JSON Protection Plugin

JSON Protection guards against JSON attacks by setting limits to JSON documents.

Types of Attacks

Here are some common JSON attacks and how JSON Protection mitigates them:

Duplicate object properties: An attacker could send JSON with many identical keys in an attempt to overload the service or exploit key collisions. The JSON Protection plugin denies such requests by default.
```
{
  "price": 99.80,
  "price": 0.01
}
```
Excessively large documents: Large, complex JSON can consume excessive resources when parsed, potentially leading to a DoS condition. JSON Protection sets limits on various aspects of a JSON document to prevent this, like the:
- maximum total tokens (maxTokens)
- maximum overall size (maxSize)
- maximum string length (maxStringLength)
- maximum object size (maxObjectSize)
- maximum array size (maxArraySize)
maxStringLength="5"
```
{
  "firstname": "')) DROP TABLE USERS --"
}
```
Deeply nested objects: Objects which are deeply nested could potentially provoke errors. To prevent this from happening, the JSON Protection plugin can limit the maximum depth (maxDepth).
maxDepth="3"
```
{
  "a": {
    "b": {
      "c": {
        "d": "dv"
      }
    }
  }
}
```

Here's a sample configuration, with a brief explanation of what each attribute does:

<jsonProtection
  maxTokens="15"
  maxSize="110"
  maxDepth="3"
  maxStringLength="5"
  maxKeyLength="1"
  maxObjectSize="3"
  maxArraySize="3" />

Attribute	Description
maxTokens	Maximum number of tokens in a JSON document
maxSize	Maximum overall size of a JSON document, in kilobytes
maxDepth	Maximum nesting depth of a JSON document
maxStringLength	Maximum length of a string in a JSON document
maxKeyLength	Maximum length of an object key in a JSON document
maxObjectSize	Maximum number of keys in an object
maxArraySize	Maximum number of elements in an array