Resource Limitation: Character Limit¶

Identifier: character_limit

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Applications without character limits on queries can be exploited by attackers sending excessively long requests to overwhelm the system or reveal internal details through query parsing errors.

How we test: We send queries of varying lengths to test if the application properly limits query size. We analyze responses and server behavior to detect if excessively long queries can cause denial of service or information disclosure.

References:

https://shopify.engineering/rate-limiting-graphql-apis-calculating-query-complexity

Configuration¶

Example¶

Example configuration:

---
security_tests:
  character_limit:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.