{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "#/components/schemas/InjectionProtectionPluginConfig",
  "title": "InjectionProtectionPluginConfig",
  "x-speakeasy-entity": "PluginInjectionProtection",
  "properties": {
    "config": {
      "type": "object",
      "properties": {
        "custom_injections": {
          "description": "Custom regexes to check for.",
          "type": "array",
          "items": {
            "properties": {
              "name": {
                "description": "A unique name for this injection.",
                "type": "string"
              },
              "regex": {
                "description": "The regex to match against.",
                "type": "string"
              }
            },
            "required": [
              "name",
              "regex"
            ],
            "type": "object"
          }
        },
        "enforcement_mode": {
          "description": "Enforcement mode of the security policy.",
          "type": "string",
          "default": "block",
          "enum": [
            "block",
            "log_only"
          ]
        },
        "error_message": {
          "description": "The response message when validation fails",
          "type": "string",
          "default": "Bad Request"
        },
        "error_status_code": {
          "description": "The response status code when validation fails.",
          "type": "integer",
          "default": 400,
          "maximum": 499,
          "minimum": 400
        },
        "injection_types": {
          "description": "The type of injections to check for.",
          "type": "array",
          "items": {
            "enum": [
              "java_exception",
              "js",
              "sql",
              "sql_low_sensitivity",
              "ssi",
              "xpath_abbreviated",
              "xpath_extended"
            ],
            "type": "string"
          },
          "default": [
            "sql"
          ]
        },
        "locations": {
          "description": "The locations to check for injection.",
          "type": "array",
          "items": {
            "enum": [
              "body",
              "headers",
              "path",
              "path_and_query",
              "query"
            ],
            "type": "string"
          },
          "default": [
            "path_and_query"
          ]
        }
      }
    },
    "name": {
      "const": "injection-protection"
    },
    "protocols": {
      "description": "A set of strings representing HTTP protocols.",
      "type": "array",
      "items": {
        "enum": [
          "grpc",
          "grpcs",
          "http",
          "https"
        ],
        "type": "string"
      },
      "format": "set",
      "default": [
        "grpc",
        "grpcs",
        "http",
        "https"
      ]
    },
    "route": {
      "description": "If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.",
      "type": "object",
      "additionalProperties": false,
      "properties": {
        "id": {
          "type": "string"
        }
      }
    },
    "service": {
      "description": "If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.",
      "type": "object",
      "additionalProperties": false,
      "properties": {
        "id": {
          "type": "string"
        }
      }
    }
  }
}