Skip to content

Configuration: GraphQL IDE¶

Identifier: ide_enabled

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

GraphQL IDE exposure reveals API inner workings and can help attackers craft harmful queries or overload systems, potentially leading to data leaks or service disruptions if not properly secured.

How we test: We attempt to access GraphQL IDE endpoints and analyze responses to detect if development tools are exposed. We check if introspection is enabled, if IDE interfaces are accessible, and if they reveal sensitive information about API structure that could aid attackers.

Configuration¶

Example¶

Example configuration:

---
security_tests:
  ide_enabled:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.