测试版 Shoulder 目前处于测试阶段 — 结果有时可能不正确。您的反馈塑造我们接下来要修复的内容。 分享反馈
Shoulder.dev

开发者威胁情报
⚠️

Improper Handling of Exceptional Conditions

🛡️ 4 条规则检测到此问题

Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

When exceptional conditions are not properly handled, the product may enter an undefined state, crash, or expose sensitive information. This can lead to denial of service, information disclosure, or unexpected behavior.

普遍性
覆盖 3 种语言
影响
1 条严重级别为高的规则
预防
已记录
4 个修复示例
2 预防
2 预防

如何修复此漏洞

基于 4 条 Shoulder 检测规则的 Improper Handling of Exceptional Conditions 预防策略。

🐹 Go 查看全部 Go 详情 →
Incomplete Error Handling MEDIUM

Always check error return values before using other results

+2 -2 go 
  result, err := process()
- if result == nil {
-     return
+ if err != nil {
+     return fmt.Errorf("process failed: %w", err)
  }
  useResult(result)
🟨 JavaScript 查看全部 JavaScript 详情 →
Resource Exhaustion via Exception Handling MEDIUM

Use finally blocks to release resources (connections, file handles) on all code paths

+8 -4 javascript 
- const connection = await pool.getConnection();
- const result = await connection.query(sql);
- connection.release();
- return result;
+ let connection;
+ try {
+   connection = await pool.getConnection();
+   const result = await connection.query(sql);
+   return result;
+ } finally {
+   if (connection) await connection.release();
+ }
🐍 Python 查看全部 Python 详情 →
Security Check Failing Open HIGH

Return error responses when security checks fail instead of continuing execution

+8 -8 python 
- from flask import request
- 
- @app.route('/api/admin')
- def admin_data():
-     try:
-         user = authenticate(request.headers.get('Authorization'))
-     except Exception:
-         pass  # Auth failed but continues
+ from flask import request, abort
+ 
+ @app.route('/api/admin')
+ def admin_data():
+     try:
+         user = authenticate(request.headers.get('Authorization'))
+     except Exception:
+         abort(403)
      return {'admin_data': get_sensitive_data()}
Missing Exception Handling in Critical Operations MEDIUM

Wrap database, file, network, and API operations in try/except with proper logging

+13 -5 python 
- import requests
- 
- def fetch_data(url):
-     response = requests.get(url)
-     return response.json()
+ import logging
+ import requests
+ 
+ logger = logging.getLogger(__name__)
+ 
+ def fetch_data(url):
+     try:
+         response = requests.get(url, timeout=5)
+         response.raise_for_status()
+         return response.json()
+     except requests.RequestException as e:
+         logger.error(f"Request failed: {e}")
+         return None
3 检测
3 检测

查找代码中的漏洞

使用Shoulder扫描代码中的Improper Handling of Exceptional Conditions模式。 4 规则.

终端
# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=755

# Or scan entire project
npx @shoulderdev/cli trust .

检测规则 (4)

4 警告信号
4 警告信号

代码审查中需要关注的内容

这些模式表明潜在的Improper Handling of Exceptional Conditions漏洞。在代码审查和安全审计中注意查找。

🟠
security checks (authentication, authorization, validation) inside try/except blocks that return suc python-failing-open
🟡
Resource at ... may not be released when exceptions occur javascript-resource-exhaustion-exceptions
🟡
code that allocates resources (files, connections, memory) within try blocks but fails to release th javascript-resource-exhaustion-exceptions
🟡
critical operations (database, file I/O, network calls, external APIs) that lack proper exception ha python-uncaught-exception
🔍

扫描你的代码库: Improper Handling of Exceptional Conditions

Shoulder CLI 在整个代码库中找到易受攻击的模式。

npx shoulder trust 浏览所有规则