Apigeelint is a Static code analysis tool for Apigee Proxy and SharedFlow bundles to encourage API developers to use best practices and avoid anti-patterns.
This repo contains a set of External Plugins for apigeelint that can help identify potential API misconfigurations by checking whether proxies contain required policies.
The following rules are currently available:
| Code | Name | Description |
|---|---|---|
| EX-BN001 | MisconfigurationCheckAuth | Check for the presence of OAuthV2 and/or VerifyAPIKey policies in each Proxy Endpoint's PreFlow |
| EX-BN002 | MisconfigurationCheckCORS | Check for the presence of a CORS policy in each Proxy Endpoint's PreFlow |
| EX-BN003 | MisconfigurationCheckThreat | Check for the presence of JSONThreatProtection and/or XMLThreatProtection policies in each Proxy Endpoint's PreFlow |
| EX-BN004 | MisconfigurationCheckMediation | Check for the presence of OASValidation and/or MessageValidation policies in each Proxy Endpoint's PreFlow |
| EX-PF001 | RequirePoliciesPreFlowRequest | Check for the presence of a set of specific named policies in each Proxy Endpoint's PreFlow. This can be used to enforce a naming convention for policies in addition to requiring the policy type |
| EX-PF002 | RequireSharedFlowPreFlowRequest | Check for the usage of specific Shared Flow Bundles called from FlowCallout policies in each Proxy Endpoint's PreFlow |
These plugins require apigeelint to be installed. This can be installed using the command:
npm install --location=global apigeelint
See https://www.npmjs.com/package/apigeelint for additional details.
To use, clone or download this repository and run apigeelint with the -x or --externalPluginsDirectory option to specify the relative or full path to the externalPlugins directory from this repo, e.g.
apigeelint -x ./externalPlugins -s path/to/your/apiproxy -f table.js
If you are using VScode, then you can also use these plugins with the Apigeelint 4 VS Code extension by selecting the following extension setting:
apigeelint.externalPluginsDirectory: Full path to an external plugins directory (default: none)
None yet!
The BN001-BN004 plugins check for presence of the policies in the PreFlow, but do not check whether they are potentially excluded via a <Condition/> clause
The BN001-BN004 plugins don't take into account policies included in Shared Flow Bundles.
The PF002 plugin does not check for Shared Flow Bundles automatically attached through the use of Flow Hooks
If you find issues, file a ticket here on Github. Keep in mind that there is no service level agreement (SLA) for responses to these issues. Assume all responses are on an ad-hoc, volunteer basis.
If you simply have questions, we recommend asking on the Apigee forum on GoogleCloudCommunity. Apigee experts regularly check that forum.
Apigee customers should use formal support channels for Apigee product related concerns.
This material is Copyright (c) 2023 Google LLC. and is licensed under the Apache 2.0 License.
These plugins do not form part of Apigee or any other officially supported Google Product.