Forum Discussion

Deepak_21563's avatar
Deepak_21563
Icon for Nimbostratus rankNimbostratus
Feb 05, 2019

JSON data format

Hi,

 

I am presently trying to solve an ASM block issues concerning JSON formatted data. We have a VIP to which a ASM policy is associated. This ASM policy has a XML and JSON profile added. The ASM is blocking the JSON data with a message VIOL_JSON_MALFORMED malformed Document.The JSON data in question is

 

"{\"Inputs\":[{\"ATPONumber\":\"test12345\",\"CEPDay\":365}]}"

 

In the above data if i remove the start and end " and the \, then it passes. But the customer is not willing to do that

 

I used a online tool https://jsonformatter.curiousconcept.com/ to validate the format of the JSON data

 

In the above mentioned site, there are two JSON standard RFC's to choose from, the default is RFC 4627, with this RFC the validation fails. With RFC 7159 selected, the data is passed as a valid JSON format

 

I used another online tool jsonlint, where this data is marked as valid

 

Now my question is, what standards are used in F5 ASM for JSON validation. I could not find this information.

 

application delivery
ASM Advanced WAF

2 Replies

  • samstep's avatar
    samstep
    Icon for Cirrocumulus rankCirrocumulus
    Feb 05, 2019

    This is clearly an invalid JSON grammar, I have no idea how your customer is parsing this data.

    Since the whole thing is in double-quotes it makes the whole structure a string, not JSON. So it fails RFC4627 straight away (JSON must start with an object, not a string).

    If you remove the outer double-quotes:

    {\"Inputs\":[{\"ATPONumber\":\"test12345\",\"CEPDay\":365}]}

    then it fails both RFC4627 and RFC7159!

    On a historical note - F5 ASM dates back to 2004 and RFC7159 was released in 2014, so I assume that F5 ASM's JSON parser is using RFC 4627 (F5 staff please confirm)