Follow

Issue: Malformed JSON data - JSON Parser Attack - Malformed numeric

Description

Violations Malformed JSON data
Sub Violation(s)
Attack Type JSON Parser Attack

Details:

<violation>
<viol_index>52</viol_index>
<viol_name>VIOL_JSON_MALFORMED</viol_name>
<context>URL</context>
<object_data>
<object>/redacted</object>
<object_pattern>*</object_pattern>
</object_data>
<staging>0</staging>
<content_profile_data>
<type>JSON</type>
<content_id>888</content_id>
<content_profile_id>8888</content_profile_id>
<content_profile_name>json_default</content_profile_name>
<buffer>01</buffer>
<index>112</index>
<location>redacted</location>
<error_code>9</error_code>
<specific_desc>Malformed document</specific_desc>
<fault_detail>Malformed numeric value</fault_detail>

 

JSON Example:

"data": {

"id": "123",

"type": "user",

"attributes": {

"phone-number": 0111222333444,

"country": "us"}

}

 

Environment

  • WAF Policy

 

Cause

   The representation of numbers is similar to that used in most
   programming languages.  A number is represented in base 10 using
   decimal digits.  It contains an integer component that may be
   prefixed with an optional minus sign, which may be followed by a
   fraction part and/or an exponent part.  Leading zeros are not
   allowed.
   The representation of strings is similar to conventions used in the C
   family of programming languages.  A string begins and ends with
   quotation marks.

 

Resolution

  • Don't use leading zero
    • i.e. "phone-number": 111222333444,
  • or, store as a string with quotation marks
    • i.e. "phone-number": "0111222333444",

 

Related Content

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request