[API Policies] JSON Schema Guardrail Policy Issue

[DakshithaS]

Overview

Security Vulnerability - Potential SSRF attacks through remote schema loading in JSON validation.

---

Issue Details

Potential SSRF via Remote Schema Loading

File: go.mod (gojsonschema v1.2.0)

Description:
The go.mod indicates use of gojsonschema v1.2.0, which by default automatically loads and fetches remote schemas via HTTP/file when encountering $ref directives. If untrusted schema content is processed, this enables SSRF attacks and remote code injection.

Risk Factors:

• Automatic remote schema loading via $ref directives
• No restriction on HTTP/file access
• Potential for accessing internal services
• Library version from 2019 (no longer actively maintained)

Recommended Mitigations:

• Restrict or disable automatic remote schema loading
• Treat all schemas as trusted, locked code
• Enforce input size limits and timeouts
• Use SchemaLoader with explicit controls (custom http.Client with timeouts, allowlist validation)
• Consider dependency scanning in build pipeline

Impact:
Malicious schemas can cause the application to make unauthorized network requests or load remote content.

Reference

• Consolidate APIM policies into gateway-controllers repository gateway-controllers#1