JustJozef
Aug 09, 2023Cirrus
Case (in)sensitivity for JSON schema in ASM policy
Hi all,
I would like to know if follow behaviour is correct or it's bug.
I have ASM policy where JSON profiles are created from swagger file with JSON Schema Files. Global policy setting "Policy is Case Sensitive" is defined to "No".
However payload in requests is strictly checked and if in schema file is defined parameter "username" then request with parameter "Username" is not valid and is against security policy. It mean that Json Schema has higher priority than global settings of policy?
Part of the JSON schema:
"required":["password","username"]
Valid request with payload
{"username":"myuser","password":"mypass"}
Request what report violation "JSON data does not comply with JSON schema"
{"Username":"myuser","Password":"mypass"}
In details it reports that parameter username is missing and Illegal additional property Username is defined.