Information Disclosure: GraphQL Field Suggestion¶

Identifier: graphql_field_suggestion

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

When a slight typo in a GraphQL query makes the system throw an error, the error message might suggest valid fields from your backend schema. This might be seen as convenient but it actually gives attackers clues about your system's inner workings. Many developers think that turning off introspection stops all schema details from leaking, but error messages can still reveal key elements that help attackers understand your framework. If an attacker pieces together enough of these hints, they could identify weak spots in your code and plan targeted attacks. The pitfall here is assuming that minimal error mishandling is harmless, while in reality even small hints can make your backend more visible to potential threats.

References:

https://blog.yeswehack.com/yeswerhackers/how-exploit-graphql-endpoint-bug-bounty/

Configuration¶

Example¶

Example configuration:

---
security_tests:
  graphql_field_suggestion:
    assets_allowed:
    - GRAPHQL
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.