This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Regular Expression Patterns in Threat Protection Policy

Posted on 05-24-2021 08:53 AM
asharma377
New Member
Reply posted on --/--/---- --:-- AM

Hi,

Regex patterns are given at the link below that should be catch by Regular expression policy and implemented as part of security shared flows.

https://docs.apigee.com/api-platform/reference/policies/regular-expression-protection#javascript-inc...

  <JSONPath>
    <Expression>$.</Expression>
    <Pattern><\s*script\b[^>]*>[^<]+<\s*\/\s*script\s*>
    </Pattern>
    <Pattern>n\s*\\\\\s*slash</Pattern>
    <Pattern>n\s*\/\s*slash</Pattern>
    <Pattern>n\s*\\"\s*quotes</Pattern>
    <Pattern>n\s*\\b\s*space</Pattern>
    <Pattern>n\s*\\f\s*forwardfeed</Pattern>
    <Pattern>n\s*\\n\s*newline</Pattern>
    <Pattern>n\s*\\r\s*carria</Pattern>
    <Pattern>n\s*\\t\s*tab</Pattern>
    <Pattern>n\s*\\uFFFF\s*hex</Pattern>
  </JSONPath>

What are the exact phrases these patterns are looking to catch, and how do we arrive at these patterns. Are they used commonly as checks for SQL Injection? Are they recommended by OWASP?

Not much of background is given as to how will they help detect intruders. If someone can shed some more light and have implemented them. I can not find much information on these patterns on net as well.

thanks,

Aakash

1 2 924
Topic Labels
Reply
2 REPLIES 2