Schema: Zombie object¶

Identifier: zombie_object

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

Zombie objects are parts of your GraphQL schema that arent actively used but are still there, often left over from older code. They can be dangerous because someone with bad intentions might find a way to exploit them, especially since they aren't maintained or updated like the rest of your system. The main pitfall developers run into is forgetting about these dormant pieces of code, which can create unexpected security vulnerabilities if attackers manage to use them to access sensitive data or functions.

References:

https://cwe.mitre.org/data/definitions/561.html

Configuration¶

Example¶

Example configuration:

---
security_tests:
  zombie_object:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.