Skip to content

Schema: Invalid Persisted Query

Identifier: invalid_persisted_query

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner

Description

This issue happens when a query saved for future use no longer matches the current setup on the server. If a query refers to something that doesnt exist anymore, an attacker might intentionally trigger errors or unpredictable responses, potentially revealing sensitive details about the system or causing service disruptions. The most common mistake is not updating or cleaning up these saved queries when the underlying system changes, leaving a gap that bad actors might use to destabilize the service or probe for weaknesses.

Configuration

Example

Example configuration:

---
security_tests:
  invalid_persisted_query:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference

assets_allowed

Type : List[AssetType]*

List of assets that this check will cover.

skip

Type : boolean

Skip the test if true.