Skip to content

Configuration: GraphQL IDE

Identifier: ide_enabled

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner

Description

A GraphQL IDE is a tool that lets you interact with your GraphQL endpoint, but if it's not properly secured, it can reveal too much about your APIs inner workings. This extra information might help an attacker craft harmful queries or even overload your system, leading to potential data leaks or service disruptions. Often, developers forget to disable introspection and other development-only features when moving to production, which leaves the door open for attackers who exploit these weaknesses. It's important to lock down access and carefully control what the IDE exposes so that your API doesnt inadvertently hand out its blueprint to the wrong people.

Configuration

Example

Example configuration:

---
security_tests:
  ide_enabled:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference

assets_allowed

Type : List[AssetType]*

List of assets that this check will cover.

skip

Type : boolean

Skip the test if true.