The `save_user()` that saves nothing: MISSING_WRITE bug in AI code

🎯 Try it live → AINAScan — paste your code, get a Vibe Score (0–100) with grade S🦄 to F-💣. Free, no signup.

---

This function looks completely reasonable:

def save_user(user_id: str, data: dict) -> dict:
    validated = validate_schema(data)
    sanitized = sanitize_input(validated)
    log.info(f"Saving user {user_id}")
    return {"status": "saved", "user_id": user_id}

It validates. It sanitizes. It logs. It returns a success response.

It saves absolutely nothing.

---

Why AI generates this

Language models are trained on code where save_user functions often validate input, call some DB function, and return a success response. When the model generates save_user, it produces the surrounding pattern — but sometimes skips the actual DB call. The function looks like it saves. The return value says it saved. Nothing was written to disk.

This is the MISSING_WRITE pattern:

• Function name contains save, store, insert, persist, or upsert
• No INSERT, UPDATE, or write operation anywhere in the body

---

Real-world impact

In production:

1. User submits form → save_user() called
2. Response: {"status": "saved"} ✅
3. User refreshes → data gone
4. Support ticket: "why does your app keep losing my data?"

The error never throws. The logs say "Saving user 123". The response is 200 OK.

---

Catch it before it ships

curl -X POST https://pleasing-transformation-production-90c2.up.railway.app/v1/scan \
  -H "X-API-Key: vg_free_test" \
  -F "file=@your_file.py"

{
  "kind": "MISSING_WRITE",
  "severity": "BLOCK",
  "line": 1,
  "detail": "save_user() contains no database write — possible stub or incomplete implementation"
}

GitHub CI: Moonsehwan/aina-vibeguard-action@v1 | Free key: vg_free_test

---

What's Your Vibe Score?

👉 AINAScan — Try it free

Paste any file. Get a score 0–100, a grade (S🦄 → F-💣), and a per-vulnerability roast.
Supports Python, JS, TS, Go, Ruby, Java, Kotlin, PHP, C/C++ · No signup · Instant results