Skip to content

GraphQL IDE

Description

A GraphQL IDE provides an interface for users to interact with the Endpoint, but an IDE can also leave room for potential vulnerabilities.

Remediation

Disable GraphQL IDE, or restrict it. Head over to your specific engine documentation to know how to do it.

GraphQL Specific

Apollo Ensure that the Apollo Server is configured with appropriate security settings, such as depth limiting and complexity analysis, to prevent malicious queries from overloading the server. Regularly update the Apollo framework to incorporate the latest security patches and features.
Yoga To mitigate potential security risks in the Yoga framework engine when using GraphQL IDE, ensure that all queries are validated against a schema that defines allowed operations. Implement proper authentication and authorization checks to control access to sensitive data. Regularly update the Yoga framework to incorporate the latest security patches and features.
Awsappsync To mitigate the risk of injection attacks in AWS AppSync, ensure that all GraphQL queries are parameterized. Avoid using string interpolation or concatenation to insert variables directly into queries. Instead, use GraphQL's built-in support for variables. This approach allows the AppSync framework to safely parse and validate the input before executing the query, reducing the attack surface for malicious actors.
Graphqlgo To mitigate the risk of injection attacks in a GraphQL Go framework engine, ensure that all user-supplied inputs are properly validated and sanitized. Use prepared statements with variable binding for all database queries to prevent injection vulnerabilities. Additionally, implement proper error handling to avoid exposing sensitive information through error messages. Regularly review and update dependencies to patch any known vulnerabilities in the framework or associated libraries.
Graphqlruby To mitigate potential vulnerabilities in the GraphQL Ruby framework, ensure that all queries are properly sanitized and use parameterized queries to prevent injection attacks. Additionally, implement strict type checking and input validation to avoid malicious data from being processed. Regularly update the framework to the latest version to benefit from security patches and improvements.
Hasura To mitigate the risk of injection attacks in Hasura, ensure that all GraphQL queries are constructed using parameterized statements. This approach prevents attackers from manipulating the query by injecting malicious code. Additionally, apply strict access controls and validate all inputs to further enhance the security of your Hasura GraphQL engine.
Agoo Regularly update the Agoo framework to the latest version to ensure all security patches are applied.
Ariadne Implement strict validation and authentication mechanisms in the Ariadne framework to prevent unauthorized access and ensure data integrity.
Caliban Ensure proper authentication and authorization checks are implemented in the Caliban framework to prevent unauthorized access to GraphQL endpoints.
Dgraph Implement strict access controls and validation mechanisms to secure the GraphQL endpoint in the Dgraph framework.
Dianajl Regularly update and patch the Dianajl framework engine to mitigate potential security vulnerabilities.
Directus Regularly update Directus to the latest version to ensure all security patches are applied.
Flutter Regularly update the Flutter framework and engine to the latest stable version to ensure security patches and improvements are applied.
Graphene Implement strict validation and authentication mechanisms
Graphqlapiforwp Regularly update the GraphQL API for WP framework to the latest version to ensure security patches are applied.
Graphqlgophergo Implement strict access controls and validation mechanisms to ensure that only authorized queries are executed and to prevent potential vulnerabilities in the GraphQLGopherGo framework engine.
Graphqljava Implement strict validation and authorization checks on all GraphQL queries and mutations to prevent unauthorized access and data exposure.
Graphqlphp Implement strict schema validation and input sanitization to prevent unauthorized access and ensure data integrity in the graphqlphp framework.
Graphqlyoga Implement strict schema validation and input sanitization in the GraphQL Yoga framework to prevent injection attacks and ensure data integrity.
Hypergraphql Implement strict access controls and validation mechanisms to ensure secure interactions with the HyperGraphQL framework engine.
Jaal Ensure proper authentication and authorization checks are implemented in the Jaal framework engine to prevent unauthorized access and data exposure.
Juniper Regularly update and patch the Juniper framework engine to mitigate potential security vulnerabilities.
Lacinia Ensure proper validation and sanitization of inputs in the Lacinia framework to prevent injection attacks.
Lighthouse Regularly update and patch the Lighthouse framework engine to mitigate potential security vulnerabilities.
Mercurius Ensure proper authentication and authorization checks are implemented in the Mercurius framework to prevent unauthorized access to GraphQL endpoints.
Morpheusgraphql Implement strict access controls and validation mechanisms in MorpheusGraphQL to prevent unauthorized access and ensure data integrity.
Qglgen Regularly update gqlgen dependencies to patch known vulnerabilities
Sangria Implement input validation and sanitization in the Sangria framework to prevent injection attacks.
Shopify Regularly update Shopify themes and apps to patch security vulnerabilities
Stepzen Ensure proper authentication and authorization mechanisms are in place to secure the StepZen framework engine.
Strawberry Ensure proper authentication and authorization checks are implemented in the Strawberry framework to prevent unauthorized access to GraphQL endpoints.
Tartiflette Ensure proper validation and sanitization of inputs in the Tartiflette framework to prevent injection attacks.
Wpgraphql Regularly update the wp-graphql plugin to the latest version to ensure security patches are applied.

Configuration

Identifier: configuration/ide_enabled

Examples

Ignore this check

checks:
  configuration/ide_enabled:
    skip: true

Score

  • Escape Severity:

Compliance

  • OWASP: API7:2023
  • OWASP LLM: LLM06:2023
  • pci: 6.5.1
  • gdpr: Article-32
  • soc2: CC1
  • psd2: Article-95
  • iso27001: A.14.2
  • nist: SP800-53
  • fedramp: AC-6

Classification

  • CWE: 200

Score

  • CVSS_VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
  • CVSS_SCORE: 4.8