Links
Comment on page

Validation

This section describes the conditions that serve as validation criteria for determining whether a particular endpoint is vulnerable to a given test.

Syntax

The syntax is the similar to API Selection Filters. The operators used for filtering or selecting APIs to run for testing are also used to validate whether the test attempt is vulnerable.
Let’s look at few examples and understand how to write validations -
Example 1
1
# Validation Scenario -
2
# condition 1: Response Code Should be either 200 or 201.
3
# condition 2: Response Payload Should contain a key whose value contains substring “admin”
4
# condition 3: Response Headers Should contain a key “origin”
5
# All conditions are mandatory.
6
# Sample Yaml -
7
8
validate:
9
response_code:
10
or:
11
eq: 200
12
eq: 201
13
response_payload:
14
for_one:
15
value:
16
contains_either: admin
17
response_headers:
18
for_one:
19
key:
20
eq: origin
Example 2
1
# Validation Scenario
2
# condition 1: Response Length Should be greater than 0
3
# condition 2: Response Payload Should contain a key named username whose value contains substring testuser or defaultuser
4
# condition 3: Response Headers Should contain a value which is of url type
5
# All conditions are mandatory.
6
7
validate:
8
response_code:
9
or:
10
eq: 200
11
eq: 201
12
response_payload:
13
for_one:
14
key:
15
eq: user
16
value:
17
contains_either:
18
- testuser
19
- defaultuser
20
response_headers:
21
for_one:
22
value:
23
regex: https?:.*