Policy is not linked to step

Severity
Info
Applies to
Proxy
Links
CWE-561

Why This Issue Is Important

In an Apigee proxy, policies are the building blocks that define how requests and responses are processed. If a policy is not linked to any step within the proxy flow, it becomes dead code—present in the configuration but never executed. This can lead to a loss of intended functionality, resulting in unreliable behavior of the proxy. Unused policies can also clutter the configuration, making it more challenging to maintain and understand.

Having unlinked policies might also indicate an error in the proxy’s design, where necessary functionality is not being applied, potentially leaving security gaps or causing the proxy to behave unpredictably.

How This Issue Is Detected

CodeSent detects this issue by analyzing the proxy configuration to identify policies that are defined but not linked to any step. It scans all the policies defined in the proxy configuration, checks if each policy is linked to any step within the proxy flow. Policies that are not connected to any step are considered unlinked and potentially dead code.

How to Fix the Issue

If a policy is not linked to any step in the flow, you have two options: remove the unused policy if the policy is unnecessary, or link the policy to a step, if the policy was intended to be used.