Skip to content

Security Test: Directive overloading

Description

Default Severity:

Directive overloading occurs when an attacker submits too many instructions at once to a system that processes commands, tricking it into overworking or bypassing its normal checks. This can cause the engine to slow down or even crash, and in some cases, allow attackers to manipulate outcomes or access restricted areas of the system. Developers often fall into pitfalls by not limiting the number of commands allowed or failing to validate the input properly, which can lead to denial of service or other more severe security breaches if left unchecked.

Configuration

Identifier: resource_limitation/graphql_directive_overload

Examples

All configuration available:

checks:
  resource_limitation/graphql_directive_overload:
    skip: false # default
    options:
      threshold: 50 # default

Options

Options can be set in the options key of the Security Test Configuration.

Property Type Default Description
threshold number 50 Maximum number of directives allowed before raising an alert in the fast check.

Compliance and Standards

Standard Value
OWASP API Top 10 API8:2023
OWASP LLM Top 10 LLM04:2023
PCI DSS 6.5.10
GDPR Article-32
SOC2 CC1
PSD2 Article-95
ISO 27001 A.14.2
NIST SP800-53
FedRAMP AC-2
CWE 400
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:R
CVSS Score 6.9