# Security Check Failing Open

- ID: python-failing-open
- Severity: HIGH
- CWE: CWE-755 (CWE-755)
- Languages: Python
- Frameworks: django, flask, fastapi

## Description

Detects security checks (authentication, authorization, validation) inside
try/except blocks that return success on exception. This causes the system
to "fail open" - granting access when security checks fail.

## Remediation

Return an error response when security checks fail instead of continuing execution.

```python
from flask import request, abort

@app.route('/api/admin')
def admin_endpoint():
    try:
        user = authenticate(request.headers.get('Authorization'))
        check_admin_permission(user)
    except (AuthenticationError, PermissionError):
        abort(403)  # Fail closed - deny access

    return {'data': get_admin_data()}
```

Learn more: https://shoulder.dev/learn/python/cwe-755/failing-open

## Documentation

[object Object]

## Related Rules

- **Incomplete Error Handling** [MEDIUM]: 
- **Resource Exhaustion via Exception Handling** [MEDIUM]: 
- **Missing Exception Handling in Critical Operations** [MEDIUM]: