Solved: Regularexpression from JSONPayload

surbhi123 · 06-14-2022 12:08 AM

Hi All ,

I have a requirement where I have to apply regular threat protection Policy to protect the proxy from SQL injection, I have to put an ID in the request in array format (a Valid Json Format) but I am getting error from the Policy. I have attached the request, policy configuration and the response below. Please suggest me something.

dchiesa1

It looks like you're using Apigee Edge? The jsonpath library that is used within Apigee Edge is older, and does not handle arrays of strings well. (This has been fixed in Apigee X and hybrid)

I suggest that you don't use a JSONPath at all. In the policy configuration you showed, you are selecting on "*", that basically means "every field in the JSON".

So in that case, why not just apply the check against the variable "request.content"?

remove this:

<JSONPayload>
  <JSONPath>
    <Expression>*</Expression>
    <Pattern>(your pattern here)</Pattern>
  </JSONPath>
</JSONPayload>

add this:

<Variable name="request.content">
    <Pattern>(your pattern here)</Pattern>
</Variable>

View solution in original post

dchiesa1

It looks like you're using Apigee Edge? The jsonpath library that is used within Apigee Edge is older, and does not handle arrays of strings well. (This has been fixed in Apigee X and hybrid)

I suggest that you don't use a JSONPath at all. In the policy configuration you showed, you are selecting on "*", that basically means "every field in the JSON".

So in that case, why not just apply the check against the variable "request.content"?

remove this:

<JSONPayload>
  <JSONPath>
    <Expression>*</Expression>
    <Pattern>(your pattern here)</Pattern>
  </JSONPath>
</JSONPayload>

add this:

<Variable name="request.content">
    <Pattern>(your pattern here)</Pattern>
</Variable>