Security Test: Duplicate Query/Mutation Name¶

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	Frontend Scanner

Description¶

Default Severity:

This issue occurs when multiple queries or mutations share the same name in your GraphQL schema. Having duplicate operation names can lead to ambiguity in API calls, unexpected behavior, and potential security issues where the wrong operation might be executed. It's important to maintain unique names for all operations to ensure clarity and prevent conflicts.

Reference:

https://graphql.org/learn/best-practices/#naming-conventions

Configuration¶

Identifier: schema/duplicate_query_or_mutation_name

Examples¶

All configuration available:

checks:
  schema/duplicate_query_or_mutation_name:
    skip: false # default

Compliance and Standards¶

Standard	Value
OWASP API Top 10	API4:2023
GDPR	`Article-25`
SOC2	`CC4`
ISO 27001	`A.12.1`
CWE	`1029`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H/RL:O/RC:C`
CVSS Score	`3.7`