Insecure Quota configuration

Severity
High
Applies to
Step
Links
CWE-770

Why This Issue Is Important

In Apigee proxies, the Quota policy is used to control the rate at which clients can access the API, limiting the number of requests they can make within a specified time frame. If the Quota policy is configured using identifiers that are under the user's control (e.g., request.header.*, request.queryparam.*), it opens up the possibility for users to manipulate these identifiers to bypass the intended rate limits. This can lead to unauthorized access, overuse of resources, or denial of service for other users.

To maintain secure API access, it's crucial to use identifiers that are not easily manipulated by end-users, such as client.ip or other server-side identifiers that are out of the user's control. This ensures that the quota limits are applied correctly and cannot be circumvented.

How This Issue Is Detected

CodeSent detects this issue by analyzing the Quota policy within the proxy to identify if any user-controlled identifiers are being used.

CodeSent scans the Quota policy configuration to identify the identifiers used in the policy (e.g., Identifier, Allow, TimeUnit, etc.). 

The tool checks if these identifiers reference variables that are controlled by the user. 

If any user-controlled variables are detected, CodeSent flags this as a potential security risk.

How to Fix the Issue

To fix this issue, you should replace user-controlled identifiers with server-controlled identifiers, like identifiers bound to user's access token, in the Quota policy.