Undefined objects
Description
Undefined objects are objects that use the built-in GraphQL object type instead of referencing a custom one. They can be at the root of security issues due to their unstructured nature.
Remediation
Enforce strong typing in your schema objects.
GraphQL Specific
Apollo
Ensure that all objects and variables are properly defined within the scope of their use in the Apollo framework engine. This includes initializing variables before use, and avoiding the use of any variables that have not been explicitly declared. Check for typos in variable names and confirm that all modules or components are correctly imported or required where needed. Additionally, consider implementing TypeScript for stronger type-checking and object definition validation during the development process.
Yoga
To address issues with undefined objects in the Yoga framework engine, ensure that all objects and their properties are properly initialized before use. Check for any typos or incorrect references that may lead to undefined objects. Additionally, implement null checks or optional chaining (object?.property) to safely access object properties that might not exist.
Awsappsync
To address issues with undefined objects in AWS AppSync, ensure that your schema definitions are correct and that the resolvers are properly configured to handle the data types and fields defined in your schema. Additionally, implement null checks and error handling in your resolver logic to gracefully handle cases where objects might be undefined.
Graphqlgo
In the GraphQL Go framework, when dealing with undefined objects, ensure that your schema definitions are correctly set up and all object types are properly defined. Use the provided schema validation tools to check for any inconsistencies or missing types. Additionally, implement null checks and error handling in your resolver functions to gracefully handle cases where objects might not be defined. This will prevent runtime errors and improve the stability of your GraphQL service.
Graphqlruby
In the GraphQL Ruby framework, to avoid issues with undefined objects, ensure that your type definitions are correct and complete. Use the provided type-checking mechanisms to validate objects and fields. Implement null checks and default values where appropriate. Additionally, consider using the 'graphql-guard' gem for authorization and policy enforcement to prevent exposure of undefined or unauthorized objects.
Hasura
To address issues with undefined objects in the Hasura framework, ensure that all referenced tables, columns, and relationships exist and are correctly defined in your schema. Double-check your migrations and metadata to confirm that the definitions match the expected structure. If you're using remote schemas, verify that the remote service is accessible and the schema is properly integrated. Additionally, use Hasura's console to inspect and manage your database schema and relationships effectively.
Configuration
Identifier:
schema/undefined_object
Examples
Ignore this check
checks:
schema/undefined_object:
skip: true
Score
- Escape Severity: INFO
Compliance
OWASP: API9:2023
pci: 6.5.6
gdpr: Article-32
soc2: CC6
psd2: Article-94
iso27001: A.14.2
nist: SP800-53
fedramp: SC-7
Classification
- CWE: 915
Score
- CVSS_VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N