Skip to content

Resource Limitation: GraphQL Directive Overloading

Identifier: graphql_directive_overload

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

Directive overloading occurs when attackers submit excessive GraphQL directives in a single query, potentially causing resource exhaustion, bypassing security checks, or leading to denial of service.

How we test: We send GraphQL queries containing an excessive number of directives to test if the server properly limits directive usage. We analyze responses and server behavior to detect if directive overload can cause performance degradation or security bypass.

Configuration

Example

Example configuration:

---
security_tests:
  graphql_directive_overload:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.