From 951788e7d2051b7dec7fba58aef7ea0ab8d670c9 Mon Sep 17 00:00:00 2001 From: cf-matthias <137851963+cf-matthias@users.noreply.github.com> Date: Wed, 9 Oct 2024 12:49:59 +0900 Subject: [PATCH 1/3] Add reference for ruleset function documentation CUSTESC-44950 This is to help customers craft custom scan expressions with nested JSON fields. --- .../docs/waf/detections/malicious-uploads/get-started.mdx | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/content/docs/waf/detections/malicious-uploads/get-started.mdx b/src/content/docs/waf/detections/malicious-uploads/get-started.mdx index 2a3f8e881b2c59..a3d29d9a531fa6 100644 --- a/src/content/docs/waf/detections/malicious-uploads/get-started.mdx +++ b/src/content/docs/waf/detections/malicious-uploads/get-started.mdx @@ -148,6 +148,8 @@ The custom scan expression will scan any string found in an HTTP body with the f { "file": "" } ``` +Refer to our [rulesets functions](/ruleset-engine/rules-language/functions/#lookup_json_string) documentation for details and further examples when looking up fields in nested JSON payloads. + :::note The content scanner will automatically decode Base64 strings. ::: From 1e259da26ebd8969f829251a01d79728db5bbcfd Mon Sep 17 00:00:00 2001 From: Pedro Sousa <680496+pedrosousa@users.noreply.github.com> Date: Wed, 9 Oct 2024 12:02:11 +0100 Subject: [PATCH 2/3] PCX review --- .../docs/waf/detections/malicious-uploads/get-started.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/waf/detections/malicious-uploads/get-started.mdx b/src/content/docs/waf/detections/malicious-uploads/get-started.mdx index a3d29d9a531fa6..21f221d87dfc70 100644 --- a/src/content/docs/waf/detections/malicious-uploads/get-started.mdx +++ b/src/content/docs/waf/detections/malicious-uploads/get-started.mdx @@ -148,7 +148,7 @@ The custom scan expression will scan any string found in an HTTP body with the f { "file": "" } ``` -Refer to our [rulesets functions](/ruleset-engine/rules-language/functions/#lookup_json_string) documentation for details and further examples when looking up fields in nested JSON payloads. +Refer to the [`lookup_json_string()` function reference](/ruleset-engine/rules-language/functions/#lookup_json_string) for more information and for additional examples of looking up fields in nested JSON payloads. :::note The content scanner will automatically decode Base64 strings. From 6269579366ee4dffd06b9d838349af744573de37 Mon Sep 17 00:00:00 2001 From: Pedro Sousa <680496+pedrosousa@users.noreply.github.com> Date: Wed, 9 Oct 2024 12:46:40 +0100 Subject: [PATCH 3/3] Small update --- .../docs/waf/detections/malicious-uploads/get-started.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/waf/detections/malicious-uploads/get-started.mdx b/src/content/docs/waf/detections/malicious-uploads/get-started.mdx index 21f221d87dfc70..ffa7b689bc252d 100644 --- a/src/content/docs/waf/detections/malicious-uploads/get-started.mdx +++ b/src/content/docs/waf/detections/malicious-uploads/get-started.mdx @@ -148,7 +148,7 @@ The custom scan expression will scan any string found in an HTTP body with the f { "file": "" } ``` -Refer to the [`lookup_json_string()` function reference](/ruleset-engine/rules-language/functions/#lookup_json_string) for more information and for additional examples of looking up fields in nested JSON payloads. +Refer to the [`lookup_json_string()` function reference](/ruleset-engine/rules-language/functions/#lookup_json_string) for more information and additional examples of looking up fields in nested JSON payloads. :::note The content scanner will automatically decode Base64 strings.