ServiceCallout policy uses default message object as a response

Severity
Medium
Applies to
ServiceCallout
Links
CWE-200

Why This Issue Is Important

In an Apigee proxy, the ServiceCallout policy is used to make HTTP requests to external services. When the policy uses the general "response" object as the response variable, it means that the default response flow variable will be populated with a response from callout system. This can lead to side-effects, potentially causing unexpected behavior in the proxy flow.

How This Issue Is Detected

CodeSent identifies this issue by analyzing the ServiceCallout policy to check if it uses the general response object as the basis for the service callout. If the policy uses the default "request," "response," or "message" objects, CodeSent flags this as a potential security risk.

How to Fix the Issue

To fix this issue, you should change the response variable in the ServiceCallout policy to a more specific variable that only includes the necessary data for the service callout.

If your ServiceCallout policy currently looks like this:

<ServiceCallout name="ServiceCallout-GeocodingRequest1">
    <DisplayName>Inline request message</DisplayName>
    <Request variable="geocodeRequest">
      <Set>
        <QueryParams>
          <QueryParam name="address">{request.queryparam.postalcode}</QueryParam>
          <QueryParam name="region">{request.queryparam.country}</QueryParam>
          <QueryParam name="sensor">false</QueryParam>
        </QueryParams>
      </Set>
    </Request>
    <Response>response</Response>
    <Timeout>30000</Timeout>
    <HTTPTargetConnection>
      <URL>https://maps.googleapis.com/maps/api/geocode/json</URL>
    </HTTPTargetConnection>
</ServiceCallout>

You should change the Request variable to something more controlled, such as:

<Request variable="geocodeResponse">