Skip to content

Security Test: High number of Custom Scalars

Scanner(s) Support

GraphQL Scanner REST Scanner Frontend Scanner

Description

Default Severity:

A response contains more than defined threshold of custom scalars with a sensitivity greater than MEDIUM.

Configuration

Identifier: sensitive_data/high_number_of_custom_scalars

Examples

All configuration available:

checks:
  sensitive_data/high_number_of_custom_scalars:
    skip: false # default
    options:
      detection_threshold: 4 # default

Combine with Custom Scalar

scalars:
  customer-id:
    description: One user should not see too much customer IDs in one single API request
    examples:
    - xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
    names:
    - customer_id
    - x-customer-id
    sensitivity: HIGH
    strategy: key
 checks:
   information_disclosure/high_number_of_custom_scalars:
     options:
       detection_threshold: 10

Options

Options can be set in the options key of the Security Test Configuration.

Property Type Default Description
detection_threshold number 4

Compliance and Standards

Standard Value
OWASP API Top 10 API7:2023
OWASP LLM Top 10 LLM06:2023
PCI DSS 6.5.3
GDPR Article-32
SOC2 CC6
PSD2 Article-95
ISO 27001 A.9.4
NIST SP800-53
FedRAMP SC-12
CWE 200
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:H/RL:O/RC:C
CVSS Score 8.2