Patterns

Use

You can use patterns to restrict the character sets that users can enter. Patterns consist of regular expressions, for which the system does not take upper-case and lower-case into account. For example, the system does not therefore differentiate between the two expressions <script> and <ScRiPt>.

In general, you can restrict the character input in the following ways:

• Blacklists

  A list of this type contains all impermissible characters for which the system is to search. The disadvantage of this approach is that the list must be constantly updated as soon as new attack variants emerge.

• Whitelists

  A list of this type contains all permissible characters. That is, all characters not listed are filtered out.

For the ICM or a Web Dispatcher with a release status of SAP NetWeaver 7.0 or below, the pattern used by the ICM filter is, by default, a blacklist with the following structure:

<\s*script[^>]*>(.*)<\s*/script\s*>

You can change or override this filter to extend or restrict input options (for example, for Internet forums). To do this, in the directory $(DIR_INSTANCE)\sec, create the file sappattern.dat. Enter the impermissible regular expressions (these must be in accordance with the POSIX 1003.2 standard) or specify impermissible words line by line. You do not need to restart the ICM to activate the entries, but rather send the ICM signal SIGHUP. This reinitializes the filter in accordance with the rules of the file sappattern.dat (if this file exists) or the standard pattern.