Schema: GraphQL Response Type Mismatch¶

Identifier: response_type_mismatch

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

Response type mismatches happen when the data sent back doesn't match what the system expects. Imagine a service promises a number but sends back a text string instead; this confusion can cause errors or even give attackers a way to trick your app. If responses arent strictly checked, it might let someone feed malicious data or manipulate how your application behaves, leading to security breaches or unexpected crashes. Often, developers overlook ensuring that every response aligns perfectly with its defined type, making it easier for attackers to exploit these inconsistencies.

References:

https://cheatsheetseries.owasp.org/cheatsheets/GraphQL_Cheat_Sheet.html

Configuration¶

Example¶

Example configuration:

---
security_tests:
  response_type_mismatch:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.