Unchecked Error Condition (CWE-391) - Security Vulnerability

Unchecked Error Condition

The product does not properly check when a function or operation returns a value that is associated with an error condition.

When error conditions are not checked, the application may continue with invalid or unexpected state, potentially leading to crashes, data corruption, or security vulnerabilities.

Prevalence

Medium

3 languages covered

Impact

High

1 high-severity rules

Prevention

Documented

3 fix examples

2 Prevention

How to fix this vulnerability

Prevention strategies for Unchecked Error Condition based on 3 Shoulder detection rules.

🐹 Go View all Go details →

Empty Error Handling LOW

Log or return errors instead of silently swallowing them

+2 -0 go

  _, err := db.Exec("DELETE FROM sessions WHERE expired = true")
  if err != nil {
+     log.Printf("session cleanup failed: %v", err)
+     return err
  }

🟨 JavaScript View all JavaScript details →

Unhandled Promise Rejection HIGH

Always handle promise rejections with .catch() or try/catch in async functions

+7 -2 javascript

  app.post('/create', async (req, res) => {
-   const user = await User.create(req.body);
-   res.json(user);
+   try {
+     const user = await User.create(req.body);
+     res.json(user);
+   } catch (error) {
+     logger.error('User creation failed:', error);
+     res.status(500).json({ error: 'Could not create user' });
+   }
  });

🐍 Python View all Python details →

Empty Exception Handler MEDIUM

Log exceptions or handle them explicitly instead of silently swallowing with pass

+11 -6 python

- def get_data():
-     try:
-         data = fetch_sensitive_data()
-         return {'data': data}
-     except:
-         pass
+ import logging
+ 
+ logger = logging.getLogger(__name__)
+ 
+ def get_data():
+     try:
+         data = fetch_sensitive_data()
+         return {'data': data}
+     except Exception as e:
+         logger.error(f"Failed to fetch data: {e}", exc_info=True)
+         return {'error': 'Data unavailable'}, 500

3 Detection

Find vulnerabilities in your code

Use Shoulder to scan your codebase for Unchecked Error Condition patterns. 3 rules.

terminal

# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=391

# Or scan entire project
npx @shoulderdev/cli trust .

Detection Rules (3)

🐹 Go 1 rules

Empty Error Handling LOW

Error check block is empty, silently swallowing errors.

🟨 Javascript 1 rules

Unhandled Promise Rejection HIGH

Detects promises that are created or called without proper rejection handlers. Unhandled promise rejections can cause application crashes, expose sensitive error information, and lead to inconsistent application state. In Node.js, unhandled promise rejections will terminate the process in future versions, making this a critical reliability and security issue.

🔷 Typescript 1 rules

Unhandled Promise Rejection HIGH

🐍 Python 1 rules

Empty Exception Handler MEDIUM

Detects empty except blocks that silently swallow exceptions. This can hide security-critical errors, authentication failures, or data validation issues.

4 Warning Signs

What to watch for in code reviews

These patterns indicate potential Unchecked Error Condition vulnerabilities. Look for these during code reviews and security audits.

🟠

Promise at ... lacks rejection handler (.catch or try-catch) javascript-unhandled-promise-rejection

🟠

promises that are created or called without proper rejection handlers javascript-unhandled-promise-rejection

🟡

empty except blocks that silently swallow exceptions python-empty-except-block

🔍

Scan your codebase for Unchecked Error Condition

Shoulder CLI finds vulnerable patterns across your entire codebase.

npx shoulder trust Browse all rules