Response type mismatch
Description
This security check verifies that all the data returned in the response matches its expected type, as defined in the introspection.
Remediation
Update your resolver to make the introspection type match the actual returned type.
GraphQL Specific
Apollo
Yoga
Awsappsync
Graphqlgo
Graphqlruby
Hasura
Configuration
Identifier:
schema/response_type_missmatch
Examples
Ignore this check
checks:
schema/response_type_missmatch:
skip: true
Score
- Escape Severity: INFO
Compliance
OWASP: API10:2023
pci: 6.5.1
gdpr: Article-32
soc2: CC5
psd2: Article-97
iso27001: A.14.2
nist: SP800-53
fedramp: AC-4
Classification
- CWE: 573
Score
- CVSS_VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/RL:O