“Protect Against Code Injection” assertion “  does not work  in conjunction with "Validate JSON Schema V4"  in CA API Gateway  V10.1 and CA API Gateway  V10 CR01.

When “JSON Schema V4 assertion” is applied prior to “Protect Against Code Injection [Body] Assertion” and “LDAP Search Injection” option is selected

and there is a incoming request payload with  LDAP Search Injection threat in it,  it is not detecting by the LDAP Search Injection Threat assertion .

If we apply only “Protect Against Code Injection [Body] Assertion by Selecting “LDAP Search Injection” option without “JSON Schema V4 assertion”

it is detecting “LDAP Search Injection” threat in the incoming request, or change the sequence.

This problem does not occur with CA API Gateway V10 GA. 

Release : 10 CR1 and above 10.1

Component : API GATEWAY

This is a known issue and a fix for this will be included in the next CR  for GW10 CR5 and GW10.1  CR1.

If there is a urgent need for a solution on  the current release  please open a support case to discuss other options .