Security Test: Undefined objects¶
Description¶
Default Severity:
When you use generic built-in objects in your GraphQL schema without defining custom rules or structure, you're essentially leaving a back door open where unexpected data can slip in unchecked. This lack of structure means there's no set pattern for what data should look like, making it easier for attackers to introduce harmful or malformed inputs. The risk is that these undefined objects can lead to security breaches or errors that compromise the entire application if not properly validated. It's a common pitfall when developers assume built-in types are secure by default, instead of taking extra steps to enforce strict data definitions.
Configuration¶
Identifier:
schema/undefined_object
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API9:2023 |
| OWASP LLM Top 10 | LLM06:2023 |
| PCI DSS | 6.5.6 |
| GDPR | Article-32 |
| SOC2 | CC6 |
| PSD2 | Article-94 |
| ISO 27001 | A.14.2 |
| NIST | SP800-53 |
| FedRAMP | SC-7 |
| CWE | 915 |
| CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N |