Detectors
Scan type detector¶
if: scan.type
Use this to match against the type of scan being performed.
Matcher Type: ScanTypeMatcher Available Operators: is, is_not, in Valid Values: REST, GRAPHQL, SOAP, GRPC
Basic Example¶
Match Multiple Types (OR Logic)¶
Common Use Cases¶
- Apply rules only to REST APIs
- Skip rules for specific scan types
- Different behavior based on protocol
Properties¶
is: The scan type is exactly thisis_not: The scan type is not this typein: The scan type is in this list
CRUD detector¶
if: helpers.request.crud
Use this to select against the detected CRUD operation of the request.
Example¶
Properties¶
is: Condition is the request is this CRUD operationis_not: Condition is the request is not this CRUD operationin: Condition is the request is in this list of CRUD operations (exact match)
Response status detector¶
if: response.status_code
Use this to match against the HTTP response status code.
Matcher Type: IntegerMatcher Available Operators: is, is_not, gt, gte, lt, lte, in Values: HTTP status codes (100-599)
Basic Examples¶
# Exact match
detect:
- if: response.status_code
is: 200
# Range match
detect:
- if: response.status_code
gte: 400
- if: response.status_code
lt: 500
# Multiple status codes (OR)
detect:
- if: response.status_code
in: [200, 201, 204]
Common Use Cases¶
- Match successful responses (200-299)
- Detect errors (400-499, 500-599)
- Verify specific status codes
- Check for redirect responses
Common Patterns¶
# Success codes (use helper instead)
detect:
- if: helpers.response.is_successful
is: true
# Client errors
detect:
- if: response.status_code
gte: 400
- if: response.status_code
lt: 500
# Multiple success codes
detect:
- if: response.status_code
in: [200, 201, 202, 204]
Tip: For simple success/failure checks, use helpers.response.is_successful instead.
Properties¶
is: Condition is this exact integeris_not: Condition is not this exact integerin: Condition is in this list of integers (exact match)gt: Condition is greater than this integerlt: Condition is less than this integer
Response duration detector¶
if: response.duration_ms
Use this to compare the duration of the request in milliseconds.
Example¶
Properties¶
is: Condition is this exact integeris_not: Condition is not this exact integerin: Condition is in this list of integers (exact match)gt: Condition is greater than this integerlt: Condition is less than this integer
Schema authentication detector¶
if: schema.need_authentication
Use this to select whether or not the schema requires authentication.
Example¶
Properties¶
is: Condition is trueis_not: Condition is false
Request authentication detector¶
if: request.is_authenticated
Use this to select whether or not whether the request is authenticated.
Example¶
Properties¶
is: Condition is trueis_not: Condition is false
Schema path reference detector¶
if: schema.path_ref
Use this to match the operation name (GraphQL) or the path (REST) of the request.
Matcher Type: StringMatcher Available Operators: is, is_not, contains, regex, in
Basic Examples¶
# Exact match
detect:
- if: schema.path_ref
is: /api/users
# Contains substring
detect:
- if: schema.path_ref
contains: /admin/
# Regex pattern
detect:
- if: schema.path_ref
regex: /api/v[0-9]+/admin/.*
Common Use Cases¶
- Target specific endpoints for testing
- Exclude internal/admin paths
- Match versioned API endpoints
- Group similar paths with regex
Properties¶
use_extraction: If True, variable references between {{ }} will be replace with the extracted value (If exists). The string representation of the variable will be used without any extra-processing.is: Condition is this exact stringis_not: Condition is not this exact stringin: Condition is in this list (exact match)contains: Contains this stringregex: Condition is matched on this regex with fullmatch
Response success detector¶
if: helpers.response.is_successful
Use this to check whether the response is successful (2xx status code).
Matcher Type: BooleanMatcher Available Operators: is Valid Values: true, false
This is a helper that checks if the status code is between 200-299.
Basic Examples¶
# Match successful responses
detect:
- if: helpers.response.is_successful
is: true
# Match failed responses
detect:
- if: helpers.response.is_successful
is: false
Common Use Cases¶
- Verify mutations succeeded
- Detect unauthorized access that returned success
- Check if payload bypassed validation
- Detect timing-based vulnerabilities (successful response faster/slower)
Combine with Other Detectors¶
# Unauthenticated mutation succeeded
detect:
- if: helpers.request.crud
is_not: READ
- if: request.is_authenticated
is: false
- if: helpers.response.is_successful
is: true
Properties¶
is: Condition is trueis_not: Condition is false
Schema URL detector¶
if: schema.url
Use this to string compare the URL of the request.
Example¶
Properties¶
use_extraction: If True, variable references between {{ }} will be replace with the extracted value (If exists). The string representation of the variable will be used without any extra-processing.is: Condition is this exact stringis_not: Condition is not this exact stringin: Condition is in this list (exact match)contains: Contains this stringregex: Condition is matched on this regex with fullmatch
Request user detector¶
if: request.user
Use this to match the configured authentication user for the request.
Matcher Type: StringMatcher Available Operators: is, is_not, in, contains Values: User names from your scan authentication configuration
The user name must match what you configured in your scan authentication settings.
