Schema: Typing misconfiguration¶

Identifier: typing_misconfiguration

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

A typing misconfiguration happens when a system accepts a parameter in a form that's not expectedlike receiving a number when it should be a stringand it ends up processing it anyway. This can be dangerous because the application might mishandle or misinterpret the data, potentially letting attackers inject unexpected values or exploit logic errors. Often, developers assume that the input will always match the expected type and don't include strict type checking, which can leave the door open for misuse. If left unchecked, these issues can cause unintended behavior, compromise data integrity, or even open paths for more serious attacks.

References:

https://cheatsheetseries.owasp.org/cheatsheets/GraphQL_Cheat_Sheet.html

Configuration¶

Example¶

Example configuration:

---
security_tests:
  typing_misconfiguration:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.