# Improper Handling of Exceptional Conditions (CWE-755)

The product does not handle or incorrectly handles an exceptional condition.

**Stack:** Go

- Prevalence: 中 覆盖 3 种语言
- Impact: 高 1 条严重级别为高的规则
- Prevention: 已记录 4 个修复示例

**OWASP:** Insecure Design (A04:2021-Insecure Design) - #4

## Description

When exceptional conditions are not properly handled, the product may enter an undefined state, crash, or expose sensitive information. This can lead to denial of service, information disclosure, or unexpected behavior.

## Prevention

基于 1 条 Shoulder 检测规则的 Improper Handling of Exceptional Conditions 预防策略。

### Go

Always check error return values before using other results

## Consequences

- 拒绝服务 (DoS)
- 读取应用程序数据
- 执行未授权代码

## Mitigations

- 预见所有潜在的异常情况并妥善处理
- 使用 try-catch 块和适当的错误处理机制
- 在发生异常时以安全的方式失败

## Detection

- Total rules: 4
- Languages: go, javascript, typescript, python

## Rules by Language

### Go (1 rules)

- **Incomplete Error Handling** [MEDIUM]: Function returns error but caller does not check err != nil.
  - Remediation: Check error return values before using other returned values.

```go
result, err := process()
if err != nil {
    return err
}
// Now safe to use result
```

Learn more: https://shoulder.dev/learn/go/cwe-755/incomplete-error-handling