保護DataHogo
Security Encyclopedia/Deployment Best Practices
lowCWE-778

No Health Check Endpoint

Without a /health endpoint, load balancers and orchestrators can't verify your application is actually working before routing traffic to it.

How It Works

Orchestrators (Kubernetes, ECS, Railway) use health check endpoints to determine whether a container is ready to receive traffic. Without one, a newly deployed container that failed to connect to the database receives live traffic immediately, returning errors to real users instead of being held back as unhealthy.

Vulnerable Code
// BAD: no health check endpoint — orchestrator has no way to verify app health
// No /health route defined anywhere in the app
// Load balancer checks port 3000 is open — but app may be broken internally
Secure Code
// GOOD: /health endpoint checks real application dependencies
app.get('/health', async (req, res) => {
  try {
    await db.raw('SELECT 1'); // verify database connection
    res.json({ status: 'ok', version: process.env.APP_VERSION });
  } catch (err) {
    res.status(503).json({ status: 'error', message: 'Database unavailable' });
  }
});

Real-World Example

A common deployment failure pattern: new version deploys with a broken database migration, the health check never detects it because there is none, and 100% of users hit the broken version for several minutes before someone manually rolls back.

How to Prevent It

  • Implement a GET /health endpoint in every service
  • Have the health endpoint check actual dependencies — database connectivity, cache availability
  • Return HTTP 200 for healthy, HTTP 503 for unhealthy — this is what load balancers expect
  • Keep the health endpoint lightweight and exclude it from authentication and rate limiting

Affected Technologies

Node.js

Data Hogo detects this vulnerability automatically.

Scan Your Repo Free

Related Vulnerabilities

NODE_ENV Not Set to Production

medium

Running Node.js without NODE_ENV=production enables verbose error messages, disables caching optimizations, and can activate development-only middleware.

CWE-16A05:2021

Debug Mode Active in Production

medium

Debug mode enabled in production exposes internal state, enables verbose logging, and sometimes activates interactive debugging endpoints that attackers can exploit.

CWE-215A05:2021

No Error Monitoring

low

Without error monitoring, production errors are invisible until a user reports them — which most never do.

CWE-778A09:2021

Dev Environment Variables in Production

high

Using development credentials (test API keys, local database URLs, sandbox payment keys) in production puts real users at risk.

CWE-547A05:2021