Fix regex for XPath Injection

wso2 · Oct 31, 2024 · 9361e4d · 9361e4d
1 parent a91a4ad
commit 9361e4d
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/...teway/threat-protectors/regular-expression-threat-protection-for-api-gateway.md b/...teway/threat-protectors/regular-expression-threat-protection-for-api-gateway.md
@@ -50,7 +50,7 @@ We recommend the following patterns for denying requests.
         <tr class="even">
             <td>XPath Injection</td>
             <td>
-                <code>.*'.*|.*or.*|.*1=1.*|.*ALTER.*|.*ALTER TABLE.*|.*ALTER VIEW.*|</code><br />
+                <code>.*'.*|(?\u003C![\w\d])or(?![\w\d])|.*1=1.*|.*ALTER.*|.*ALTER TABLE.*|.*ALTER VIEW.*|</code><br />
                 <code>.*CREATE DATABASE.*|.*CREATE PROCEDURE.*|.*CREATE SCHEMA.*|</code><br />
                 <code>.*create table.*|.*CREATE VIEW.*|.*DELETE.*|.*DROP DATABASE.*|</code><br />
                 <code>.*DROP PROCEDURE.*|.*DROP.*|.*SELECT.*</code>