Resource is not linked to a policy

Severity
Info
Applies to
Proxy
Links
CWE-561

Why This Issue Is Important

In an Apigee proxy, resources such as JavaScript files, XSLT files, or other assets are typically linked to policies that use them during the API flow. If a resource is not linked to any policy, it essentially becomes dead code—present in the proxy but never executed or utilized. This can lead to a loss of intended functionality, making the proxy less reliable and potentially causing unexpected behavior. Moreover, unused resources can clutter the proxy configuration, making it harder to maintain and understand.

How This Issue Is Detected

CodeSent detects this issue by analyzing the relationship between resources and policies within the proxy.

Identify All Resources

CodeSent first gathers all the resources defined in the proxy configuration.

Check Resource Usage

The tool then checks if each resource is linked to any policy within the proxy. It looks at all the policies to see if they reference the resource either directly or indirectly.

How to Fix the Issue

If your proxy configuration includes a resource, but this resource is not linked to any policy, you have two options: remove the unused resource or link the resource to a policy. This ensures that all resources in the proxy configuration serve a purpose, reducing the risk of functionality loss and making the proxy easier to maintain.