therealdhrxv
commented
1 year ago I'd love to work on it
Open Ankita28g opened 1 year ago
therealdhrxv
commented
1 year ago I'd love to work on it
ankush-jain-akto
commented
1 year ago Hi @therealdhruv - realized that there are no instructions here. Will add them by today.
therealdhrxv
commented
1 year ago Hi @therealdhruv - realized that there are no instructions here. Will add them by today.
sounds good, thanks π
ankush-jain-akto
commented
1 year ago This has been implemented already @therealdhruv - feel free to improve it though. π https://github.com/akto-api-security/tests-library/blob/7c8e4564f0921d6e19b27905be090efe6c44592a/Security-Misconfiguration/GraphqlDevelopmentConsoleExposed.yaml
π Introduction: The GraphQL Development Console Exposed vulnerability arises when the GraphQL development console, such as GraphiQL, GraphQL Playground, or GraphQL Console, allows type introspection.Type introspection enables clients to retrieve detailed information about the GraphQL schema, including available types, fields, and their relationships. Exposing this feature in a production environment can lead to security vulnerabilities by providing unauthorized users with insights into the data model and potentially sensitive information. The impact includes an increased risk of unauthorized access and potential data exposure through the exposed GraphQL development console, necessitating proper configuration and access control measures.
π― Requirements: Improve the template by adding more subpaths.
π Reading You can find a detailed documentation of test editor rules here Find 100+ examples of YAML tests here
β Task summary:
Attempttab, if the payload changes, then task is done.βπ» Hints: You can build the yaml template by referring this link
ππΌββοΈ Questions: If you have questions, need any help, or just want to hang out, make sure to join us on our Discord server.