Skip to content

Security Test: Mismatching persisted queries and schema

Description

Default Severity:

Persisted queries are like pre-written commands your system stores so it doesn’t have to build each query from scratch every time. When these saved queries don’t line up with changes made to the API’s schema, the application might send old or mistyped commands that no longer match the system’s current layout. This mismatch causes failures or unexpected behavior and can inadvertently open up weaknesses if those “stale” queries aren’t carefully checked or updated. Developers sometimes assume the stored queries will always be correct, even when the underlying data model changes, which leads to errors and potential security issues if the system ends up processing unintended or insecure commands.

Configuration

Identifier: schema/mismatching_persisted_queries_and_schema

Examples

All configuration available:

checks:
  schema/mismatching_persisted_queries_and_schema:
    skip: false # default

Compliance and Standards

Standard Value
OWASP API Top 10 API8:2023
OWASP LLM Top 10 LLM02:2023
PCI DSS 6.5.10
GDPR Article-5
SOC2 CC6
PSD2 Article-94
ISO 27001 A.14.2
NIST SP800-95
FedRAMP CM-3
CWE 20
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVSS Score 4.3