Resource Limitation: GraphQL Batch Limit¶

Identifier: graphql_batch_limit

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

GraphQL batch queries allow multiple queries in a single request, which attackers can exploit to bypass rate limits, overwhelm the system, or cause denial of service if batch limits are not properly enforced.

How we test: We send GraphQL batch requests containing multiple queries to test if the server properly limits the number of queries per batch. We analyze responses and server behavior to detect if batch queries can bypass rate limiting or cause resource exhaustion.

References:

https://lab.wallarm.com/graphql-batching-attack/

Configuration¶

Example¶

Example configuration:

---
security_tests:
  graphql_batch_limit:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.