akto
akto copied to clipboard
akto-api-security
⛏️ Write test to detect UI exposed for GraphQL APIs
💭 Introduction: The GraphQL Development Console Exposed vulnerability arises when the GraphQL development console, such as GraphiQL, GraphQL Playground, or GraphQL Console, allows type introspection.Type introspection enables clients to retrieve detailed information about the GraphQL schema, including available types, fields, and their relationships. Exposing this feature in a production environment can lead to security vulnerabilities by providing unauthorized users with insights into the data model and potentially sensitive information. The impact includes an increased risk of unauthorized access and potential data exposure through the exposed GraphQL development console, necessitating proper configuration and access control measures.
🎯 Requirements: Improve the template by adding more subpaths.
📚 Reading You can find a detailed documentation of test editor rules here Find 100+ examples of YAML tests here
✅ Task summary:
- [ ] Ask to be assigned to the issue.
- [ ] Wait to be assigned. We will try to assign in less than 2 hours.
- [ ] Fork the tests-library repository, create a new branch and commit the yaml file which will be called in your test.
- [ ] Signup for Akto
- [ ] Check in the
Attempttab, if the payload changes, then task is done. - [ ] Submit the PR here.
✌🏻 Hints: You can build the yaml template by referring this link
🙋🏼♂️ Questions: If you have questions, need any help, or just want to hang out, make sure to join us on our Discord server.
Hi @therealdhruv - realized that there are no instructions here. Will add them by today.
Hi @therealdhruv - realized that there are no instructions here. Will add them by today.
sounds good, thanks 👍
This has been implemented already @therealdhruv - feel free to improve it though. 😃 https://github.com/akto-api-security/tests-library/blob/7c8e4564f0921d6e19b27905be090efe6c44592a/Security-Misconfiguration/GraphqlDevelopmentConsoleExposed.yaml