Why This Issue Is Important
In an Apigee proxy, handling sensitive data such as personal information, financial details, or other confidential data requires strict adherence to security practices. When a masked flow variable (which is intended to protect the confidentiality of the data by masking it) is written into an unmasked variable, this protection is effectively removed. This action can lead to a data breach, as the sensitive data becomes exposed and accessible in its original, unprotected form.
How This Issue Is Detected
CodeSent scans the flow to identify variables that are marked as masked, indicating that they contain sensitive or confidential information.
The tool checks if these masked variables are being written into unmasked variables at any point in the flow
If a masked variable is found to be written into an unmasked variable, CodeSent flags this as a security risk.
How to Fix the Issue
To fix this issue, you should ensure that any variables that receive data from masked variables are also masked, maintaining the protection of sensitive data.