# Improper Handling of Exceptional Conditions (CWE-755)

The product does not handle or incorrectly handles an exceptional condition.

**Stack:** Python

- Prevalence: Média 3 linguagens cobertas
- Impact: Alto 1 regras de severidade alta
- Prevention: Documentada 4 exemplos de correção

**OWASP:** Insecure Design (A04:2021-Insecure Design) - #4

## Description

When exceptional conditions are not properly handled, the product may enter an undefined state, crash, or expose sensitive information. This can lead to denial of service, information disclosure, or unexpected behavior.

## Prevention

Estratégias de prevenção para Improper Handling of Exceptional Conditions baseadas em 2 regras de detecção do Shoulder.

### Python

Return error responses when security checks fail instead of continuing execution

Wrap database, file, network, and API operations in try/except with proper logging

## Warning Signs

- [HIGH] security checks (authentication, authorization, validation) inside
try/except blocks that return suc
- [MEDIUM] critical operations (database, file I/O, network calls, external APIs)
that lack proper exception ha

## Consequences

- DoS
- Ler dados da aplicação
- Executar código não autorizado

## Mitigations

- Antecipe todas as condições excepcionais potenciais e trate-as adequadamente
- Use blocos try-catch e mecanismos apropriados de tratamento de erros
- Falhe de forma segura quando ocorrer uma exceção

## Detection

- Total rules: 4
- Languages: go, javascript, typescript, python

## Rules by Language

### Python (2 rules)

- **Security Check Failing Open** [HIGH]: Detects security checks (authentication, authorization, validation) inside
try/except blocks that return success on exception. This causes the system
to "fail open" - granting access when security checks fail.
  - Remediation: Return an error response when security checks fail instead of continuing execution.

```python
from flask import request, abort

@app.route('/api/admin')
def admin_endpoint():
    try:
        user = authenticate(request.headers.get('Authorization'))
        check_admin_permission(user)
    except (AuthenticationError, PermissionError):
        abort(403)  # Fail closed - deny access

    return {'data': get_admin_data()}
```

Learn more: https://shoulder.dev/learn/python/cwe-755/failing-open
- **Missing Exception Handling in Critical Operations** [MEDIUM]: Detects critical operations (database, file I/O, network calls, external APIs)
that lack proper exception handling. Uncaught exceptions can crash the application,
leak sensitive information, or leave the system in an inconsistent state.
  - Remediation: Wrap database, file, network, and API operations in try/except blocks.

```python
import logging
import requests

logger = logging.getLogger(__name__)

def fetch_data(url):
    try:
        response = requests.get(url, timeout=5)
        response.raise_for_status()
        return response.json()
    except requests.RequestException as e:
        logger.error(f"Request failed: {e}")
        return None
```

Learn more: https://shoulder.dev/learn/python/cwe-755/uncaught-exception