Skip to content

Transformations

The transformations are defined right after the Seeders, and before the detection and alerting.

You can write powerful trigger-then-mutate blocks to trigger the mutation on a specific request or response.

These leverage the detectors and mutators, that will be covered in next sections.

Trigger Logic

IMPORTANT: The trigger list uses AND logic by default. All detectors in the list must match for the trigger to activate.

To use OR logic, you must explicitly use the or operator (see examples below).

Basic Example (AND logic)

transform:
  trigger:
    # ALL of these conditions must be true (AND logic)
    - if: response.status_code
      is: 200
    - if: request.headers
      key:
        is: 'X-Forwarded-For'
      value:
        is: 'http://company.com'
  mutate:
    - key: request.headers
      name: 'X-Forwarded-For'
      value: 'http://localhost'

OR Logic Example

To use OR logic, wrap your conditions in an or block:

transform:
  trigger:
    # ANY of these conditions must be true (OR logic)
    - if: or
      or:
        - if: response.status_code
          is: 200
        - if: response.status_code
          is: 201
        - if: response.status_code
          is: 204
  mutate:
    - key: request.method
      value: DELETE

Combining AND and OR Logic

You can combine AND and OR logic for complex conditions:

transform:
  trigger:
    # This AND that (OR of those)
    - if: helpers.response.is_successful
      is: true
    - if: or  # At least one of these must match
      or:
        - if: request.headers
          key:
            is: 'X-API-Version'
          value:
            is: 'V2'
        - if: request.headers
          key:
            is: 'X-API-Version'
          value:
            is: 'V3'
  mutate:
    - key: request.headers
      name: 'X-API-Version'
      value: 'V1'

NOT Logic Example

Use the not operator to negate a condition:

transform:
  trigger:
    - if: response.status_code
      is: 200
    - if: not  # This condition must NOT be true
      not:
        if: request.user
        is: admin
  mutate:
    - key: request.user
      value: admin

Complex Example

Combining AND, OR, and NOT operators:

transform:
  trigger:
    # Successful response
    - if: helpers.response.is_successful
      is: true
    # AND (CREATE or UPDATE request)
    - if: or
      or:
        - if: helpers.request.crud
          is: CREATE
        - if: helpers.request.crud
          is: UPDATE
    # AND NOT an admin user
    - if: not
      not:
        if: request.user
        is: admin
    # AND specific path
    - if: schema.path_ref
      is: /users
  mutate:
    - key: request.method
      value: DELETE

Nested OR within AND Example

transform:
  trigger:
    # Must be a POST or PUT request (OR)
    - if: or
      or:
        - if: request.method
          is: POST
        - if: request.method
          is: PUT
    # AND must have JSON body with sensitive data (AND)
    - if: request.body.json
      is:
        jq: '.password != null or .ssn != null'
  mutate:
    - key: request.body.json
      jq: 'del(.password, .ssn)'

Properties

  • trigger: The detectors to trigger the transform on the request or response. Detectors
  • mutate: The mutations to apply to the request and replay it. See Mutators