Security Test: High number of Custom Scalars¶
Scanner(s) Support¶
GraphQL Scanner | REST Scanner | Frontend Scanner |
---|---|---|
Description¶
Default Severity:
A response contains more than defined threshold of custom scalars with a sensitivity greater than MEDIUM.
Configuration¶
Identifier:
sensitive_data/high_number_of_custom_scalars
Examples¶
All configuration available:
checks:
sensitive_data/high_number_of_custom_scalars:
skip: false # default
options:
detection_threshold: 4 # default
Combine with Custom Scalar
scalars:
customer-id:
description: One user should not see too much customer IDs in one single API request
examples:
- xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
names:
- customer_id
- x-customer-id
sensitivity: HIGH
strategy: key
checks:
information_disclosure/high_number_of_custom_scalars:
options:
detection_threshold: 10
Options¶
Options can be set in the options
key of the Security Test Configuration.
Property | Type | Default | Description |
---|---|---|---|
detection_threshold | number | 4 |
Compliance and Standards¶
Standard | Value |
---|---|
OWASP API Top 10 | API7:2023 |
OWASP LLM Top 10 | LLM06:2023 |
PCI DSS | 6.5.3 |
GDPR | Article-32 |
SOC2 | CC6 |
PSD2 | Article-95 |
ISO 27001 | A.9.4 |
NIST | SP800-53 |
FedRAMP | SC-12 |
CWE | 200 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:H/RL:O/RC:C |
CVSS Score | 8.2 |