Resource Limitation: GraphQL Directive Overloading¶

Identifier: graphql_directive_overload

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

Directive overloading occurs when an attacker submits too many instructions at once to a system that processes commands, tricking it into overworking or bypassing its normal checks. This can cause the engine to slow down or even crash, and in some cases, allow attackers to manipulate outcomes or access restricted areas of the system. Developers often fall into pitfalls by not limiting the number of commands allowed or failing to validate the input properly, which can lead to denial of service or other more severe security breaches if left unchecked.

Configuration¶

Example¶

Example configuration:

---
security_tests:
  graphql_directive_overload:
    assets_allowed:
    - GRAPHQL
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.