JSON Policy Settings
[Policy] > [Basic Decontamination Policy] > [JSON] Settings
The JSON tab sets policies to block security threats that may be included in JSON files.
You can defend against JSON-based attacks by controlling duplicate keys, executable links, embedded files, dangerous keys, operators, and more.
⚠️ The permission to set the basic de-identification policy is granted to [Administrator Type - System Administrator], and
Administrator permission settings can be configured in [Administrator Settings] > [Account and Permission Management].
Detailed Description of Settings Items
| Policy Name | Description |
|---|---|
| Setting to Block Duplicate Keys in JSON | Set whether to block when there are duplicate keys in JSON. If keys are duplicated, it is unpredictable which value will be applied, and permissions or settings may change. --- There is a case where administrator privileges were obtained by exploiting this vulnerability (CVE-2017-12635). |
| Blocking settings for specified executable links | Specifies the executable link schemes to block when included in JSON. Executable schemes such as javascript, data, vbscript, and file can trigger code execution or file access when clicked. Input example) javascript;data;vbscript;file; |
| Blocking settings for specified built-in file formats (MIME) | Specifies the file types (MIME) to block when included in JSON. A JSON file can contain files encoded in base64, which poses a risk of executing malicious code. --- It is recommended to block executable files such as EXE or DLL by default. Setting it to an empty value will block all file types. Input example) application/x-dosexec;application/zip; |
| Blocking Configuration for Designated Risk Keys | Specifies the risky keys to block when including in JSON. __proto__, constructor, etc. are risky keys that can change internal operations and alter permissions/settings. (Related case: CVE-2018-16487) Input example) __proto__;constructor; |
| Setting Blocked Operators | Specify the operators to block when including in JSON. The $ operator used in databases like MongoDB can execute arbitrary commands, which can lead to data tampering, theft, and privilege escalation. Input example) $where;$eval; |
Input Rules and Precautions
- Blocking settings for specified executable linksYou can enter multiple schemes separated by semicolons (;).
- **Blocking settings for specified built-in file formats (MIME)**The MIME types are entered separated by semicolons (;), and setting it to an empty value will block all file types.
- Blocking Configuration for Designated Risk KeysYou can enter multiple keys separated by semicolons (;).
- Setting Blocked OperatorsYou can enter multiple operators separated by semicolons (;).
Notes
| Terminology | Definition | Security Threats |
|---|---|---|
| Duplicate Key | When the same key is used more than once in a JSON file | It is unpredictable what value will be applied, so permissions or settings may change. |
| Executable Link Scheme | A protocol that triggers code execution or file access when clicking on javascript, data, vbscript, file, etc. | It can lead to the execution of malicious code or access to the file system. |
| Embedded File (Base64) | Files included in a JSON file encoded in base64 | Malware can be included in the form of a file and executed. |
| Risk Key | Special keys that can change the internal workings of JavaScript, such as __proto__ and constructor. | Prototype pollution attacks can change permissions or settings. |
| $ operator | Query operators used in NoSQL databases like MongoDB | Executing arbitrary commands can lead to data tampering, theft, and privilege escalation. |
- After changing the settings, you can check the records and restore them in the [Policy Change History] menu.