I have configured a AWS API gateway (GET and POST ) method for pet store project(POC) and have to configure few WAF rules to my below sample JSON structure.
[
{
"id": 1,
"type": "dog",
"price": 249.99
},
{
"id": 2,
"type": "cat",
"price": 124.99
},
{
"id": 3,
"type": "fish",
"price": 0.99
}
]
Now I'm trying to configure a custom AWS WAF rules with the help of Rule builder.
WAF rule 1 : Object Entry count(10)
If JSON body Object Entry count is more than 10+ then WAF custom rule( regular expression ) should block that API request.
I created a regular expression like below :
"[^"]":\s("[^"]"|\d|true|false|null)(,\s*"[^"]":\s("[^"]"|\d|true|false|null)){0,9}
WAF rule 2: Array Entry Count(20) If JSON body Array Entry count is more than 20+ then WAF custom rule should block that API request.
\[([^\[\]]("[^"]")[^\[\]](,\s[^\[\]]("[^"]")[^\[\]]*){0,119})?\]
WAF rule3 : Container Depth(6) JSON body Container Depth is not more than 6. If more, then WAF custom rule should block that API request.
[^\{\}]\{[^\{\}]\{[^\{\}]\{[^\{\}]\{[^\{\}]\{[^\{\}]\}
Now my question is that How can I verify regular expression syntax and test it for above requirements? I feel syntax is wrong, but I'm not sure about this. Can someone please help me to resolve this case?