JSONThreatProtection not working as expected

arunprasath25 · 05-31-2018 09:37 AM

I sent in a JSON payload that I think should trigger the JSONThreatProtection policy. The policy is not flagging an error. Why?

As you can see, in my configuration I used 3 as my objectEntrycount. I didn't receive the expected error. @Anil Sagar can you help?

rmishra

A couple of things to check:

- When you run trace, did the policy apply?

- The content-type of the request that you sent? Can you confirm its application/json

dchiesa1

I suspect the reason the policy is not triggering an error is that your Content-Type header is not set to application/json. For example, check this out:

$ curl -i https://$ORG-$ENV.apigee.net/jtp-1/t1 -d '{
  "json" : "hello",
  "hello": "world",
  "hello1": "world",
  "hello2": "world",
  "hello3": "world",
  "hello4": "world",
  "hello5": "world"
}'

HTTP/1.1 200 OK
Date: Thu, 31 May 2018 20:23:07 GMT
Content-Type: application/json
Content-Length: 23
Connection: keep-alive


{
    "status" : "ok"
}

Now, I'll send the same request, but set the Content-Type header:

$ curl -i https://$ORG-$ENV.apigee.net/jtp-1/t1 -d '{
  "json" : "hello",
  "hello": "world",
  "hello1": "world",
  "hello2": "world",
  "hello3": "world",
  "hello4": "world",
  "hello5": "world"
}' -H content-type:application/json 

HTTP/1.1 500 Internal Server Error
Date: Thu, 31 May 2018 20:23:23 GMT
Content-Type: application/json
Content-Length: 251
Connection: keep-alive


{"fault":{"faultstring":"JSONThreatProtection[JSONThreatProtection-1]: Execution failed. reason: JSONThreatProtection[JSONThreatProtection-1]: Exceeded object entry count at line 5","detail":{"errorcode":"steps.jsonthreatprotection.ExecutionFailed"}}}

This is the defined, documented behavior.

Please check your header to see if that is the problem you're having.