Skip to content

Custom Rules

As you already know, Escape's built-in tests are pretty extensive and cover a lot of security vulnerabilities and concerns. But we know that you might have very specific use-cases, and that's why we've made it possible for you to create your own custom rules.

These will enable you to build your own governance and apply it at scale, in a simple language that is powerful thanks to Escape's inference engine.

Format

A custom rule is a YAML file that defines the following blocks:

  • Alerting is used define the alert format, it's severity…
  • Detectors are used to detect if an alert must be raised by inspecting queries.
  • Seeders are used to seed the scan with requests (optional).

Examples

Minimal example

type: WEBAPP
alert:
  name: Login successful
  context: >
    The user has successfully logged in.
  severity: INFO
  category: ACCESS_CONTROL
seed:
  - action: goto
    url: https://example.com/login
detect:
  - if: page_text
    contains: "Welcome"

JS Assertion example

type: WEBAPP
alert:
  name: Login successful
  context: >
    The user has successfully logged in.
  severity: INFO
  category: ACCESS_CONTROL
seed:
  - action: goto
    url: https://example.com/login
detect:
  - if: js_assertion
    code: |
      document.title.includes("Login")

Properties

  • id: The unique identifier of the custom rule. It is provided by Escape, do not set it manually.
  • alert: The alert to raise if the detection conditions are met. See Alerting
  • type: The type of the custom rule. It is provided by Escape, do not set it manually.
  • seed: A list of requests to seed the scan. See Seeders
  • detect: The conditions to trigger the alert. See Detectors

Index

  •    Alerting

  •    Detectors

  •    Seeders

  •    Custom Rules Reference