This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Regular Expression Patterns in Threat Protection Policy

Posted on 05-24-2021 08:53 AM
asharma377
New Member
Reply posted on --/--/---- --:-- AM

Hi,

Regex patterns are given at the link below that should be catch by Regular expression policy and implemented as part of security shared flows.

https://docs.apigee.com/api-platform/reference/policies/regular-expression-protection#javascript-inc...

  <JSONPath>
    <Expression>$.</Expression>
    <Pattern><\s*script\b[^>]*>[^<]+<\s*\/\s*script\s*>
    </Pattern>
    <Pattern>n\s*\\\\\s*slash</Pattern>
    <Pattern>n\s*\/\s*slash</Pattern>
    <Pattern>n\s*\\"\s*quotes</Pattern>
    <Pattern>n\s*\\b\s*space</Pattern>
    <Pattern>n\s*\\f\s*forwardfeed</Pattern>
    <Pattern>n\s*\\n\s*newline</Pattern>
    <Pattern>n\s*\\r\s*carria</Pattern>
    <Pattern>n\s*\\t\s*tab</Pattern>
    <Pattern>n\s*\\uFFFF\s*hex</Pattern>
  </JSONPath>

What are the exact phrases these patterns are looking to catch, and how do we arrive at these patterns. Are they used commonly as checks for SQL Injection? Are they recommended by OWASP?

Not much of background is given as to how will they help detect intruders. If someone can shed some more light and have implemented them. I can not find much information on these patterns on net as well.

thanks,

Aakash

1 2 701
Topic Labels
Reply
2 REPLIES 2

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Wow! I'm sorry. That example in the documentation is not helpful. I'd say it is downright confusing.

That configuration you are citing is right out of the test code for the Apigee gateway. That configuration is valid, but it is not representative of something you would want to do, or need to do, in an API Proxy. That configuration is not helpful in detecting known attack patterns.

I've filed a ticket to ask for an update to the documentation, to provide an example that uses regular expressions that are more representative of what you might want to look for. ref: b/189372480

0 Likes
Reply

Posted on --/--/---- --:-- AM
pietjacobs
Bronze 5
Bronze 5
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Hi @dchiesa1 

Do you have an update on this? It looks like the documentation is still the same as above.

Are we supposed to look at the Apigee X documentation for more up to date regex patterns? 
https://cloud.google.com/apigee/docs/api-platform/reference/policies/regular-expression-protection#j...

Thanks!

0 Likes
Reply