JSON parsing error: lexical error: invalid char in json text.\\x0a (Unsolved)

[001appsec007]

This issue is unsolved & closed in #1964 JSON payload is not valid which is known already because ENTER is added in payload and asked to verify to reproduce this issue which is expected..

But in actual payload which we don't have any ENTER or special character still it's failing below VALID dummy payload shared to verify once again..

OWASP CRS 3.0

"message": "Failed to parse request body.",
"details": {
"message": "Warning. Match of "eq 0" against "REQBODY_ERROR" required.",
"data": "JSON parsing error: lexical error: invalid char in json text.\x0a",
"file": "rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf",
"line": "143"
},

POST request with JSON payload sent but not special characters or empty string and it's very strange issue to get it resolved.

Dummy Payload below...
{"test_val":false,"test":[{"test":"test_test_test.doc","_val":"1-a1b2c3d4e5e7e8e9te","testTypeDiff":"valueTest","state":"process","_values":{"test":0,"testone":["a1b2c3d4e5e7e8e9te"]},"testID":"test:+0000000000","testQ":"test:+0000000000","_test":"test_test_test.doc","testType":"dummy","testValue":"testValue","work":"8.0"}]}

The above one is valid JSON but still we are getting "JSON parsing error: lexical error: invalid char in json text.\x0a".

We verified HEX values \x0A (Line Feed Character) & 5C also in PCAP but still facing same error. Could you please help on this.

Similar Issue
JSON parsing error: lexical error: invalid char in json text.\x0a #1964
owasp-modsecurity/ModSecurity-nginx#125

[zimmerle]

Hi @001appsec007,

Please use gits to send the payload, as the payload that you have placed here is invalid. JSON cannot contains x0A or \n or even new line (all the same, represented differently).

In order to help you, we need to understand several things, to begin with: What is your ModSecurity version? Is that happens in all payloads or just in this specific one? How can I reproduce?

It seems to me that this is a copy and paste issue. Where: (...) _","val":"1- \n a1b2c3d4e5e7e8e9te" is being copied and paste as new line.

[victorhora]

@001appsec007 please see: #1964 (comment)

@001appsec007 you could use any online JSON lint tool such as: https://jsonlint.com/

{"test_val":false,"test":[{"test":"test_test_test.doc","_val":"1-a1b2c3d4e5e7e8e9te","testTypeDiff":"valueTest","state":"process","_values":{"test":0,"testone":["a1b2c3d4e5e7e8e9te"]},"testID":"test:+0000000000","testQ":"test:+0000000000","_test":"test_test_test.doc","testType":"dummy","testValue":"testValue","work":"8.0"}]}

This JSON in particular shows as valid.

There's a chance that your particular client/library that handles the JSON that gets sent to ModSecurity is screwing up something and breaking the JSON.

Please go over issue #1879 as a user was complaining about a similar problem with JSON parsing, when in the end it was found that the problem was the way that Python was handling the JSONs.

See #1879 (comment) and try to reproduce all those steps to understand where the issue lies. If you are still certain that the issue is with libModSecurity please provide detailed data/logs/confs/reproducible steps (e.g. #1879) to support this with the results of your tests so we can investigate further.

Thanks.

[zimmerle]

Hi @001appsec007,

Did you had a chance to figure what was happening?