Field duplication

firetail:graphql-field-duplication

Type:

Observation

Rule Severity:

High

The GraphQL endpoint permits queries containing excessive duplication of the same field—up to 500 repetitions in a single query.

This behavior can lead to unnecessary resource consumption, server performance degradation, and potential exploitation by malicious actors to cause denial-of-service (DoS) attacks.

Remediation

Ensure that the GraphQL API limits the number of duplicated fields in a query.

Example Attack Scenario

An attacker sends a query with 500 duplicated fields in an attempt to overload the GraphQL server. Each duplicate field forces the server to process the same data multiple times, potentially consuming significant CPU and memory resources. If this query is allowed, it could cause the server to slow down or even crash, resulting in a denial-of-service (DoS) attack.

How to Identify with Example Scenario

How to Resolve with Example Scenario

How to Identify with Example Scenario

Find the text in bold to identify issues such as these in API specifications

How to Resolve with Example Scenario

Modify the text in bold to resolve issues such as these in API specifications
References:

More findings

All Findings
PHP injection found in logs
Plaintext API key
API Gateway access logging is not configured for FireTail
Unexpected GraphQL response
Directive overloading
Plaintext alternative authentication