Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

regex_policy error in mediation sequence #8422

Open
adri14590 opened this issue Apr 22, 2020 · 0 comments
Open

regex_policy error in mediation sequence #8422

adri14590 opened this issue Apr 22, 2020 · 0 comments
Labels
Priority/Normal Type/Bug

Comments

@adri14590
Copy link

adri14590 commented Apr 22, 2020
edited
Loading

Description:

When I use a regex_policy sequence, and invoke an API with it attached, first time all works as expected but then, when I keep trying this endpoint, I am always getting an API response with the message "Threat detection key words are missing".

Analyzing the carbon-apimgt code I saw that I am getting this message because this fragment of code:

        messageProperty = messageContext.getProperty(APIMgtGatewayConstants.REGEX_PATTERN);
        if (messageProperty != null && pattern == null) {
            pattern = Pattern.compile(messageProperty.toString(), Pattern.CASE_INSENSITIVE);
        } else {
            GatewayUtils.handleThreat(messageContext, APIMgtGatewayConstants.HTTP_SC_CODE,
                    "Threat detection key words are missing");
            return true;
        }

So maybe the regex property is being retrieved as null or maybe the pattern variable is null...but the pattern variable is never being assigned before or I can't see where.

Here my full sequence code:

<?xml version="1.0" encoding="UTF-8"?>
<sequence name="sipSequence-threatprot" trace="disable" xmlns="http://ws.apache.org/ns/synapse">
    <log level="custom">
        <property name="IN_MESSAGE" value="Regular_expression_policy"/>
    </log>
	<property name="threatType" value="SQL-Injection"/>
	<property name="regex" value="((drop\s*table\s\S.*)|(insert\s*into\s\S.*)|(delete\s*from\s\S.*)|(create\s*database\s\S.*)|(drop\s*database\s\S.*)|(create\s*table\s\S.*)|(alter\s*table\s\S.*)|(truncate\s*table\s\S.*)|(select\s\S.*FROM\s\S.*)|(alter\s*table\s\S.*)|(\bor\b))"/>
	<property name="enabledCheckBody" value="true"/>
	<property name="enabledCheckHeaders" value="true"/>
	<property name="enabledCheckPathParams" value="true"/>
    <class name="org.wso2.carbon.apimgt.gateway.mediators.RegularExpressionProtector"/>
</sequence>

I also saw on this commit 0311249 that in previous version the "pattern == null" check was inside the first if.

Thank for your time.

Steps to reproduce:

  1. Create a testing API, with default resources and a mock endpoint (using mocky.io).
  2. Add a query param to the GET Endpoint with name "param".
  3. Attach a custom message mediation sequence to the API with regex policy.
  4. Publish, Create application, Subscription...etc
  5. Test GET / Endpoint with '?param=drop%20table'

Affected Product Version:

API Manager 3.1.0

Environment details (with versions):

  • OS: Windows 10
  • Client: 3.1.0
  • Env (Docker/K8s): Docker (custom docker-compose environment)
    am-analytics-worker:
    image: wso2/wso2am-analytics-worker:3.1.0
    api-manager:
    image: wso2/wso2am:3.1.0
    am-analytics-dashboard:
    image: wso2/wso2am-analytics-dashboard:3.1.0

Suggested Labels:

threat protection regex api manager security
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Priority/Normal Type/Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@adri14590