Resource Limitation: Large JSON input¶

Identifier: large_json_input

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

When a system accepts an extremely large JSON input as an argument, it can be tricked into spending too much time or memory processing the data. This is dangerous because attackers could send such huge inputs deliberately, causing the system to slow down, crash, or become unresponsive. Developers often overlook input limits or validations, assuming that inputs will always be well- formed and within reasonable size, making the application vulnerable to denial- of-service attacks. If left unaddressed, the system might suffer from degraded performance or even complete outages, which could lead to service disruptions and further security complications.

References:

https://gusralph.info/file-upload-checklist/

Configuration¶

Example¶

Example configuration:

---
security_tests:
  large_json_input:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.