Security Test: Zombie object¶

Description¶

Default Severity:

Zombie objects are parts of your GraphQL schema that aren’t actively used but are still there, often left over from older code. They can be dangerous because someone with bad intentions might find a way to exploit them, especially since they aren't maintained or updated like the rest of your system. The main pitfall developers run into is forgetting about these dormant pieces of code, which can create unexpected security vulnerabilities if attackers manage to use them to access sensitive data or functions.

Reference:

https://cwe.mitre.org/data/definitions/561.html

Configuration¶

Identifier: schema/zombie_object

Examples¶

All configuration available:

checks:
  schema/zombie_object:
    skip: false # default

Compliance and Standards¶

Standard	Value
OWASP API Top 10	API9:2023
OWASP LLM Top 10	LLM05:2023
PCI DSS	`6.5.4`
GDPR	`Article-32`
SOC2	`CC6`
PSD2	`Article-95`
ISO 27001	`A.18.1`
NIST	`SP800-53`
FedRAMP	`AC-4`
CWE	`489`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N`
CVSS Score	`5.3`