Why This Issue Is Important
In Apigee, the JSONThreatProtection policy is used to protect APIs from potentially harmful JSON payloads by enforcing limits on the structure and size of incoming JSON data. If this policy is not configured securely, it can leave the API vulnerable to Denial of Service (DoS) attacks, where attackers send excessively large or deeply nested JSON payloads to overwhelm the system, leading to performance degradation or even outages.
How This Issue Is Detected
CodeSent detects insecure configurations in the JSONThreatProtection policy by analyzing the policy's XML configuration. The tool checks if policy settings are missing or if their values are set too high, which would nullify the intended protection. If any of these conditions are met, CodeSent flags the configuration as insecure.
How to Fix the Issue
To fix this issue, you should ensure that the JSONThreatProtection policy enforces reasonable limits on the structure and size of JSON payloads.