Skip to main content

Detectors

Scan type detector

if: scan.type

Use this to select against the type of the scan.

Example

detect:
- if: scan.type
is: REST

Properties

  • is: The scan type is exactly this
  • is_not: The scan type is not this type
  • in: The scan type is in this list

CRUD detector

if: helpers.request.crud

Use this to select against the detected CRUD operation of the request.

Example

detect:
- if: helpers.request.crud
in:
- CREATE
- UPDATE

Properties

  • is: Condition is the request is this CRUD operation
  • is_not: Condition is the request is not this CRUD operation
  • in: Condition is the request is in this list of CRUD operations (exact match)

Response status detector

if: response.status_code

Use this to compare the HTTP status code as an integer.

Example

detect:
- if: response.status_code
is: 200

Properties

  • is: Condition is this exact integer
  • is_not: Condition is not this exact integer
  • in: Condition is in this list of integers (exact match)
  • gt: Condition is greater than this integer
  • lt: Condition is less than this integer

Response duration detector

if: response.duration_ms

Use this to compare the duration of the request in milliseconds.

Example

detect:
- if: response.duration_ms
gt: 200

Properties

  • is: Condition is this exact integer
  • is_not: Condition is not this exact integer
  • in: Condition is in this list of integers (exact match)
  • gt: Condition is greater than this integer
  • lt: Condition is less than this integer

Schema authentication detector

if: schema.need_authentication

Use this to select whether or not the schema requires authentication.

Example

detect:
- if: schema.need_authentication
is: false

Properties

  • is: Condition is true
  • is_not: Condition is false

Request authentication detector

if: request.is_authenticated

Use this to select whether or not whether the request is authenticated.

Example

detect:
- if: request.is_authenticated
is: true

Properties

  • is: Condition is true
  • is_not: Condition is false

Schema path reference detector

if: schema.path_ref

Use this to string compare the operation name in GraphQL or the path in REST.

Example

detect:
- if: schema.path_ref
contains: /admin/secrets

Properties

  • is: Condition is this exact string
  • is_not: Condition is not this exact string
  • in: Condition is in this list (exact match)
  • contains: Contains this string
  • regex: Condition is matched on this regex with fullmatch

Response success detector

if: helpers.response.is_successful

Use this to check whether the response is successful.

Example

detect:
- if: helpers.response.is_successful
is: true

Properties

  • is: Condition is true
  • is_not: Condition is false

Schema URL detector

if: schema.url

Use this to string compare the URL of the request.

Example

detect:
- if: schema.url
regex: .*(internal|private).*

Properties

  • is: Condition is this exact string
  • is_not: Condition is not this exact string
  • in: Condition is in this list (exact match)
  • contains: Contains this string
  • regex: Condition is matched on this regex with fullmatch

Request user detector

if: request.user

Use this to string compare the configured user for the request.

Example

detect:
- if: request.user
is: unprivileged_user

Properties

  • is: Condition is this exact string
  • is_not: Condition is not this exact string
  • in: Condition is in this list (exact match)
  • contains: Contains this string
  • regex: Condition is matched on this regex with fullmatch

Request headers detector

if: request.headers

Use that to select and compare the request headers in a key value dictionary.

Example

detect:
- if: request.headers
key:
is: "X-OPERATION"
value:
is: "PAY"

Properties

  • key: Key to match
  • value: Value to match

Response headers detector

if: response.headers

Use that to select and compare the response headers in a key value dictionary.

Example

detect:
- if: response.headers
key:
is: "X-RESULT"
value:
is: "PAID"

Properties

  • key: Key to match
  • value: Value to match

Response body JSON detector

if: response.body.json

Use this to select and compare the response body when detected as JSON, using jq-like syntax.

Example

detect:
- if: response.body.json
is:
jq: ".role == admin"

Properties

  • is: Condition is this exact JSON
  • is_not: Condition is not this exact JSON
  • in: Condition is in this list of JSON
  • jq: JQ query to match and use as boolean

Request body JSON detector

if: request.body.json

Use this to select and compare the request body when detected as JSON, using jq-like syntax.

Example

detect:
- if: request.body.json
is:
jq: ".role == admin"

Properties

  • is: Condition is this exact JSON
  • is_not: Condition is not this exact JSON
  • in: Condition is in this list of JSON
  • jq: JQ query to match and use as boolean

Response body text detector

if: response.body.text

Use this to select and compare the response body as text, using string compare.

Example

detect:
- if: request.body.text
is_not: "unauthorized"

Properties

  • is: Condition is this exact string
  • is_not: Condition is not this exact string
  • in: Condition is in this list (exact match)
  • contains: Contains this string
  • regex: Condition is matched on this regex with fullmatch

Request body text detector

if: request.body.text

Use this to select and compare the request body as text, using string compare.

Example

detect:
- if: request.body.text
contains: "password="

Properties

  • is: Condition is this exact string
  • is_not: Condition is not this exact string
  • in: Condition is in this list (exact match)
  • contains: Contains this string
  • regex: Condition is matched on this regex with fullmatch

Request object detector

if: request.object

Use this to select and compare the detected object scalars (including custom scalars) in the request, with their kind, name and value.

Example

detect:
- if: request.object
type:
in:
- email
- phone
- street_address

Properties

  • type: Object scalar type to match
  • name: Object scalar name to match
  • value: Object scalar value to match

Response object detector

if: response.object

Use this to select and compare the detected object scalars (including custom scalars) in the response, with their kind, name and value.

Example

detect:
- if: response.object
type:
in:
- email
- phone
- street_address

Properties

  • type: Object scalar type to match
  • name: Object scalar name to match
  • value: Object scalar value to match