# Improper Handling of Exceptional Conditions (CWE-755)

The product does not handle or incorrectly handles an exceptional condition.

**Stack:** Python

- Prevalence: Medium 3 languages covered
- Impact: High 1 high-severity rules
- Prevention: Documented 4 fix examples

**OWASP:** Insecure Design (A04:2021-Insecure Design) - #4

## Description

When exceptional conditions are not properly handled, the product may enter an undefined state, crash, or expose sensitive information. This can lead to denial of service, information disclosure, or unexpected behavior.

## Prevention

Prevention strategies for Improper Handling of Exceptional Conditions based on 2 Shoulder detection rules.

### Python

Return error responses when security checks fail instead of continuing execution

Wrap database, file, network, and API operations in try/except with proper logging

## Warning Signs

- [HIGH] security checks (authentication, authorization, validation) inside
try/except blocks that return suc
- [MEDIUM] critical operations (database, file I/O, network calls, external APIs)
that lack proper exception ha

## Consequences

- DoS
- Read Application Data
- Execute Unauthorized Code

## Mitigations

- Anticipate all potential exceptional conditions and handle them appropriately
- Use try-catch blocks and proper error handling mechanisms
- Fail securely when an exception occurs

## Detection

- Total rules: 4
- Languages: go, javascript, typescript, python

## Rules by Language

### Python (2 rules)

- **Security Check Failing Open** [HIGH]: Detects security checks (authentication, authorization, validation) inside
try/except blocks that return success on exception. This causes the system
to "fail open" - granting access when security checks fail.
  - Remediation: Return an error response when security checks fail instead of continuing execution.

```python
from flask import request, abort

@app.route('/api/admin')
def admin_endpoint():
    try:
        user = authenticate(request.headers.get('Authorization'))
        check_admin_permission(user)
    except (AuthenticationError, PermissionError):
        abort(403)  # Fail closed - deny access

    return {'data': get_admin_data()}
```

Learn more: https://shoulder.dev/learn/python/cwe-755/failing-open
- **Missing Exception Handling in Critical Operations** [MEDIUM]: Detects critical operations (database, file I/O, network calls, external APIs)
that lack proper exception handling. Uncaught exceptions can crash the application,
leak sensitive information, or leave the system in an inconsistent state.
  - Remediation: Wrap database, file, network, and API operations in try/except blocks.

```python
import logging
import requests

logger = logging.getLogger(__name__)

def fetch_data(url):
    try:
        response = requests.get(url, timeout=5)
        response.raise_for_status()
        return response.json()
    except requests.RequestException as e:
        logger.error(f"Request failed: {e}")
        return None
```

Learn more: https://shoulder.dev/learn/python/cwe-755/uncaught-exception