Security Test: Field suggestion¶

Description¶

Default Severity:

When a slight typo in a GraphQL query makes the system throw an error, the error message might suggest valid fields from your backend schema. This might be seen as convenient but it actually gives attackers clues about your system's inner workings. Many developers think that turning off introspection stops all schema details from leaking, but error messages can still reveal key elements that help attackers understand your framework. If an attacker pieces together enough of these hints, they could identify weak spots in your code and plan targeted attacks. The pitfall here is assuming that minimal error mishandling is harmless, while in reality even small hints can make your backend more visible to potential threats.

Reference:

https://blog.yeswehack.com/yeswerhackers/how-exploit-graphql-endpoint-bug-bounty/

Configuration¶

Identifier: information_disclosure/graphql_field_suggestion

Examples¶

All configuration available:

checks:
  information_disclosure/graphql_field_suggestion:
    skip: false # default

Compliance and Standards¶

Standard	Value
OWASP API Top 10	API7:2023
OWASP LLM Top 10	LLM06:2023
PCI DSS	`6.5.10`
GDPR	`Article-32`
SOC2	`CC6`
PSD2	`Article-95`
ISO 27001	`A.12.6`
NIST	`SP800-53`
FedRAMP	`AC-6`
CWE	`200`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C`
CVSS Score	`5.1`