MuleSoft applications may have weak access control policies, which could allow unauthorized access to sensitive data. Below RAML example shows a simple API using HTTPS protocol but without access control in place.
#%RAML 1.0
title: Sample Service
version: v1
mediaType: application/json
protocols:
- HTTPS
baseUri: /
/orders:
get:Integral Zone’s static code analyis plugin, IZ Analyzer, provides two out-of-the-box rules to automatically identify such security issues.
Rule Example(s):
A00014 - API SECURITY - API NOT secured by any security scheme
A00004 - API RESOURCE - API NOT secured by any security scheme
Above screeshot shows IZ Analyzer in action in Anypoint Studio. We can see that On The Fly Results identified API SECURITY issue and also provided an option to AutoFix this with a simple mouse click.
Want to try this plugin?
✒️ https://integralzone.com/contact/ for a 30-day free trial.
More details:
🔎 https://docs.integralzone.com/iz-analyzer/1.0.0/about/about.html
🔎 https://analyzer.integralzone.com/
