We often don’t pay sufficient importance to code review in MuleSoft projects due to tight delivery schedules, limited budgets or lack of expertise. Do you know that it is 30x more expensive to fix an issue in Production compared to Development?
Here is a fun exercise for you. Below code contains a number of violations of Mule and Security best practices. How many of these can you spot? List the issues you can spot in the comments. We will publish the complete list of issues next week.
<?xml version="1.0" encoding="UTF-8"?>
<mule xmlns:tls="http://www.mulesoft.org/schema/mule/tls" xmlns:ee="http://www.mulesoft.org/schema/mule/ee/core" xmlns:doc="http://www.mulesoft.org/schema/mule/documentation" xmlns:db="http://www.mulesoft.org/schema/mule/db" xmlns="http://www.mulesoft.org/schema/mule/core" xmlns:apikit="http://www.mulesoft.org/schema/mule/mule-apikit" xmlns:http="http://www.mulesoft.org/schema/mule/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/current/mule.xsd http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd http://www.mulesoft.org/schema/mule/mule-apikit http://www.mulesoft.org/schema/mule/mule-apikit/current/mule-apikit.xsd
http://www.mulesoft.org/schema/mule/db http://www.mulesoft.org/schema/mule/db/current/mule-db.xsd
http://www.mulesoft.org/schema/mule/ee/core http://www.mulesoft.org/schema/mule/ee/core/current/mule-ee.xsd
http://www.mulesoft.org/schema/mule/tls http://www.mulesoft.org/schema/mule/tls/current/mule-tls.xsd">
<http:listener-config name="sample-service-httpListenerConfig">
<http:listener-connection host="0.0.0.0" port="8081" >
<tls:context >
<tls:trust-store type="pkcs12" />
<tls:key-store type="jks" path="test.jks" alias="test" keyPassword="Test@123" password="Test@123" />
</tls:context>
</http:listener-connection>
</http:listener-config>
<apikit:config name="sample-service-config" api="sample-service.raml" outboundHeadersMapName="outboundHeaders" httpStatusVarName="httpStatus" />
<http:request-config name="HTTP_Request_configuration" doc:name="HTTP Request configuration" doc:id="a9a5e58e-565a-431a-8c90-9f4b078af30d" >
<http:request-connection host="httpbin" port="443" >
<tls:context >
<tls:trust-store insecure="true" />
</tls:context>
<http:proxy-config >
<http:proxy />
</http:proxy-config>
</http:request-connection>
</http:request-config>
<flow name="sample-service-main">
<http:listener config-ref="sample-service-httpListenerConfig" path="/api/*">
<http:response statusCode="#[vars.httpStatus default 200]">
<http:headers>#[vars.outboundHeaders default {}]</http:headers>
</http:response>
<http:error-response statusCode="#[vars.httpStatus default 500]">
<http:body>#[payload]</http:body>
<http:headers>#[vars.outboundHeaders default {}]</http:headers>
</http:error-response>
</http:listener>
<apikit:router config-ref="sample-service-config" />
<error-handler>
<on-error-propagate type="APIKIT:BAD_REQUEST">
<ee:transform xmlns:ee="http://www.mulesoft.org/schema/mule/ee/core" xsi:schemaLocation="http://www.mulesoft.org/schema/mule/ee/core http://www.mulesoft.org/schema/mule/ee/core/current/mule-ee.xsd">
<ee:message>
<ee:set-payload><![CDATA[%dw 2.0
output application/json
---
{message: "Bad request"}]]></ee:set-payload>
</ee:message>
<ee:variables>
<ee:set-variable variableName="httpStatus">400</ee:set-variable>
</ee:variables>
</ee:transform>
</on-error-propagate>
<on-error-propagate type="APIKIT:NOT_FOUND">
<ee:transform xmlns:ee="http://www.mulesoft.org/schema/mule/ee/core" xsi:schemaLocation="http://www.mulesoft.org/schema/mule/ee/core http://www.mulesoft.org/schema/mule/ee/core/current/mule-ee.xsd">
<ee:message>
<ee:set-payload><![CDATA[%dw 2.0
output application/json
---
{message: "Resource not found"}]]></ee:set-payload>
</ee:message>
<ee:variables>
<ee:set-variable variableName="httpStatus">404</ee:set-variable>
</ee:variables>
</ee:transform>
</on-error-propagate>
<on-error-propagate type="APIKIT:METHOD_NOT_ALLOWED">
<ee:transform xmlns:ee="http://www.mulesoft.org/schema/mule/ee/core" xsi:schemaLocation="http://www.mulesoft.org/schema/mule/ee/core http://www.mulesoft.org/schema/mule/ee/core/current/mule-ee.xsd">
<ee:message>
<ee:set-payload><![CDATA[%dw 2.0
output application/json
---
{message: "Method not allowed"}]]></ee:set-payload>
</ee:message>
<ee:variables>
<ee:set-variable variableName="httpStatus">405</ee:set-variable>
</ee:variables>
</ee:transform>
</on-error-propagate>
<on-error-propagate type="APIKIT:NOT_ACCEPTABLE">
