Unchecked Return Value (CWE-252) - Security Vulnerability

2 Prevention

How to fix this vulnerability

Prevention strategies for Unchecked Return Value based on 2 Shoulder detection rules.

🐹 Go View all Go details →

Unchecked Error Return Values MEDIUM

Replace blank identifier _ with err and check error return values

+4 -1 go

- data, _ := ioutil.ReadFile(path)
+ data, err := ioutil.ReadFile(path)
+ if err != nil {
+     return fmt.Errorf("failed to read %s: %w", path, err)
+ }
  process(data)

🟨 JavaScript View all JavaScript details →

Unchecked Return Value from Critical Operations HIGH

Always check return values from critical operations like password comparison and database writes

+4 -2 javascript

- bcrypt.compare(req.body.password, user.passwordHash);
- // Proceeds without checking the result
+ const isValid = await bcrypt.compare(req.body.password, user.passwordHash);
+ if (!isValid) {
+   return res.status(401).json({ error: 'Invalid credentials' });
+ }
  const token = generateToken(user);

3 Detection

Find vulnerabilities in your code

Use Shoulder to scan your codebase for Unchecked Return Value patterns. 2 rules.

terminal

# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=252

# Or scan entire project
npx @shoulderdev/cli trust .

Detection Rules (2)

🐹 Go 1 rules

Unchecked Error Return Values MEDIUM

Error return value ignored using blank identifier (_).

🟨 Javascript 1 rules

Unchecked Return Value from Critical Operations HIGH

Detects critical operations (file system, database, authentication) whose return values are not checked. Ignoring return values can lead to silent failures, data corruption, and security vulnerabilities. Critical operations that must have their return values checked include: - File system operations (write, delete, chmod) - Database operations (insert, update, delete) - Authentication/authorization checks - Cryptographic operations

🔷 Typescript 1 rules

Unchecked Return Value from Critical Operations HIGH

Detects critical operations (file system, database, authentication) whose return values are not checked. Ignoring return values can lead to silent failures, data corruption, and security vulnerabilities. Critical operations that must have their return values checked include: - File system operations (write, delete, chmod) - Database operations (insert, update, delete) - Authentication/authorization checks - Cryptographic operations

4 Warning Signs

What to watch for in code reviews

These patterns indicate potential Unchecked Return Value vulnerabilities. Look for these during code reviews and security audits.

🟠

Return value from ... at ... is not checked javascript-unchecked-return-value

🟠

critical operations (file system, database, authentication) whose return values are not checked javascript-unchecked-return-value

Unchecked Return Value