them explicitly instead of silently swallowing with pass

+11 -6 python

- def get_data():
-     try:
-         data = fetch_sensitive_data()
-         return {'data': data}
-     except:
-         pass
+ import logging
+ 
+ logger = logging.getLogger(__name__)
+ 
+ def get_data():
+     try:
+         data = fetch_sensitive_data()
+         return {'data': data}
+     except Exception as e:
+         logger.error(f"Failed to fetch data: {e}", exc_info=True)
+         return {'error': 'Data unavailable'}, 500

3 Detecção

Encontre vulnerabilidades no seu código

Use o Shoulder para escanear seu código em busca de padrões Unchecked Error Condition. 3 regras.

terminal

# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=391

# Or scan entire project
npx @shoulderdev/cli trust .

Regras de Detecção (3)

🐹 Go 1 rules

Empty Error Handling LOW

Error check block is empty, silently swallowing errors.

🟨 Javascript 1 rules

Unhandled Promise Rejection HIGH

Detects promises that are created or called without proper rejection handlers. Unhandled promise rejections can cause application crashes, expose sensitive error information, and lead to inconsistent application state. In Node.js, unhandled promise rejections will terminate the process in future versions, making this a critical reliability and security issue.

🔷 Typescript 1 rules

Unhandled Promise Rejection HIGH

🐍 Python 1 rules

Empty Exception Handler MEDIUM

Detects empty except blocks that silently swallow exceptions. This can hide security-critical errors, authentication failures, or data validation issues.

4 Sinais de Alerta

O que observar nas revisões de código

Estes padrões indicam vulnerabilidades potenciais de Unchecked Error Condition. Procure-os durante revisões de código e auditorias de segurança.

🟠

Promise at ... lacks rejection handler (.catch or try-catch) javascript-unhandled-promise-rejection

🟠

promises that are created or called without proper rejection handlers javascript-unhandled-promise-rejection

🟡

empty except blocks that silently swallow exceptions python-empty-except-block

🔍

Escaneie seu código para Unchecked Error Condition

O Shoulder CLI encontra padrões vulneráveis em todo o seu código.

npx shoulder trust Ver todas as regras