MuleSoft applications may have weak access control policies, which could allow unauthorized access to sensitive data. Below RAML example shows a simple API using HTTPS protocol but without access control in place.
#%RAML 1.0 title: Sample Service version: v1 mediaType: application/json protocols: - HTTPS baseUri: / /orders: get:
Integral Zone’s static code analyis plugin, IZ Analyzer, provides two out-of-the-box rules to automatically identify such security issues.
Rule Example(s): A00014 - API SECURITY - API NOT secured by any security scheme A00004 - API RESOURCE - API NOT secured by any security scheme
Above screeshot shows IZ Analyzer in action in Anypoint Studio. We can see that On The Fly Results identified API SECURITY issue and also provided an option to AutoFix this with a simple mouse click.
Want to try this plugin?
✒️ https://integralzone.com/contact/ for a 30-day free trial.