JsonFilter
JSON (i.e. JavaScript Object Notation) is a human-readable data format for describing objects, originally derived from JavaScript (see RFC 4627 for a detailed description). The JsonFilter checks if the requests containing JSON have a correct syntax and optionally, if they obey various constraints (e.g. maximal nesting depth of the elements).
ch::nevis::isiweb4::filter::validation::JsonFilter
libInputValidationFilter.so.1
+NEEDS_JSON_PARSING
Configuration
BlockOnError
Type: Enum
Possible values: on
, off
, log
Usage Constraint: optional, conditions are allowed
Supported pragams: break
Default: on
This parameter defines a list of conditions. The conditions determine for which requests the system must perform a JSON validation. Furthermore, the parameter specifies what to do if the request does not contain valid JSON data.
Condition:HEADER:Content-Type:application/json
on
off
The above sample makes sure that all requests with Content-Type
header application/json
contain valid JSON data. The system will only process these valid requests (on
). All requests with another content type will be let through unvalidated (off
). In case a request is blocked, the system answers with a response containing the status code set in the StatusCode
parameter (see below), for example, 403 Access forbidden
.
StatusCode
Type: Integer
Range: min: 1, max: 999
Usage Constraint: optional
Default: 403
Defines which HTTP status code should be sent back to the client, in case the request is blocked.
MaxElementNumber
Type: Integer
Usage Constraint: optional
Defines the maximum number of elements that the JSON structure may contain. A parent element with a nested child counts as two elements.
MaxElementSize
Type: Integer
Usage Constraint: optional
The maximum number of characters that any element value may contain.
MaxNestingDepth
Type: Integer
Usage Constraint: optional
The maximal depth in which JSON objects may be nested. If you set the value of MaxNestingDepth
to more than 1000
, it may cause the proxy to crash because of running out of memory.
ValidationSchemaPath
Type: String
Usage Constraint: optional
Path where the validation schema is located. No schema validation is performed if the path is not defined.
WhitelistRegexps
Type: String array
Usage Constraint: optional
Default: ([\x00-\x33\x35-\x5B\x5D-\xFFFF]|(\\[\\\"/bfnrt])|(\\u[0-9a-fA-F]{4}))*
List of regular expressions which all keys and values of the JSON should match (including numbers and literals like true, false, null). A default regular expression is provided for matching all valid JSON keys and values.
Example
Here is an example of a JSON schema which could be stored in the file referred by the ValidationSchemaPath parameter:
{
"description": "Display Object",
"type": "object",
"properties": {
"name": {
"type": "string"
},
"format": {
"type": "object",
"additionalProperties": false,
"properties": {
"width": {
"type": "integer"
},
"height": {
"type": "integer"
},
"interface": {
"type": "string",
"pattern": "^\[a-z\]+$"
},
"frame rates": {
"type": "integer",
"enum": [
50,
60,
72
]
}
}
}
}
}
And a corresponding JSON message could look like this:
{
"name": "primary display",
"format": {
"width": 1024,
"height": 768,
"interface": "vga",
"frame rates": 50
}
}
For a sample filter configuration, check the JSONFilter.example
file in the examples directory.