From 8447e3328a70f36ce973ab36fd78e629e848b25b Mon Sep 17 00:00:00 2001 From: msm1992 Date: Thu, 31 Oct 2024 12:29:17 +0530 Subject: [PATCH] Fix regex for XPath Injection --- .../regular-expression-threat-protection-for-api-gateway.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/en/docs/deploy-and-publish/deploy-on-gateway/api-gateway/threat-protectors/regular-expression-threat-protection-for-api-gateway.md b/en/docs/deploy-and-publish/deploy-on-gateway/api-gateway/threat-protectors/regular-expression-threat-protection-for-api-gateway.md index 98422161c9..142c5470b7 100644 --- a/en/docs/deploy-and-publish/deploy-on-gateway/api-gateway/threat-protectors/regular-expression-threat-protection-for-api-gateway.md +++ b/en/docs/deploy-and-publish/deploy-on-gateway/api-gateway/threat-protectors/regular-expression-threat-protection-for-api-gateway.md @@ -50,7 +50,7 @@ We recommend the following patterns for denying requests. XPath Injection - .*'.*|.*or.*|.*1=1.*|.*ALTER.*|.*ALTER TABLE.*|.*ALTER VIEW.*|
+ .*'.*|(?\u003C![\w\d])or(?![\w\d])|.*1=1.*|.*ALTER.*|.*ALTER TABLE.*|.*ALTER VIEW.*|
.*CREATE DATABASE.*|.*CREATE PROCEDURE.*|.*CREATE SCHEMA.*|
.*create table.*|.*CREATE VIEW.*|.*DELETE.*|.*DROP DATABASE.*|
.*DROP PROCEDURE.*|.*DROP.*|.*SELECT.*