Login Start Free Trial Login Start Free Trial
 

HawkScan Test Info for GraphQL Batch Query Supported

HawkScan Test Info for GraphQL Batch Query Supported

GraphQL Batch Query Supported

Reference

Plugin Id: 90052

Remediation

  1. Disable batch queries: Turn off batch query support unless specifically required for legitimate use cases.
  2. Implement query complexity analysis: Add complexity limits to prevent resource exhaustion through batch queries.
  3. Add rate limiting: Implement rate limiting specifically for GraphQL endpoints to prevent abuse.
  4. Disable introspection: Turn off GraphQL introspection in production to prevent schema discovery.
  5. Monitor batch usage: Log and monitor batch query usage for potential abuse patterns.

About

GraphQL batch query support allows multiple queries to be executed in a single request, which can be exploited for denial-of-service attacks, bypassing rate limiting, or overwhelming server resources. Combined with introspection, attackers can craft complex batch queries targeting discovered schema elements.

Risks

Medium Batch query support can enable DoS attacks, rate limit bypassing, resource exhaustion, and amplification attacks where a single request triggers multiple expensive operations on the server.