Why This Issue Is Important
In an Apigee proxy, when a policy has the continueOnError attribute set to true, the proxy flow continues to execute even if the policy encounters an error. While this can be useful in some scenarios, it can lead to unintended consequences if the errors are not properly handled later in the flow. Specifically, if the policy sets a failure variable (e.g., policy_name.failed), this variable should be checked in subsequent steps to ensure that any errors are addressed.
Failing to validate these error variables can result in the proxy executing under unexpected conditions, potentially leading to incorrect responses, security vulnerabilities, or service outages. This violates the principle of failing securely, which requires that applications handle faults in a way that does not compromise the integrity or security of the system.
How This Issue Is Detected
CodeSent detects this issue by analyzing the use of the continueOnError attribute in policies and checking whether the resulting failure variables are properly validated later in the proxy flow.
CodeSent scans the proxy configuration to find any policies where continueOnError is set to true. For each of these policies, CodeSent checks if a failure variable (e.g., *.failed) is set.
The tool then checks subsequent steps in the flow to see if these failure variables are validated or used in conditions.
If no validation is found, the policy is flagged as a potential risk, especially if the environment is not designated as a development or sandbox environment.
How to Fix the Issue
To fix this issue, you should ensure that any error variables set by policies with continueOnError=true are properly validated later in the flow.