Basic Examples¶
# Match specific user
detect:
- if: request.user
is: admin
# Exclude admin
detect:
- if: request.user
is_not: admin
# Match any privileged user
detect:
- if: request.user
in: [admin, superuser, moderator]
Common Use Cases¶
- Test authorization boundaries
- Ensure non-admin users can't access admin endpoints
- Verify privilege escalation isn't possible
- Different behavior based on user role
Typical Patterns¶
# Non-admin delete succeeded (authorization issue)
detect:
- if: helpers.request.crud
is: DELETE
- if: request.user
is_not: admin
- if: helpers.response.is_successful
is: true
Properties¶
use_extraction: If True, variable references between {{ }} will be replace with the extracted value (If exists). The string representation of the variable will be used without any extra-processing.is: Condition is this exact stringis_not: Condition is not this exact stringin: Condition is in this list (exact match)contains: Contains this stringregex: Condition is matched on this regex with fullmatch
Request headers detector¶
if: request.headers
Use that to select and compare the request headers in a key value dictionary.
Example¶
Properties¶
key: Key to matchvalue: Value to match
Response headers detector¶
if: response.headers
Use that to select and compare the response headers in a key value dictionary.
Example¶
Properties¶
key: Key to matchvalue: Value to match
Response body JSON detector¶
if: response.body.json
Use this to select and compare the response body when detected as JSON, using jq-like syntax.
Example 1¶
Example 2¶
Properties¶
use_extraction: If True, variable references between {{ }} will be replace with the extracted value (If exists). The string representation of the variable will be used without any extra-processing.is: Condition is this exact JSONis_not: Condition is not this exact JSONin: Condition is in this list of JSONjq: JQ query to match and use as boolean. Ifuse_extractionis True, only this attribute will be parsed (if set).
Request body JSON detector¶
if: request.body.json
Use this to select and compare the request body when detected as JSON, using jq-like syntax.
Example 1¶
Example 2¶
Properties¶
use_extraction: If True, variable references between {{ }} will be replace with the extracted value (If exists). The string representation of the variable will be used without any extra-processing.is: Condition is this exact JSONis_not: Condition is not this exact JSONin: Condition is in this list of JSONjq: JQ query to match and use as boolean. Ifuse_extractionis True, only this attribute will be parsed (if set).
Response body text detector¶
if: response.body.text
Use this to select and compare the response body as text, using string compare.
Example¶
Properties¶
use_extraction: If True, variable references between {{ }} will be replace with the extracted value (If exists). The string representation of the variable will be used without any extra-processing.is: Condition is this exact stringis_not: Condition is not this exact stringin: Condition is in this list (exact match)contains: Contains this stringregex: Condition is matched on this regex with fullmatch
Request body text detector¶
if: request.body.text
Use this to select and compare the request body as text, using string compare.
Example¶
Properties¶
use_extraction: If True, variable references between {{ }} will be replace with the extracted value (If exists). The string representation of the variable will be used without any extra-processing.is: Condition is this exact stringis_not: Condition is not this exact stringin: Condition is in this list (exact match)contains: Contains this stringregex: Condition is matched on this regex with fullmatch
Request object detector¶
if: request.object
Use this to select and compare the detected object scalars (including custom scalars) in the request, with their kind, name and value.
Example¶
Properties¶
type: Object scalar type to matchname: Object scalar name to matchvalue: Object scalar value to match
Response object detector¶
if: response.object
Use this to select and compare the detected object scalars (including custom scalars) in the response, with their kind, name and value.
Example¶
Properties¶
type: Object scalar type to matchname: Object scalar name to matchvalue: Object scalar value to match
JSON matches count detector¶
if: helpers.json_matches.count
Use this to count the number of times a JSON match is in the current and original response.
Properties¶
is: Condition is this exact integeris_not: Condition is not this exact integerin: Condition is in this list of integers (exact match)gt: Condition is greater than this integerlt: Condition is less than this integerjq: Use this to select the exact JSON you want to compare between the current and original response.
Regex matches count detector¶
if: helpers.regex_matches.count
Use this to count the number of times a regex match is in the current and original response.
Properties¶
is: Condition is this exact integeris_not: Condition is not this exact integerin: Condition is in this list of integers (exact match)gt: Condition is greater than this integerlt: Condition is less than this integerregex: Condition is matched on this regex with fullmatch
Fingerprint count detector¶
if: helpers.fingerprints.count
Use this to select and compare the count of unique fingerprints of the current and original response.
Properties¶
is: Condition is this exact integeris_not: Condition is not this exact integerin: Condition is in this list of integers (exact match)gt: Condition is greater than this integerlt: Condition is less than this integer
Fingerprint equality detector¶
if: helpers.fingerprints.same
Use this to determine whether the current and original responses have the same fingerprint.
Properties¶
is: Condition is trueis_not: Condition is false
JSON matches all detector¶
if: helpers.json_matches.all
Use this to determine whether every the current and original responses contain the same JSON fragment.
Properties¶
is: Condition is trueis_not: Condition is falsejq: Use this to select the exact JSON you want to compare between the current and original response.
Regex matches all detector¶
if: helpers.regex_matches.all
Use this to determine whether every the current and original responses match the same regular expression.
Properties¶
is: Condition is trueis_not: Condition is falseregex: Condition is matched on this regex with fullmatch