Unchecked Return Value
The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.
When return values are not checked, the program may continue execution in an error state or with incorrect data, potentially leading to security vulnerabilities.
普遍性
中
覆盖 2 种语言
影响
高
1 条严重级别为高的规则
预防
已记录
2 个修复示例
2 预防
2 预防
如何修复此漏洞
基于 2 条 Shoulder 检测规则的 Unchecked Return Value 预防策略。
Go
查看全部 Go 详情 →
Unchecked Error Return Values
MEDIUM
Replace blank identifier _ with err and check error return values
- data, _ := ioutil.ReadFile(path) + data, err := ioutil.ReadFile(path) + if err != nil { + return fmt.Errorf("failed to read %s: %w", path, err) + } process(data)
JavaScript
查看全部 JavaScript 详情 →
Unchecked Return Value from Critical Operations
HIGH
Always check return values from critical operations like password comparison and database writes
- bcrypt.compare(req.body.password, user.passwordHash); - // Proceeds without checking the result + const isValid = await bcrypt.compare(req.body.password, user.passwordHash); + if (!isValid) { + return res.status(401).json({ error: 'Invalid credentials' }); + } const token = generateToken(user);
3 检测
3 检测
查找代码中的漏洞
使用Shoulder扫描代码中的Unchecked Return Value模式。 2 规则.
# Scan with Shoulder CLI npx @shoulderdev/cli trust --cwe=252 # Or scan entire project npx @shoulderdev/cli trust .
检测规则 (2)
🐹
Go
1 rules
4 警告信号
4 警告信号
代码审查中需要关注的内容
这些模式表明潜在的Unchecked Return Value漏洞。在代码审查和安全审计中注意查找。
Return value from ... at ... is not checked
javascript-unchecked-return-value
critical operations (file system, database, authentication) whose
return values are not checked
javascript-unchecked-return-value