Skip to main content



A GraphQL IDE provides an interface for users to interact with the Endpoint, but an IDE can also leave room for potential vulnerabilities.


Disable GraphQL IDE, or restrict it. Head over to your specific engine documentation to know how to do it.

GraphQL Specific


Ensure that the Apollo Server is configured with appropriate security settings, such as depth limiting and complexity analysis, to prevent malicious queries from overloading the server. Regularly update the Apollo framework to incorporate the latest security patches and features.


To mitigate potential security risks in the Yoga framework engine when using GraphQL IDE, ensure that all queries are validated against a schema that defines allowed operations. Implement proper authentication and authorization checks to control access to sensitive data. Regularly update the Yoga framework to incorporate the latest security patches and features.


To mitigate the risk of injection attacks in AWS AppSync, ensure that all GraphQL queries are parameterized. Avoid using string interpolation or concatenation to insert variables directly into queries. Instead, use GraphQL's built-in support for variables. This approach allows the AppSync framework to safely parse and validate the input before executing the query, reducing the attack surface for malicious actors.


To mitigate the risk of injection attacks in a GraphQL Go framework engine, ensure that all user-supplied inputs are properly validated and sanitized. Use prepared statements with variable binding for all database queries to prevent injection vulnerabilities. Additionally, implement proper error handling to avoid exposing sensitive information through error messages. Regularly review and update dependencies to patch any known vulnerabilities in the framework or associated libraries.


To mitigate potential vulnerabilities in the GraphQL Ruby framework, ensure that all queries are properly sanitized and use parameterized queries to prevent injection attacks. Additionally, implement strict type checking and input validation to avoid malicious data from being processed. Regularly update the framework to the latest version to benefit from security patches and improvements.


To mitigate the risk of injection attacks in Hasura, ensure that all GraphQL queries are constructed using parameterized statements. This approach prevents attackers from manipulating the query by injecting malicious code. Additionally, apply strict access controls and validate all inputs to further enhance the security of your Hasura GraphQL engine.


Identifier: configuration/ide_enabled


Ignore this check

skip: true


  • Escape Severity: LOW


  • OWASP: API7:2023
  • pci: 6.5.1
  • gdpr: Article-32
  • soc2: CC1
  • psd2: Article-95
  • iso27001: A.14.2
  • nist: SP800-53
  • fedramp: AC-6



  • CVSS_SCORE: 4.8