'Protect Against Code Injection, Shell Injection' in the api gateway blocks messages containing `| & > \ etc. Can I pick and choose which meta characters to block?
'Protect Against Code Injection, Shell Injection' in the api gateway blocks messages containing `| & > \ etc. Can I pick and choose which meta characters to block?
yes you are right shell injection flags those characters.
Protect Against Code Injection & sql attacks assertions are a set of regular expressions run against the message body, URL, and attachments and it looks like its not possible to customize the regex matches for the protection assertions.
you can use reg-ex assertion and write your own pattern according to the requirement and use this regex assertion rather than the std sql attack assertion.
You may also want to vote for this idea, to allow easy encode/escape of special characters - so they can be safe to use rather than just blocking them :
Enhance Encode/Decode Data Assertion to add html encode/decode
It is geared towards XML/ HTML special characters - There is also code for a custom assertion to do this from Guy posted there.
A similar process could be applied for SQL special characters, where processes a string finds any special characters and escapes them.
Cheers - Mark
yes you are right shell injection flags those characters.
Protect Against Code Injection & sql attacks assertions are a set of regular expressions run against the message body, URL, and attachments and it looks like its not possible to customize the regex matches for the protection assertions.
you can use reg-ex assertion and write your own pattern according to the requirement and use this regex assertion rather than the std sql attack assertion.