JSON Protection Plugin

JSON Protection guards against JSON attacks by setting limits to JSON documents.

Types of Attacks

Here are some common JSON attacks and how JSON Protection mitigates them:

Configuration

Here's a sample configuration, with a brief explanation of what each attribute does:

<jsonProtection
  maxTokens="15"
  maxSize="110"
  maxDepth="3"
  maxStringLength="5"
  maxKeyLength="1"
  maxObjectSize="3"
  maxArraySize="3" />
AttributeDescription
maxTokensMaximum number of tokens in a JSON document
maxSizeMaximum overall size of a JSON document, in kilobytes
maxDepthMaximum nesting depth of a JSON document
maxStringLengthMaximum length of a string in a JSON document
maxKeyLengthMaximum length of an object key in a JSON document
maxObjectSizeMaximum number of keys in an object
maxArraySizeMaximum number of elements in an array

See: - More examples - Membrane API Gateway documentation.