id: apollo-server-detect info: name: Apollo Server GraphQL Introspection - Detect author: idealphase severity: info description: Apollo Server GraphQL introspection was detected. reference: - https://github.com/apollographql/apollo-server classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-score: 0.0 cwe-id: CWE-200 tags: apollo,detect,graphql,tech metadata: max-request: 1 http: - method: POST path: - "{{BaseURL}}/graphql" headers: Content-Type: application/json body: | {"query":"query IntrospectionQuery{__schema{queryType{name}mutationType{name}subscriptionType{name}types{...FullType}directives{name description locations args{...InputValue}}}}fragment FullType on __Type{kind name description fields(includeDeprecated:true){name description args{...InputValue}type{...TypeRef}isDeprecated deprecationReason}inputFields{...InputValue}interfaces{...TypeRef}enumValues(includeDeprecated:true){name description isDeprecated deprecationReason}possibleTypes{...TypeRef}}fragment InputValue on __InputValue{name description type{...TypeRef}defaultValue}fragment TypeRef on __Type{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name}}}}}}}}"} matchers-condition: and matchers: - type: word part: header words: - "Content-Type: application/json" - type: word part: body words: - "GraphQL introspection is not allowed by Apollo Server" - type: status status: - 400 # Enhanced by md on 2023/03/29