Comment on page
Validation

This section describes the conditions that serve as validation criteria for determining whether a particular endpoint is vulnerable to a given test.
Syntax
The syntax is the similar to API Selection Filters. The operators used for filtering or selecting APIs to run for testing are also used to validate whether the test attempt is vulnerable.
Let’s look at few examples and understand how to write validations -
Example 1
1
# Validation Scenario - 
2
# condition 1: Response Code Should be either 200 or 201.
3
# condition 2: Response Payload Should contain a key whose value contains substring “admin”
4
# condition 3: Response Headers Should contain a key “origin”
5
# All conditions are mandatory.
6
# Sample Yaml - 
7
​
8
validate:
9
  response_code:
10
    or:
11
      eq: 200
12
      eq: 201
13
  response_payload:
14
    for_one:
15
      value:
16
        contains_either: admin
17
  response_headers:
18
    for_one:
19
      key:
20
        eq: origin
Example 2
1
# Validation Scenario 
2
# condition 1: Response Length Should be greater than 0
3
# condition 2: Response Payload Should contain a key named username whose value contains substring testuser or defaultuser
4
# condition 3: Response Headers Should contain a value which is of url type
5
# All conditions are mandatory.
6
​
7
validate:
8
  response_code:
9
    or:
10
      eq: 200
11
      eq: 201
12
  response_payload:
13
    for_one:
14
      key:
15
        eq: user
16
      value:
17
        contains_either: 
18
            - testuser
19
            - defaultuser
20
  response_headers:
21
    for_one:
22
      value:
23
        regex: https?:.*
Auth
Next - Test Editor
Editing built in test
Last modified 4mo ago