“Protect Against Code Injection” assertion “ does not work in conjunction with "Validate JSON Schema V4" in CA API Gateway V10.1 and CA API Gateway V10 CR01.
When “JSON Schema V4 assertion” is applied prior to “Protect Against Code Injection [Body] Assertion” and “LDAP Search Injection” option is selected
and there is a incoming request payload with LDAP Search Injection threat in it, it is not detecting by the LDAP Search Injection Threat assertion .
If we apply only “Protect Against Code Injection [Body] Assertion by Selecting “LDAP Search Injection” option without “JSON Schema V4 assertion”
it is detecting “LDAP Search Injection” threat in the incoming request, or change the sequence.
This problem does not occur with CA API Gateway V10 GA.
Release : 10 CR1 and above 10.1
Component : API GATEWAY
This is a known issue and a fix for this will be included in the next CR for GW10 CR5 and GW10.1 CR1.
If there is a urgent need for a solution on the current release please open a support case to discuss other options .