Enum PathSyntaxPolicy
- java.lang.Object
-
- java.lang.Enum<PathSyntaxPolicy>
-
- oracle.dbtools.plugin.api.http.annotations.PathSyntaxPolicy
-
- All Implemented Interfaces:
java.io.Serializable,java.lang.Comparable<PathSyntaxPolicy>
public enum PathSyntaxPolicy extends java.lang.Enum<PathSyntaxPolicy>
Determines what validation is performed on the path portion of a request URI. Path based attacks are a common vulnerability in web applications and arise when there are defects in how a web application uses (directly or indirectly) APIs that operate on file-system objects. To protect against many well known attacks, suspicious path name patterns that should not have a legitimate use case (or uncommon edge cases) are tested for at the start of processing. If a suspicious path is encountered then the request is rejected with a 400 Bad Request status.Path Syntax Rules
These tests restrict valid file names to a subset of names that are valid on both Windows and UNIX operating systems and that do not represent attempts to exploit potential weaknesses in underlying APIs such as strings containing null characters or percent encoded characters.
The following tests are applied:
- Is not empty or whitespace only
- Does not contain any of the following characters:
<,>,:,",|,?,*,#,;,%, - Does not contain the null character (