Detectors
Scan type detector
if: scan.type
Use this to select against the type of the scan.
Example
detect:
- if: scan.type
is: REST
Properties
is: The scan type is exactly thisis_not: The scan type is not this typein: The scan type is in this list
CRUD detector
if: helpers.request.crud
Use this to select against the detected CRUD operation of the request.
Example
detect:
- if: helpers.request.crud
in:
- CREATE
- UPDATE
Properties
is: Condition is the request is this CRUD operationis_not: Condition is the request is not this CRUD operationin: Condition is the request is in this list of CRUD operations (exact match)
Response status detector
if: response.status_code
Use this to compare the HTTP status code as an integer.
Example
detect:
- if: response.status_code
is: 200
Properties
is: Condition is this exact integeris_not: Condition is not this exact integerin: Condition is in this list of integers (exact match)gt: Condition is greater than this integerlt: Condition is less than this integer
Response duration detector
if: response.duration_ms
Use this to compare the duration of the request in milliseconds.
Example
detect:
- if: response.duration_ms
gt: 200
Properties
is: Condition is this exact integeris_not: Condition is not this exact integerin: Condition is in this list of integers (exact match)gt: Condition is greater than this integerlt: Condition is less than this integer
Schema authentication detector
if: schema.need_authentication
Use this to select whether or not the schema requires authentication.
Example
detect:
- if: schema.need_authentication
is: false
Properties
is: Condition is trueis_not: Condition is false
Request authentication detector
if: request.is_authenticated
Use this to select whether or not whether the request is authenticated.
Example
detect:
- if: request.is_authenticated
is: true
Properties
is: Condition is trueis_not: Condition is false
Schema path reference detector
if: schema.path_ref
Use this to string compare the operation name in GraphQL or the path in REST.
Example
detect:
- if: schema.path_ref
contains: /admin/secrets
Properties
is: Condition is this exact stringis_not: Condition is not this exact stringin: Condition is in this list (exact match)contains: Contains this stringregex: Condition is matched on this regex with fullmatch
Response success detector
if: helpers.response.is_successful
Use this to check whether the response is successful.
Example
detect:
- if: helpers.response.is_successful
is: true
Properties
is: Condition is trueis_not: Condition is false
Schema URL detector
if: schema.url
Use this to string compare the URL of the request.
Example
detect:
- if: schema.url
regex: .*(internal|private).*
Properties
is: Condition is this exact stringis_not: Condition is not this exact stringin: Condition is in this list (exact match)contains: Contains this stringregex: Condition is matched on this regex with fullmatch
Request user detector
if: request.user
Use this to string compare the configured user for the request.
Example
detect:
- if: request.user
is: unprivileged_user
Properties
is: Condition is this exact stringis_not: Condition is not this exact stringin: Condition is in this list (exact match)contains: Contains this stringregex: Condition is matched on this regex with fullmatch
Request headers detector
if: request.headers
Use that to select and compare the request headers in a key value dictionary.
Example
detect:
- if: request.headers
key:
is: "X-OPERATION"
value:
is: "PAY"
Properties
key: Key to matchvalue: Value to match
Response headers detector
if: response.headers
Use that to select and compare the response headers in a key value dictionary.
Example
detect:
- if: response.headers
key:
is: "X-RESULT"
value:
is: "PAID"
Properties
key: Key to matchvalue: Value to match
Response body JSON detector
if: response.body.json
Use this to select and compare the response body when detected as JSON, using jq-like syntax.
Example
detect:
- if: response.body.json
is:
jq: ".role == admin"
Properties
is: Condition is this exact JSONis_not: Condition is not this exact JSONin: Condition is in this list of JSONjq: JQ query to match and use as boolean
Request body JSON detector
if: request.body.json
Use this to select and compare the request body when detected as JSON, using jq-like syntax.
Example
detect:
- if: request.body.json
is:
jq: ".role == admin"
Properties
is: Condition is this exact JSONis_not: Condition is not this exact JSONin: Condition is in this list of JSONjq: JQ query to match and use as boolean
Response body text detector
if: response.body.text
Use this to select and compare the response body as text, using string compare.
Example
detect:
- if: request.body.text
is_not: "unauthorized"
Properties
is: Condition is this exact stringis_not: Condition is not this exact stringin: Condition is in this list (exact match)contains: Contains this stringregex: Condition is matched on this regex with fullmatch
Request body text detector
if: request.body.text
Use this to select and compare the request body as text, using string compare.
Example
detect:
- if: request.body.text
contains: "password="
Properties
is: Condition is this exact stringis_not: Condition is not this exact stringin: Condition is in this list (exact match)contains: Contains this stringregex: Condition is matched on this regex with fullmatch
Request object detector
if: request.object
Use this to select and compare the detected object scalars (including custom scalars) in the request, with their kind, name and value.
Example
detect:
- if: request.object
type:
in:
- email
- phone
- street_address
Properties
type: Object scalar type to matchname: Object scalar name to matchvalue: Object scalar value to match
Response object detector
if: response.object
Use this to select and compare the detected object scalars (including custom scalars) in the response, with their kind, name and value.
Example
detect:
- if: response.object
type:
in:
- email
- phone
- street_address
Properties
type: Object scalar type to matchname: Object scalar name to matchvalue: Object scalar value to match