AnsweredAssumed Answered

Not able to handle errors with '%' char when Encode/Decode Data assertion is used.

Question asked by Kareem.shaik7 on Jul 24, 2017
Latest reply on Jul 27, 2017 by Mark_HE

We have implemented 'Code Injection Protection' assertion to avoid any injection requests. The logic is similar to below case.

 

- 1 At least one assertion must evaluate to true
      - 1.1. All assertions must evaluate to true
            - 1.1.1 Code Injection Protection
      - 1.2 All assertion must evaluate to true
            - 1.2.1 Return Template response to Requestor

 

Sample Request 1:

 

{

"brand_name":"ivv2coiA",
"prefix":"Mr",
"first_name":"Jay",
"middle_name":"%3CScript%3E",
"last_name":"Chris"

}

 

So if someone sends in JSON with above request, Gateway monitors the message and rejected at Code Injection Protection assertion. Then the control would get into '1.2.1 Return Template response to Requestor' where customer error message is provided in response. 

 

Now another request comes in as shown below: 

 

{

"brand_name":"%co9012",
"prefix":"Mr",
"first_name":"Jay",
"middle_name":"N",
"last_name":"Chris"

}

 

In this case, the control is not flowing through  '1.2.1 Return Template response to Requestor'.

Gateway is giving 'Unhandled exception' to the consumer. I can understand that assertion is trying to decode '%co' which is not turning into a valid value. 

 

How to handle this kind of situations and give a proper error response to API caller?

 

Regards

Kareem

Outcomes