Resource Limitation: Character Limit¶

Identifier: character_limit

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

When there's no limit on how long a query can be, an attacker might send a query thats excessively long to overwhelm the system or trick it into revealing internal details. This is dangerous because it can lead to a denial-of-service where the server struggles to process large requests, or even leak sensitive information if the query parsing exposes insights about the backend. Developers should be careful to impose limits or validations on the query lengths to avoid these issues.

References:

https://shopify.engineering/rate-limiting-graphql-apis-calculating-query-complexity

Configuration¶

Example¶

Example configuration:

---
security_tests:
  character_limit:
    assets_allowed:
    - GRAPHQL
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.