[owasp-modsecurity compatibility] validateSchema action #1279
Comments
|
Nice catch. Do you feel like opening a PR for this? I am 100% agree this
should support JSON schema aswell.
…On Thu, Jan 9, 2025 at 6:23 AM Nathan Byrd ***@***.***> wrote:
Summary
coraza doesn't implement the validateSchema action
owasp-modsecurity has this action
<https://github.com/owasp-modsecurity/ModSecurity/wiki/Reference-Manual-(v3.x)#validateschema>
Besides the existing Modsecurity support for XML schema validation, this
should be extended to JSON validation using JSON Schema as well.
Basic example
https://github.com/owasp-modsecurity/ModSecurity/wiki/Reference-Manual-(v3.x)#validateschema
Motivation
I'm working on implementing schema validation as part of the OAShield
project <https://www.oashield.com/> - OAShield Github Repository
<https://github.com/cognitivegears/oashield>
Specifically, this would be used to Support Complex Data Types
<cognitivegears/oashield#14>. I am currently
working through using the existing Coraza body processors, but for complex
schemas this is starting to look like it may be not very performant to
create that many rules to validate every field as well as check for
negative examples. A schema validator is likely to be much more optimized
at doing this work, and would satisfy a compatibility item besides.
I would be interested in doing this work to make a PR for this, but wanted
to raise this first to judge the interest before proceeding.
—
Reply to this email directly, view it on GitHub
<#1279>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAXOYAUHGMYFL5DWTVCTEY32JYBVBAVCNFSM6AAAAABU3LEVXOVHI2DSMVQWIX3LMV43ASLTON2WKOZSG43TMOBWGIYTIMQ>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
Sure - let me take a shot at it, I'll follow up if I run into any issues. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
coraza doesn't implement the validateSchema action
owasp-modsecurity has this action
Besides the existing Modsecurity support for XML schema validation, this should be extended to JSON validation using JSON Schema as well.
Basic example
https://github.com/owasp-modsecurity/ModSecurity/wiki/Reference-Manual-(v3.x)#validateschema
Motivation
I'm working on implementing schema validation as part of the OAShield project - OAShield Github Repository
Specifically, this would be used to Support Complex Data Types. I am currently working through using the existing Coraza body processors, but for complex schemas this is starting to look like it may be not very performant to create that many rules to validate every field, especially for searching for invalid parameters (anything that doesn't fit in the schema). A dedicated schema validator is likely to be much more optimized at doing this processing and would satisfy a compatibility item besides.
I would be interested in doing this work to make a PR for this, but wanted to raise this first to judge the interest before proceeding.
The text was updated successfully, but these errors were encountered: