I sent in a JSON payload that I think should trigger the JSONThreatProtection policy. The policy is not flagging an error. Why?
As you can see, in my configuration I used 3 as my objectEntrycount. I didn't receive the expected error. @Anil Sagar can you help?
A couple of things to check:
- When you run trace, did the policy apply?
- The content-type of the request that you sent? Can you confirm its application/json
I suspect the reason the policy is not triggering an error is that your Content-Type header is not set to application/json. For example, check this out:
$ curl -i https://$ORG-$ENV.apigee.net/jtp-1/t1 -d '{ "json" : "hello", "hello": "world", "hello1": "world", "hello2": "world", "hello3": "world", "hello4": "world", "hello5": "world" }' HTTP/1.1 200 OK Date: Thu, 31 May 2018 20:23:07 GMT Content-Type: application/json Content-Length: 23 Connection: keep-alive { "status" : "ok" }
Now, I'll send the same request, but set the Content-Type header:
$ curl -i https://$ORG-$ENV.apigee.net/jtp-1/t1 -d '{ "json" : "hello", "hello": "world", "hello1": "world", "hello2": "world", "hello3": "world", "hello4": "world", "hello5": "world" }' -H content-type:application/json HTTP/1.1 500 Internal Server Error Date: Thu, 31 May 2018 20:23:23 GMT Content-Type: application/json Content-Length: 251 Connection: keep-alive {"fault":{"faultstring":"JSONThreatProtection[JSONThreatProtection-1]: Execution failed. reason: JSONThreatProtection[JSONThreatProtection-1]: Exceeded object entry count at line 5","detail":{"errorcode":"steps.jsonthreatprotection.ExecutionFailed"}}}
This is the defined, documented behavior.
Please check your header to see if that is the problem you're having.
User | Count |
---|---|
2 | |
1 | |
1 | |
1 | |
1 |