Skip to main content

Response type mismatch

Description

This security check verifies that all the data returned in the response matches its expected type, as defined in the introspection.

Remediation

Update your resolver to make the introspection type match the actual returned type.

GraphQL Specific

Apollo

Ensure that the response type in the Apollo framework engine matches the expected type defined in the GraphQL schema. This can be achieved by validating the resolver functions to return the correct type and by using schema type checks during development to prevent type mismatches.

Yoga

Ensure that the Yoga framework engine is configured to handle the expected response types for each endpoint. Verify that the content types in the requests and responses match, and that the data serialization and deserialization processes align with the specified formats. If necessary, implement custom serializers or parsers to manage content type negotiation and conversion accurately.

Awsappsync

Ensure that the response type in the resolver matches the expected return type defined in the GraphQL schema. If there is a mismatch, update the resolver to correctly handle the data structure and types as per the schema definition.

Graphqlgo

Ensure that the GraphQL schema strictly defines the types for all fields and that the resolver functions correctly handle the types as defined. Implement input validation to verify that the data received matches the expected types before processing the query. Use middleware or schema directives for consistent validation across resolvers.

Graphqlruby

Ensure that the types defined in the GraphQL schema match the expected response types in the Ruby resolver functions. Utilize the GraphQL Ruby framework's type-checking features to enforce the correct data types and structures. Additionally, implement custom type validations if necessary to handle complex data structures or custom business logic.

Hasura

Ensure that the expected response type in the client matches the actual response type provided by the Hasura GraphQL engine. Verify the GraphQL query or mutation structure and types in the schema, and update the client-side parsing logic to correctly handle the data structure returned by Hasura.

Configuration

Identifier: schema/response_type_missmatch

Examples

Ignore this check

checks:
  schema/response_type_missmatch:
    skip: true

Score

  • Escape Severity: INFO

Compliance

  • OWASP: API10:2023

  • pci: 6.5.1

  • gdpr: Article-32

  • soc2: CC5

  • psd2: Article-97

  • iso27001: A.14.2

  • nist: SP800-53

  • fedramp: AC-4

Classification

  • CWE: 573

Score

  • CVSS_VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/RL:O

References