# Improper Check for Unusual or Exceptional Conditions (CWE-754)

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

- Prevalence: Medium 1 language covered
- Impact: High 1 high-severity rules
- Prevention: Documented 1 fix examples

**OWASP:** Insecure Design (A04:2021-Insecure Design) - #4

## Description

Failing to check for error conditions, return values, or exceptional cases can lead to undefined behavior, crashes, or security vulnerabilities when these conditions occur.

## Prevention

Prevention strategies for Improper Check for Unusual Conditions based on 1 Shoulder detection rules.

### Node.js

Use multi-phase migrations with data backup before destructive DDL operations like DROP TABLE or DROP COLUMN

## Warning Signs

- [HIGH] Migration contains potentially destructive operation: .... Add safety checks and data preservation logic.

## Consequences

- DoS
- Execute Unauthorized Code
- Read Application Data

## Mitigations

- Check all return values and error conditions
- Handle edge cases and exceptional conditions explicitly
- Use defensive programming practices

## Detection

- Total rules: 1
- Languages: javascript, typescript

## Rules by Language

### Javascript (1 rules)

- **TypeORM Unsafe Database Migration** [HIGH]: Unsafe migrations with DROP TABLE/COLUMN operations without backups cause permanent
data loss and application crashes from schema mismatches.
  - Remediation: Backup data before destructive operations and use multi-phase migrations.

```typescript
export class SafeColumnRemoval implements MigrationInterface {
  public async up(queryRunner: QueryRunner): Promise<void> {
    // Backup before dropping
    await queryRunner.query(`
      CREATE TABLE "user_email_backup" AS
      SELECT id, email FROM "user"
    `);
    await queryRunner.dropColumn('user', 'email');
  }
}
```

Learn more: https://shoulder.dev/learn/typescript/cwe-754/unsafe-migration

### Typescript (1 rules)

- **TypeORM Unsafe Database Migration** [HIGH]: Unsafe migrations with DROP TABLE/COLUMN operations without backups cause permanent
data loss and application crashes from schema mismatches.
  - Remediation: Backup data before destructive operations and use multi-phase migrations.

```typescript
export class SafeColumnRemoval implements MigrationInterface {
  public async up(queryRunner: QueryRunner): Promise<void> {
    // Backup before dropping
    await queryRunner.query(`
      CREATE TABLE "user_email_backup" AS
      SELECT id, email FROM "user"
    `);
    await queryRunner.dropColumn('user', 'email');
  }
}
```

Learn more: https://shoulder.dev/learn/typescript/cwe-754/unsafe-migration