Why This Issue Is Important
In an Apigee proxy, the ServiceCallout policy is used to make HTTP requests to external services. When the policy uses the general "request" object as the request variable, it means that the entire user-controlled request is forwarded to the external service. This can lead to request pollution, where unintended or malicious data from the original client request is included in the service callout, potentially causing unexpected behavior in the proxy flow and in the external service.
Using the default "request" object can expose the system to security risks, such as injection attacks or unintentional data leakage, as the data sent to the external service might include sensitive information or malformed inputs that should have been filtered or transformed first.
How This Issue Is Detected
CodeSent identifies this issue by analyzing the ServiceCallout policy to check if it uses the general "request" object as the basis for the service callout. If the policy uses the default "request," "response," or "message" objects, CodeSent flags this as a potential security risk.
How to Fix the Issue
To fix this issue, you should change the request variable in the ServiceCallout policy to a more specific variable that only includes the necessary data for the service callout.
If your ServiceCallout policy currently looks like this:
<ServiceCallout name="ServiceCallout-GeocodingRequest1">
<DisplayName>Inline request message</DisplayName>
<Request variable="request">
<Set>
<QueryParams>
<QueryParam name="address">{request.queryparam.postalcode}</QueryParam>
<QueryParam name="region">{request.queryparam.country}</QueryParam>
<QueryParam name="sensor">false</QueryParam>
</QueryParams>
</Set>
</Request>
<Response>GeocodingResponse</Response>
<Timeout>30000</Timeout>
<HTTPTargetConnection>
<URL>https://maps.googleapis.com/maps/api/geocode/json</URL>
</HTTPTargetConnection>
</ServiceCallout>
You should change the Request variable to something more controlled, such as:
<Request variable="geocodeRequest">