We recently upgraded from version 9.0 to 9.2 of the gateway, just to find that the logic in many of our policies started to fail. Apparently there was a change in the way the Evaluate JSON Path Expression assertion works.
After looking into the release notes I found a known issue in 9.1. The issue (SSG-13320) addresses the possibility to find an empty array.
But what the assertion now appears to do is to make any expression return "found", and the assertion evaluates to true, even when the jsonpath is totally absent.
Is this really the intended behavior of that assertion?
I would have expected a found = false and assertion fail if the json attribute name is not present (like the previous behaviour).
This looks totally broken to me. Anyone else had issues with this?
This means that we need to change a lot of our policy logic around json parsing.
Please open a support case for this and reference DE278819. We are investigating some similar behavior internally.
We recently upgraded to 9.2 and are seeing the same behavior. Did this issue ever get a support case opened against it? If so, is there a patch or fix for it?
A development ticket is currently open to address this and a fix in the works. Unfortunately there is currently no ETA available for it's release.