Skip to content

Undefined objects

Description

Undefined objects are objects that use the built-in GraphQL object type instead of referencing a custom one. They can be at the root of security issues due to their unstructured nature.

Remediation

Enforce strong typing in your schema objects.

GraphQL Specific

Apollo Ensure that all objects and variables are properly defined within the scope of their use in the Apollo framework engine. This includes initializing variables before use, and avoiding the use of any variables that have not been explicitly declared. Check for typos in variable names and confirm that all modules or components are correctly imported or required where needed. Additionally, consider implementing TypeScript for stronger type-checking and object definition validation during the development process.
Yoga To address issues with undefined objects in the Yoga framework engine, ensure that all objects and their properties are properly initialized before use. Check for any typos or incorrect references that may lead to undefined objects. Additionally, implement null checks or optional chaining (object?.property) to safely access object properties that might not exist.
Awsappsync To address issues with undefined objects in AWS AppSync, ensure that your schema definitions are correct and that the resolvers are properly configured to handle the data types and fields defined in your schema. Additionally, implement null checks and error handling in your resolver logic to gracefully handle cases where objects might be undefined.
Graphqlgo In the GraphQL Go framework, when dealing with undefined objects, ensure that your schema definitions are correctly set up and all object types are properly defined. Use the provided schema validation tools to check for any inconsistencies or missing types. Additionally, implement null checks and error handling in your resolver functions to gracefully handle cases where objects might not be defined. This will prevent runtime errors and improve the stability of your GraphQL service.
Graphqlruby In the GraphQL Ruby framework, to avoid issues with undefined objects, ensure that your type definitions are correct and complete. Use the provided type-checking mechanisms to validate objects and fields. Implement null checks and default values where appropriate. Additionally, consider using the 'graphql-guard' gem for authorization and policy enforcement to prevent exposure of undefined or unauthorized objects.
Hasura To address issues with undefined objects in the Hasura framework, ensure that all referenced tables, columns, and relationships exist and are correctly defined in your schema. Double-check your migrations and metadata to confirm that the definitions match the expected structure. If you're using remote schemas, verify that the remote service is accessible and the schema is properly integrated. Additionally, use Hasura's console to inspect and manage your database schema and relationships effectively.
Agoo Replace undefined objects with custom-defined GraphQL object types to ensure structured data handling and enhance security in the Agoo framework.
Ariadne Replace undefined objects with custom GraphQL object types in the Ariadne framework to ensure structured data handling and enhance security.
Caliban Replace undefined objects with well-defined custom GraphQL object types to enhance structure and security in the Caliban framework.
Dgraph Replace undefined objects with custom-defined GraphQL object types to ensure structured data handling and enhance security in the Dgraph framework.
Dianajl Replace undefined objects with custom-defined GraphQL object types to ensure structured data handling and enhance security in the DianaJL framework engine.
Directus Replace undefined objects with custom-defined GraphQL object types to ensure structured data handling and enhance security in the Directus framework.
Flutter Ensure all Flutter engine objects are well-defined and structured to prevent security vulnerabilities associated with undefined objects.
Graphene Define custom object types in Graphene to replace undefined objects and ensure structured data handling.
Graphqlapiforwp Replace undefined objects with custom-defined GraphQL object types to ensure structured data handling and enhance security in the GraphQL API for WP framework.
Graphqlgophergo Replace undefined objects with custom-defined GraphQL object types to ensure structured data handling and enhance security in the GraphQLGopherGo framework engine.
Graphqljava Replace undefined objects with custom-defined GraphQL object types to ensure structured data handling and enhance security in the graphql-java framework.
Graphqlphp Replace undefined objects with custom-defined GraphQL object types to ensure structured data handling and enhance security in the graphqlphp framework.
Graphqlyoga Replace undefined objects with custom-defined GraphQL object types to ensure structured data handling and enhance security in the GraphQL Yoga framework.
Hypergraphql Define and use custom GraphQL object types instead of relying on the built-in types to ensure structured data and enhance security in the HyperGraphQL framework.
Jaal Replace undefined objects with custom-defined GraphQL object types to ensure structured data handling and enhance security in the Jaal framework engine.
Juniper Ensure all GraphQL objects in the Juniper framework engine reference custom-defined types instead of using the built-in GraphQL object type to maintain structure and enhance security.
Lacinia Replace undefined objects with custom-defined types in the Lacinia framework to ensure structured and secure GraphQL queries.
Lighthouse Ensure all GraphQL objects in the Lighthouse framework are defined with custom types to prevent security vulnerabilities associated with undefined objects.
Mercurius Ensure all GraphQL objects in the Mercurius framework are defined with custom object types instead of using the built-in GraphQL object type to enhance security and maintain structured data handling.
Morpheusgraphql Replace undefined objects with custom-defined GraphQL object types to ensure structured data handling and enhance security in the MorpheusGraphQL framework.
Qglgen Replace undefined objects with custom-defined GraphQL object types to ensure structured data handling and enhance security in the gqlgen framework.
Sangria Define custom object types in the Sangria framework to replace undefined objects, ensuring structured and secure GraphQL schemas.
Shopify Ensure all GraphQL objects in the Shopify framework are defined with custom types to prevent security vulnerabilities associated with unstructured data.
Stepzen Replace undefined objects with custom-defined GraphQL object types to ensure structured data handling and enhance security in the StepZen framework.
Strawberry Replace undefined objects with custom-defined types in the Strawberry framework to ensure structured data handling and enhance security.
Tartiflette Replace undefined objects with custom-defined types in the Tartiflette framework to ensure structured and secure GraphQL schemas.
Wpgraphql Replace undefined objects with custom-defined GraphQL object types to ensure structured data handling and enhance security in the wpgraphql framework.

Configuration

Identifier: schema/undefined_object

Examples

Ignore this check

checks:
  schema/undefined_object:
    skip: true

Score

  • Escape Severity:

Compliance

  • OWASP: API9:2023
  • OWASP LLM: LLM06:2023
  • pci: 6.5.6
  • gdpr: Article-32
  • soc2: CC6
  • psd2: Article-94
  • iso27001: A.14.2
  • nist: SP800-53
  • fedramp: SC-7

Classification

  • CWE: 915

Score

  • CVSS_VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N