BETA O Shoulder está em beta — Os resultados às vezes podem estar incorretos. Seu feedback molda o que corrigimos a seguir. Compartilhar feedback
⚠️

Improper Handling of Exceptional Conditions

🛡️ 4 regras detectam isto

Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

When exceptional conditions are not properly handled, the product may enter an undefined state, crash, or expose sensitive information. This can lead to denial of service, information disclosure, or unexpected behavior.

Prevalência
Média
3 linguagens cobertas
Impacto
Alto
1 regras de severidade alta
Prevenção
Documentada
4 exemplos de correção
2 Prevenção
2 Prevenção

Como corrigir esta vulnerabilidade

Estratégias de prevenção para Improper Handling of Exceptional Conditions baseadas em 4 regras de detecção do Shoulder.

Incomplete Error Handling MEDIUM

Always check error return values before using other results

+2 -2 go
  result, err := process()
- if result == nil {
-     return
+ if err != nil {
+     return fmt.Errorf("process failed: %w", err)
  }
  useResult(result)
  
Resource Exhaustion via Exception Handling MEDIUM

Use finally blocks to release resources (connections, file handles) on all code paths

+8 -4 javascript
- const connection = await pool.getConnection();
- const result = await connection.query(sql);
- connection.release();
- return result;
+ let connection;
+ try {
+   connection = await pool.getConnection();
+   const result = await connection.query(sql);
+   return result;
+ } finally {
+   if (connection) await connection.release();
+ }
  
Security Check Failing Open HIGH

Return error responses when security checks fail instead of continuing execution

+8 -8 python
- from flask import request
- 
- @app.route('/api/admin')
- def admin_data():
-     try:
-         user = authenticate(request.headers.get('Authorization'))
-     except Exception:
-         pass  # Auth failed but continues
+ from flask import request, abort
+ 
+ @app.route('/api/admin')
+ def admin_data():
+     try:
+         user = authenticate(request.headers.get('Authorization'))
+     except Exception:
+         abort(403)
      return {'admin_data': get_sensitive_data()}
  
Missing Exception Handling in Critical Operations MEDIUM

Wrap database, file, network, and API operations in try/except with proper logging

+13 -5 python
- import requests
- 
- def fetch_data(url):
-     response = requests.get(url)
-     return response.json()
+ import logging
+ import requests
+ 
+ logger = logging.getLogger(__name__)
+ 
+ def fetch_data(url):
+     try:
+         response = requests.get(url, timeout=5)
+         response.raise_for_status()
+         return response.json()
+     except requests.RequestException as e:
+         logger.error(f"Request failed: {e}")
+         return None
  
3 Detecção
3 Detecção

Encontre vulnerabilidades no seu código

Use o Shoulder para escanear seu código em busca de padrões Improper Handling of Exceptional Conditions. 4 regras.

terminal
# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=755

# Or scan entire project
npx @shoulderdev/cli trust .
4 Sinais de Alerta
4 Sinais de Alerta

O que observar nas revisões de código

Estes padrões indicam vulnerabilidades potenciais de Improper Handling of Exceptional Conditions. Procure-os durante revisões de código e auditorias de segurança.

🟠
security checks (authentication, authorization, validation) inside try/except blocks that return suc python-failing-open
🟡
Resource at ... may not be released when exceptions occur javascript-resource-exhaustion-exceptions
🟡
code that allocates resources (files, connections, memory) within try blocks but fails to release th javascript-resource-exhaustion-exceptions
🟡
critical operations (database, file I/O, network calls, external APIs) that lack proper exception ha python-uncaught-exception
🔍

Escaneie seu código para Improper Handling of Exceptional Conditions

O Shoulder CLI encontra padrões vulneráveis em todo o seu código.