Security Test: Mismatching persisted queries and schema¶
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | Frontend Scanner |
|---|---|---|
Description¶
Default Severity:
Persisted queries are like pre-written commands your system stores so it doesn’t have to build each query from scratch every time. When these saved queries don’t line up with changes made to the API’s schema, the application might send old or mistyped commands that no longer match the system’s current layout. This mismatch causes failures or unexpected behavior and can inadvertently open up weaknesses if those “stale” queries aren’t carefully checked or updated. Developers sometimes assume the stored queries will always be correct, even when the underlying data model changes, which leads to errors and potential security issues if the system ends up processing unintended or insecure commands.
Configuration¶
Identifier:
schema/mismatching_persisted_queries_and_schema
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API8:2023 |
| OWASP LLM Top 10 | LLM02:2023 |
| PCI DSS | 6.5.10 |
| GDPR | Article-5 |
| SOC2 | CC6 |
| PSD2 | Article-94 |
| ISO 27001 | A.14.2 |
| NIST | SP800-95 |
| FedRAMP | CM-3 |
| CWE | 20 |
| CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
| CVSS Score | 4.3 |