Skip to content

Resource Limitation: GraphQL Cyclic Recursive Query

Identifier: graphql_circular_introspection

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

GraphQL queries that create circular references between objects can cause exponential data growth, potentially leading to denial of service if circular reference limits are not properly enforced.

How we test: We send GraphQL queries that create circular references between objects to test if the server properly limits circular introspection. We analyze response sizes and server behavior to detect if circular queries can cause resource exhaustion or denial of service.

Configuration

Example

Example configuration:

---
security_tests:
  graphql_circular_introspection:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.