<ee:transform xmlns:ee="http://www.mulesoft.org/schema/mule/ee/core" xsi:schemaLocation="http://www.mulesoft.org/schema/mule/ee/core http://www.mulesoft.org/schema/mule/ee/core/current/mule-ee.xsd">
<ee:message>
<ee:set-payload><![CDATA[%dw 2.0
output application/json
---
{message: "Not acceptable"}]]></ee:set-payload>
</ee:message>
<ee:variables>
<ee:set-variable variableName="httpStatus">406</ee:set-variable>
</ee:variables>
</ee:transform>
</on-error-propagate>
<on-error-propagate type="APIKIT:UNSUPPORTED_MEDIA_TYPE">
<ee:transform xmlns:ee="http://www.mulesoft.org/schema/mule/ee/core" xsi:schemaLocation="http://www.mulesoft.org/schema/mule/ee/core http://www.mulesoft.org/schema/mule/ee/core/current/mule-ee.xsd">
<ee:message>
<ee:set-payload><![CDATA[%dw 2.0
output application/json
---
{message: "Unsupported media type"}]]></ee:set-payload>
</ee:message>
<ee:variables>
<ee:set-variable variableName="httpStatus">415</ee:set-variable>
</ee:variables>
</ee:transform>
</on-error-propagate>
<on-error-propagate type="APIKIT:NOT_IMPLEMENTED">
<ee:transform xmlns:ee="http://www.mulesoft.org/schema/mule/ee/core" xsi:schemaLocation="http://www.mulesoft.org/schema/mule/ee/core http://www.mulesoft.org/schema/mule/ee/core/current/mule-ee.xsd">
<ee:message>
<ee:set-payload><![CDATA[%dw 2.0
output application/json
---
{message: "Not Implemented"}]]></ee:set-payload>
</ee:message>
<ee:variables>
<ee:set-variable variableName="httpStatus">501</ee:set-variable>
</ee:variables>
</ee:transform>
</on-error-propagate>
</error-handler>
</flow>
<flow name="sample-service-console">
<http:listener config-ref="sample-service-httpListenerConfig" path="/console/*">
<http:response statusCode="#[vars.httpStatus default 200]">
<http:headers>#[vars.outboundHeaders default {}]</http:headers>
</http:response>
<http:error-response statusCode="#[vars.httpStatus default 500]">
<http:body>#[payload]</http:body>
<http:headers>#[vars.outboundHeaders default {}]</http:headers>
</http:error-response>
</http:listener>
<apikit:console config-ref="sample-service-config" />
<error-handler>
<on-error-propagate type="APIKIT:NOT_FOUND">
<ee:transform xmlns:ee="http://www.mulesoft.org/schema/mule/ee/core" xsi:schemaLocation="http://www.mulesoft.org/schema/mule/ee/core http://www.mulesoft.org/schema/mule/ee/core/current/mule-ee.xsd">
<ee:message>
<ee:set-payload><![CDATA[%dw 2.0
output application/json
---
{message: "Resource not found"}]]></ee:set-payload>
</ee:message>
<ee:variables>
<ee:set-variable variableName="httpStatus">404</ee:set-variable>
</ee:variables>
</ee:transform>
</on-error-propagate>
</error-handler>
</flow>
<flow name="get:\health:sample-service-config">
<logger level="INFO"/>
</flow>
<flow name="post:\orders\data:application\json:sample-service-config">
<logger level="INFO" message="#[payload.password]" />
<logger level="WARN" doc:name="Logger" doc:id="3a1dc3c0-c39c-43ff-9b5b-f7b3bea208be" message="#[payload.newPassword]"/>
<db:select doc:name="Select" doc:id="6210d100-09a2-4a2b-b7e4-bbb9216540ac" >
<db:sql ><![CDATA[select * from orders where name like #[vars.searchQuery]]]></db:sql>
</db:select>
<ee:transform doc:name="Transform Message" doc:id="dbba3d40-4d35-487e-865d-040c9d242017" >
<ee:message >
<ee:set-payload ><![CDATA[%dw 2.0
output application/json
---
payload]]></ee:set-payload>
</ee:message>
</ee:transform>
<http:request method="GET" doc:name="Request" doc:id="33eced1d-accd-45ec-9aa6-facd4f0c16c4" config-ref="HTTP_Request_configuration"/>
<ee:transform doc:name="Transform Message" doc:id="1abfe99c-521b-4315-9e27-b5d27cc8cd2c" >
<ee:message >
<ee:set-payload ><![CDATA[%dw 2.0
output application/json
---
{
order: {
'type': 'Tutorial',
'title': payload.title,
'author': upper(payload.author),
'year': payload.year
}
}]]></ee:set-payload>
</ee:message>
</ee:transform>
<foreach doc:name="For Each" doc:id="453c490d-faea-4efd-b927-3c46f2b59f6b" >
<ee:transform doc:name="Transform Message" doc:id="7e6713b2-8936-4d16-8d1c-13682c51188c" >
<ee:message >
<ee:set-payload ><![CDATA[%dw 2.0
output application/java
---
{
}]]></ee:set-payload>
</ee:message>
</ee:transform>
<foreach doc:name="For Each" doc:id="a64c9990-7be7-40fe-9b8b-d5e5a34c0d2c" >
<ee:transform doc:name="Transform Message" doc:id="0066adb5-be3d-48fb-90bb-6c74fb24b266">
<ee:message>
<ee:set-payload><![CDATA[%dw 2.0
output application/java
---
{
}]]></ee:set-payload>
</ee:message>
</ee:transform>
</foreach>
</foreach>
</flow>
</mule>Want to try this plugin?
✒️ https://integralzone.com/contact/ for a 30-day free trial.
More details:
🔎 https://docs.integralzone.com/iz-analyzer/1.0.0/about/about.html
🔎 https://analyzer.integralzone.com/
