Configuration: Error type inconsistency¶

Identifier: error_type_inconsistency

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

Errors in software can sometimes come in different "flavors" than what a program expects. When your code expects one type of error but gets another, it might not handle it properly, leading to mishandled exceptions or even hidden security issues. Developers often assume consistency in error handling, but if an unexpected error type appears, it can bypass safeguards, potentially revealing sensitive details or opening doors for malicious exploits. Ensuring your error handling covers all possible error types is key to avoiding these kinds of pitfalls.

References:

https://www.infosecmatter.com/bug-bounty-tips-8-oct-14/#4-graphql-notes-for-beginners

Configuration¶

Example¶

Example configuration:

---
security_tests:
  error_type_inconsistency:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.