AWAF OpenAPI Import and default defense attribute values for json content profiles

Thanks JRahm 

There is nothing special with this OpenAPI file. You can use any example file from the internet.

1. Import the OpenAPI file
2. Goto the JSON Content Profiles and open one of them
3. See that the default defense attributes are set to values as in my screenshot

Exporting the policy (sorry I could not give you the complete policy, it is far to large to sanitizy all elements) it looks like:

{
   "defenseAttributes" : {
      "maximumArrayLength" : 1000,
      "maximumStructureDepth" : 10,
      "maximumTotalLengthOfJSONData" : 10000,
      "maximumValueLength" : 100,
      "tolerateJSONParsingWarnings" : false
   },
   "description" : "",
   "hasValidationFiles" : true,
   "name" : "json_POST_~v1~path1~res"
},

Changing this afterwards through API is certainly possible, but it would be better If we can change it inside a declarative WAF policy. I tried it with the modifcation section, but it does not worked. It seems the modifications section does not support the entityTyoe "json-profiles", but I have not found any documentation on this. My next try is to integrate this in my main policy file.

Anyway, this was my attempt:

{
	"modifications": [
		{
			"action": "add-or-update",
			"entityType": "json-profiles",
			"entity": {
				"name" : "json_POST_~v1~path1~res"
			},
			"entityChanges": {
				"defenseAttributes" : {
					"maximumArrayLength" : 1000,
					"maximumStructureDepth" : 10,
					"maximumTotalLengthOfJSONData" : 1048576,
					"maximumValueLength" : 262144,
					"tolerateJSONParsingWarnings" : false
				}
			}
		}
	]
}

Can you have look at the "RFE ID 1186661 - defense attributes for JSON profiles in policy created from OpenAPI file should have value "any" by default". I think this not the best solution to solve this issue. An even better solution would be: Add a posibility to let the user change this values and not to hardcode only other values.

We should push this RFE, how I can do this?