Resource Limitation: GraphQL Recursive Fragment¶

Identifier: graphql_recursive_fragment

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

GraphQL queries crafted with recursive fragments can cause stack overflow and denial of service if recursion limits are not properly enforced.

How we test: We send GraphQL queries containing recursive fragments that reference themselves to test if the server properly limits recursion depth. We analyze responses and server behavior to detect if recursive fragments can cause stack overflow or resource exhaustion.

References:

https://github.com/graph-gophers/graphql-go/security/advisories/GHSA-mh3m-8c74-74xh

Configuration¶

Example¶

Example configuration:

---
security_tests:
  graphql_recursive_fragment:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.