Layer7 API Management

  • Private Community

  • 1.  Dynamic Regular Expressions

    Posted Feb 12, 2019 11:43 AM

    Regarding the Evaluate Regular Expression assertion, is it possible to use a context variable as the regular expression, instead of being converted to it's literal interpretation? For example, set a context variable to an expression (e.g. "[A-Z]+"), then use that context variable as the expression. I need a way to build dynamic expressions I don't exactly know before the execution of the regular expression assertion.  It seems the default behavior for this assertion is to treat context variables as literals between \Q & \E, but is there a way around this behavior?

     



  • 2.  Re: Dynamic Regular Expressions

    Broadcom Employee
    Posted Feb 12, 2019 11:56 AM

    Hi Chris,

     

    It does not look like this is possible per design. I would assume to prevent any type of RegEx injection.

     

    If at runtime ${there} contains regular expression metacharacters such as [, ], |, ^, $, etc., they will be matched as literals (in other words, they lose their metacharacter interpretation).

     

    Evaluate Regular Expression Assertion - CA API Gateway - 9.4 - CA Technologies Documentation 

     

    Regards,

    Joe



  • 3.  Re: Dynamic Regular Expressions

    Posted Mar 11, 2019 06:20 PM

    I can understand this concern, if the regular expression's input were coming from outside requests, but this could be useful if the values are coming from configuration, either through cluster variables, or portal configuration.



  • 4.  Re: Dynamic Regular Expressions

    Broadcom Employee
    Posted Feb 12, 2019 11:29 PM

    Evaluate Regular Expression Assertion - CA API Gateway - 9.4 - CA Technologies Documentation 

    it says,

    Regular Expression

    Enter the regular expression value to be matched. You may reference context variables within the expression. Note that any context variable will be treated as literals when the syntax is checked during design time, but will be resolved to their actual values during runtime. For details, see "Example: Context variables in the regular expression" below.

    The Regular Expression field can only contain a single expression. To evaluate multiple expressions, configure multiple Evaluate Regular Expression assertions within a policy.