JsonFilter
JSON (i.e. JavaScript Object Notation) is a human-readable data format for describing objects, originally derived from JavaScript (see RFC 4627 for a detailed description). The JsonFilter checks if the requests containing JSON have a correct syntax and optionally, if they obey various constraints (e.g. maximal nesting depth of the elements).
ch::nevis::isiweb4::filter::validation::JsonFilter
libInputValidationFilter.so.1
Configuration
BlockOnError
Type: Enum:
on
,off
,log
Usage Constraint: optional, conditions are allowed
Supported pragams:
break
Default:
on
Syntax:
on|off|log
This parameter defines a list of conditions. The conditions determine for which requests the system must perform a JSON validation. Furthermore, the parameter specifies what to do if the request does not contain valid JSON data.
Sample:
Condition:HEADER:Content-Type:application/json
on
offThe above sample makes sure that all requests with
Content-Type
header =application/json
contain valid JSON data (as per the configured condition). The system will only process these valid requests (on
). All requests with another content type will be let through unvalidated (off
). In case a request is blocked, the system answers with a response containing the status code set in theStatusCode
parameter (see below), for example,403 Access forbidden
.
StatusCode
- Type: Integer
- Usage Constraint: optional, min:
1
, max:999
- Default:
403
- Defines which HTTP status code should be sent back to the client, in case the request is blocked.
MaxElementNumber
Type: Integer
Usage Constraint: optional
Defines the maximum number of elements that the JSON structure may contain.
noteA parent element with a nested child counts as two elements.
MaxElementSize
- Type: Integer
- Usage Constraint: optional
- The maximum number of characters that any element value may contain.
MaxNestingDepth
- Type: Integer
- Usage Constraint: optional
- The maximal depth in which JSON objects may be nested. If you set the value of
MaxNestingDepth
to more than1000
, it may cause the proxy to crash because of running out of memory.
ValidationSchemaPath
- Type: String
- Usage Constraint: optional
- Path where the validation schema is located. No schema validation is performed if the path is not defined.
WhitelistRegexps
- Type: String array
- Usage Constraint: optional
- Default:
([\x00-\x33\x35-\x5B\x5D-\xFFFF]|(\\[\\\"/bfnrt])|(\\u[0-9a-fA-F]{4}))*
- List of regular expressions which all keys and values of the JSON should match (including numbers and literals like true, false, null). A default regular expression is provided for matching all valid JSON keys and values.
Example
Here is an example of a JSON schema which could be stored in the file referred by the ValidationSchemaPath parameter:
{
"description": "Display Object",
"type": "object",
"properties": {
"name": {
"type": "string"
},
"format": {
"type": "object",
"additionalProperties": false,
"properties": {
"width": {
"type": "integer"
},
"height": {
"type": "integer"
},
"interface": {
"type": "string",
"pattern": "^\[a-z\]+$"
},
"frame rates": {
"type": "integer",
"enum": [
50,
60,
72
]
}
}
}
}
}
And a corresponding JSON message could look like this:
{
"name": "primary display",
"format": {
"width": 1024,
"height": 768,
"interface": "vga",
"frame rates": 50
}
}
For a sample filter configuration, check the JSONFilter.example file in the examples directory.