Security Test: Field Duplication¶

Description¶

Default Severity:

When a GraphQL query lets you repeat the same field many times, it might seem harmless, but it can be exploited. Attackers can flood the system with repeated fields, overwhelming CPU and memory resources, potentially making the server unresponsive. Developers sometimes miss this risk because the duplicated fields don't appear to add value in normal use, but if unchecked, this vulnerability can lead to denial of service and severe performance problems.

Configuration¶

Identifier: resource_limitation/graphql_field_duplication

Examples¶

All configuration available:

checks:
  resource_limitation/graphql_field_duplication:
    skip: false # default

Compliance and Standards¶

Standard	Value
OWASP API Top 10	API4:2023
OWASP LLM Top 10	LLM04:2023
PCI DSS	`6.5.1`
GDPR	`Article-32`
SOC2	`CC6`
PSD2	`Article-95`
ISO 27001	`A.12.6`
NIST	`SP800-207`
FedRAMP	`SI-7`
CWE	`400`
CVSS Vector	`AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H`