We have implemented 'Code Injection Protection' assertion to avoid any injection requests. The logic is similar to below case.
- 1 At least one assertion must evaluate to true
- 1.1. All assertions must evaluate to true
- 1.1.1 Code Injection Protection
- 1.2 All assertion must evaluate to true
- 1.2.1 Return Template response to Requestor
Sample Request 1:
{
"brand_name":"ivv2coiA",
"prefix":"Mr",
"first_name":"Jay",
"middle_name":"%3CScript%3E",
"last_name":"Chris"
}
So if someone sends in JSON with above request, Gateway monitors the message and rejected at Code Injection Protection assertion. Then the control would get into '1.2.1 Return Template response to Requestor' where customer error message is provided in response.
Now another request comes in as shown below:
{
"brand_name":"%co9012",
"prefix":"Mr",
"first_name":"Jay",
"middle_name":"N",
"last_name":"Chris"
}
In this case, the control is not flowing through '1.2.1 Return Template response to Requestor'.
Gateway is giving 'Unhandled exception' to the consumer. I can understand that assertion is trying to decode '%co' which is not turning into a valid value.
How to handle this kind of situations and give a proper error response to API caller?
Regards
Kareem