Amazon_ApiGateway_3

Ensure that all requestValidatorId in API Gateway are not null

Description

Before you send the API request to your server to be process. It is recommended to validate the inputs to avoid several types of attacks.API Gateway can perform the basic validation. This enables you, the API developer, to focus on app-specific deep validation in the backend.

For the basic validation, API Gateway verifies either or both of the following conditions:

  • The required request parameters in the URI, query string, and headers of an incoming request are included and non-blank.
    The applicable request payload adheres to the configured JSON schema request model of the method.
  • To enable basic validation, you specify validation rules in a request validator, add the validator to the API’s map of request validators, and assign the validator to individual API methods.
Note :

Request body validation and request body passthrough are two separate issues.

Remediation

Set up basic request validation using the API Gateway console

The API Gateway console lets you set up the basic request validation on a method using one of the three validators:

  • Validate body: This is the body-only validator.
  • Validate query string parameters and headers: This is the parameters-only validator.
  • Validate body, query string parameters, and headers: This validator is for both body and parameters validation.

When you choose one of the above validators to enable it on an API method, the API Gateway console adds the validator to the API’s RequestValidators map if the validator has not already been added to the validators map of the API.

To enable a request validator on a method

  1. Sign in to the API Gateway console if you’re not already logged in.
  2. Create a new or choose an existing API.
  3. Create a new or choose an existing resource of the API.
  4. Create a new or choose an existing method the resource.
  5. Choose Method Request.
  6. Choose the pencil icon of Request Validator under Settings.
  7. Choose Validate bodyValidate query string parameters and headers, or Validate body, query string parameters, and headers from the Request Validator drop-down list. Then choose the check mark icon to save your choice.

FOR :

see reference.

References :

Enable request validation in API Gateway – Amazon API Gateway

Service

API Gateway

Severity

High

Compliance

Mapping

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!