- Syvizo API Management Platform
- Overview
- Getting Started
- Manage Users and Accesses
- Design APIs
- Publish API
- Collaborate
- Validate APIs
- Manage API Flows
- Flow Management
- API Flow Manager
- Policies
- Traffic Management
- Security
- Transformation
- Extension
- Insights
Handle RegEx Threat
When to use
Use this policy when you want to examine any part of the request such as header value, parameter value, body contents or a part of the body content for threats.
Details
Evaluates any part of the message such as Path, query parameter value, header value, body content or a part of body content and evaluates that content against regular expressions defined. If the part that is being evaluated matches the regular expression, then the message is considered to be risky.
A regular expression, often referred to as regex, is a collection of characters that define a pattern within a string. Regular expressions provide a way to programmatically analyze content and identify specific patterns. They are commonly employed to validate the structure of data, such as ensuring the proper formatting of an email address.
Handle RegEx Threat is frequently utilized for evaluating JSON and XML payloads to detect any malicious content. However, it is important to note that no single regular expression can completely eliminate all content-based attacks. It is recommended to adopt a multi layer security approach.
Here are some suggested patterns for filtering out unwanted content and enhancing security.
SQL Injection [\s]*((delete)|(exec)|(drop\s*table)|(insert)|(shutdown)|(update)|(\bor\b))
Server-Side Include Injection <!--#(include|exec|echo|config|printenv)\s+.*
XML encoded: <!--#(include|exec|echo|config|printenv)\s+.*
XPath Abbreviated Syntax Injection: (/(@?[\w_?\w:\*]+(\[[^]]+\])*)?)+
XPath Expanded Syntax Injection: /?(ancestor(-or-self)?|descendant(-or-self)?|following(-sibling))
JavaScript Injection: <\s*script\b[^>]*>[^<]+<\s*/\s*script\s*>
XML encoded: <\s*script\b[^>]*>[^<]+<\s*/\s*script\s*>
Java Exception Injection: .*?Exception in thread.*
Configuration
The configuration fields for the policy are:
[* Indicates a mandatory field]
Name *: Display name of the policy
Description: Description of policy
Enabled: Flag to indicate if the policy is enabled. If this field is not checked, the policy will be ignored at runtime and any fields from its output will contain a default initial value
Continue on Error: Flag to indicate that the flow should continue even if this policy throws an error
URI Path Pattern: The RegEx pattern which will be matched to the URI to evaluate threat
Query Param Pattern: The RegEx pattern which will be matched to the query parameters to evaluate threat
Header Pattern: The RegEx pattern which will be matched to the headers to evaluate threat
Form Param Pattern: The RegEx pattern which will be matched to the form parameters to evaluate threat
XML Part Pattern: The RegEx pattern which will be matched to the XML body or its part to evaluate threat
JSON Part Pattern: The RegEx pattern which will be matched to the JSON body or its part to evaluate threat
Input fields
jsonPayload: json that needs to be evaluated for threats
xmlPayload: xml that needs to be evaluated for threats
Output fields
result: If the request passes threat checks then returns true otherwise returns false
message: Describes the threat if any found otherwise returns empty string