use of org.wso2.carbon.apimgt.gateway.threatprotection.configuration.JSONConfig in project carbon-apimgt by wso2.
the class JSONAnalyzerTestCase method testJsonDepthAnalyzeFail.
@Test(expectedExceptions = APIMThreatAnalyzerException.class)
public void testJsonDepthAnalyzeFail() throws Exception {
JSONConfig config = Mockito.mock(JSONConfig.class);
Mockito.when(config.getMaxJsonDepth()).thenReturn(3);
JSONAnalyzer analyzer = new JSONAnalyzer();
analyzer.configure(config);
String jsonString = "{\"a\": {\"b\": {\"c\": {\"d\": 1}}}}";
analyzer.analyze(jsonString, "/foo");
}
use of org.wso2.carbon.apimgt.gateway.threatprotection.configuration.JSONConfig in project carbon-apimgt by wso2.
the class JSONAnalyzerTestCase method testCheckMaxStringLengthPass.
@Test
public void testCheckMaxStringLengthPass() throws Exception {
JSONConfig config = Mockito.mock(JSONConfig.class);
Mockito.when(config.getMaxStringLength()).thenReturn(10);
JSONAnalyzer analyzer = new JSONAnalyzer();
analyzer.configure(config);
String jsonString = "{\"a\": \"abcdef1234\"}";
analyzer.analyze(jsonString, "/foo");
}
use of org.wso2.carbon.apimgt.gateway.threatprotection.configuration.JSONConfig in project carbon-apimgt by wso2.
the class JSONAnalyzerTestCase method testMaxFieldLengthFail.
@Test(expectedExceptions = APIMThreatAnalyzerException.class)
public void testMaxFieldLengthFail() throws Exception {
JSONConfig config = Mockito.mock(JSONConfig.class);
Mockito.when(config.getMaxKeyLength()).thenReturn(5);
JSONAnalyzer analyzer = new JSONAnalyzer();
analyzer.configure(config);
String jsonString = "{\"abcdef\": [1, 2, 3, 4, 5, 6]}";
analyzer.analyze(jsonString, "/foo");
}
use of org.wso2.carbon.apimgt.gateway.threatprotection.configuration.JSONConfig in project carbon-apimgt by wso2.
the class JsonSchemaValidator method mediate.
/**
* This mediate method validates the message body.
*
* @param messageContext This message context contains the request message properties of the relevant
* API which was enabled the JSON_Validator message mediation in flow.
* @return a boolean true if the message content is passed the json schema criteria.
*/
public boolean mediate(MessageContext messageContext) {
if (logger.isDebugEnabled()) {
logger.debug("JSON schema validation mediator is activated...");
}
Map<String, InputStream> inputStreams = null;
org.apache.axis2.context.MessageContext axis2MC;
String apiContext;
String requestMethod;
String contentType;
Boolean isValid = true;
axis2MC = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
Object contentTypeObject = axis2MC.getProperty(ThreatProtectorConstants.CONTENT_TYPE);
if (contentTypeObject != null) {
contentType = contentTypeObject.toString();
} else {
contentType = axis2MC.getProperty(ThreatProtectorConstants.SOAP_CONTENT_TYPE).toString();
}
apiContext = messageContext.getProperty(ThreatProtectorConstants.API_CONTEXT).toString();
requestMethod = axis2MC.getProperty(ThreatProtectorConstants.HTTP_REQUEST_METHOD).toString();
if (!APIConstants.SupportedHTTPVerbs.GET.name().equalsIgnoreCase(requestMethod) && (ThreatProtectorConstants.APPLICATION_JSON.equals(contentType) || ThreatProtectorConstants.TEXT_JSON.equals(contentType))) {
JSONConfig jsonConfig = configureSchemaProperties(messageContext);
ConfigurationHolder.addJsonConfig(jsonConfig);
APIMThreatAnalyzer apimThreatAnalyzer = AnalyzerHolder.getAnalyzer(contentType);
try {
inputStreams = GatewayUtils.cloneRequestMessage(messageContext);
if (inputStreams != null) {
InputStream inputStreamJson = inputStreams.get(ThreatProtectorConstants.JSON);
BufferedInputStream bufferedInputStream = new BufferedInputStream(inputStreamJson);
apimThreatAnalyzer.analyze(bufferedInputStream, apiContext);
isValid = true;
}
} catch (APIMThreatAnalyzerException e) {
String message = "Request is failed due to a JSON schema validation failure: ";
logger.error(message, e);
isValid = GatewayUtils.handleThreat(messageContext, ThreatProtectorConstants.HTTP_SC_CODE, message + e.getMessage());
} catch (IOException e) {
String message = "Error occurred while building the request: ";
logger.error(message, e);
isValid = GatewayUtils.handleThreat(messageContext, ThreatProtectorConstants.HTTP_SC_CODE, message + e.getMessage());
} finally {
// return analyzer to the pool
AnalyzerHolder.returnObject(apimThreatAnalyzer);
}
} else {
if (log.isDebugEnabled()) {
log.debug("JSON Schema Validator: " + APIMgtGatewayConstants.REQUEST_TYPE_FAIL_MSG);
}
}
GatewayUtils.setOriginalInputStream(inputStreams, axis2MC);
if (isValid) {
try {
RelayUtils.buildMessage(axis2MC);
} catch (IOException | XMLStreamException e) {
isValid = GatewayUtils.handleThreat(messageContext, APIMgtGatewayConstants.HTTP_SC_CODE, e.getMessage());
}
}
return isValid;
}
use of org.wso2.carbon.apimgt.gateway.threatprotection.configuration.JSONConfig in project carbon-apimgt by wso2.
the class AnalyzerHolder method getAnalyzer.
/**
* Borrows an object from pools (xml or json) for threat analysis
*
* @param contentType Content-Type of the payload
* @return Instance of APIMThreatAnalyzer based on content type
*/
public static APIMThreatAnalyzer getAnalyzer(String contentType) {
APIMThreatAnalyzer analyzer = null;
if (ThreatProtectorConstants.TEXT_XML.equalsIgnoreCase(contentType) || ThreatProtectorConstants.APPLICATION_XML.equalsIgnoreCase(contentType)) {
try {
analyzer = xmlAnalyzerAnalyzerPool.borrowObject();
XMLConfig xmlConfig = ConfigurationHolder.getXmlConfig();
analyzer.configure(xmlConfig);
} catch (Exception e) {
// here apache.commons GenericObjectPool's borrow object method throws generic exception.
// here log the stacktrace along with the message.
log.error("Threat Protection: Error occurred while getting an object from the pool.", e);
}
} else if (ThreatProtectorConstants.TEXT_JSON.equalsIgnoreCase(contentType) || ThreatProtectorConstants.APPLICATION_JSON.equalsIgnoreCase(contentType)) {
try {
analyzer = jsonAnalyzerAnalyzerPool.borrowObject();
JSONConfig jsonConfig = ConfigurationHolder.getJsonConfig();
analyzer.configure(jsonConfig);
} catch (Exception e) {
log.error("Threat Protection: Error occurred while getting an object from the pool.", e);
}
}
return analyzer;
}
Aggregations