JsonFilter

JSON (i.e. JavaScript Object Notation) is a human-readable data format for describing objects, originally derived from JavaScript (see RFC 4627 for a detailed description). The JsonFilter checks if the requests containing JSON have a correct syntax and optionally, if they obey various constraints (e.g. maximal nesting depth of the elements).

Classname

ch::nevis::isiweb4::filter::validation::JsonFilter

Library

libInputValidationFilter.so.1

Configuration

BlockOnError

• Type: Enum: on, off, log

• Usage Constraint: optional, conditions are allowed

• Supported pragams: break

• Default: on

• Syntax: on|off|log

• This parameter defines a list of conditions. The conditions determine for which requests the system must perform a JSON validation. Furthermore, the parameter specifies what to do if the request does not contain valid JSON data.

  Sample:

  Condition:HEADER:Content-Type:application/json
  on
  off

  The above sample makes sure that all requests with Content-Type header = application/json contain valid JSON data (as per the configured condition). The system will only process these valid requests (on). All requests with another content type will be let through unvalidated (off). In case a request is blocked, the system answers with a response containing the status code set in the StatusCode parameter (see below), for example, 403 Access forbidden.

StatusCode

• Type: Integer
• Usage Constraint: optional, min: 1, max: 999
• Default: 403
• Defines which HTTP status code should be sent back to the client, in case the request is blocked.

MaxElementNumber

• Type: Integer

• Usage Constraint: optional

• Defines the maximum number of elements that the JSON structure may contain.

  note

  A parent element with a nested child counts as two elements.

MaxElementSize

• Type: Integer
• Usage Constraint: optional
• The maximum number of characters that any element value may contain.

MaxNestingDepth

• Type: Integer
• Usage Constraint: optional
• The maximal depth in which JSON objects may be nested. If you set the value of MaxNestingDepth to more than 1000, it may cause the proxy to crash because of running out of memory.

ValidationSchemaPath

• Type: String
• Usage Constraint: optional
• Path where the validation schema is located. No schema validation is performed if the path is not defined.

WhitelistRegexps

• Type: String array
• Usage Constraint: optional
• Default: ([\x00-\x33\x35-\x5B\x5D-\xFFFF]|(\\[\\\"/bfnrt])|(\\u[0-9a-fA-F]{4}))*
• List of regular expressions which all keys and values of the JSON should match (including numbers and literals like true, false, null). A default regular expression is provided for matching all valid JSON keys and values.

Example

Here is an example of a JSON schema which could be stored in the file referred by the ValidationSchemaPath parameter:

{
    "description": "Display Object",
    "type": "object",
    "properties": {
        "name": {
            "type": "string"
        },
        "format": {
            "type": "object",
            "additionalProperties": false,
            "properties": {
                "width": {
                    "type": "integer"
                },
                "height": {
                    "type": "integer"
                },
                "interface": {
                    "type": "string",
                    "pattern": "^\[a-z\]+$"
                },
                "frame rates": {
                    "type": "integer",
                    "enum": [
                        50,
                        60,
                        72
                ]
            }
        }
    }
  }
}

And a corresponding JSON message could look like this:

{
    "name": "primary display",
    "format": {
        "width": 1024,
        "height": 768,
        "interface": "vga",
        "frame rates": 50
    }
}

Example configuration

For a sample filter configuration, check the JSONFilter.example file in the examples directory.