Skip to content

Resource Limitation: GraphQL Field Duplication¶

Identifier: graphql_field_duplication

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

GraphQL queries allowing repeated fields can be exploited to flood systems with duplicate fields, overwhelming CPU and memory resources and potentially causing denial of service.

How we test: We inject GraphQL queries with repeated fields and analyze responses to detect if field duplication is allowed. We check if GraphQL servers properly validate queries to prevent field duplication attacks that could lead to resource exhaustion.

Configuration¶

Example¶

Example configuration:

---
security_tests:
  graphql_field_duplication:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.