Improper Handling of Exceptional Conditions
Description
Calling `unwrap` or `expect` in a function returning a `Result` can lead to improper handling of exceptional conditions, potentially causing the program to panic or crash.
Examples
Insecure Code
rust
fn example() -> Result<i32, &str> { 2.unwrap(); Ok(1) }Secure Code
rust
fn example() -> Result<i32, &str> { let value = 2; if let Some(v) = value { Ok(v) } else { Err("error") } }Remediation
Use proper error handling mechanisms, such as matching or if-let statements, to handle potential errors when calling functions that return a `Result`.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0207 |
| Category | ErrorHandling |
| Severity | MEDIUM |
| CWE | CWE-755 |
| Confidence | HIGH |
| Impact | LOW |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | rust, error handling |
| OWASP | N/A |