Response type mismatch
Description
This security check verifies that all the data returned in the response matches its expected type, as defined in the introspection.
Remediation
Update your resolver to make the introspection type match the actual returned type.
GraphQL Specific
Apollo
Ensure that the response type in the Apollo framework engine matches the expected type defined in the GraphQL schema. This can be achieved by validating the resolver functions to return the correct type and by using schema type checks during development to prevent type mismatches.
Yoga
Ensure that the Yoga framework engine is configured to handle the expected response types for each endpoint. Verify that the content types in the requests and responses match, and that the data serialization and deserialization processes align with the specified formats. If necessary, implement custom serializers or parsers to manage content type negotiation and conversion accurately.
Awsappsync
Ensure that the response type in the resolver matches the expected return type defined in the GraphQL schema. If there is a mismatch, update the resolver to correctly handle the data structure and types as per the schema definition.
Graphqlgo
Ensure that the GraphQL schema strictly defines the types for all fields and that the resolver functions correctly handle the types as defined. Implement input validation to verify that the data received matches the expected types before processing the query. Use middleware or schema directives for consistent validation across resolvers.
Graphqlruby
Ensure that the types defined in the GraphQL schema match the expected response types in the Ruby resolver functions. Utilize the GraphQL Ruby framework's type-checking features to enforce the correct data types and structures. Additionally, implement custom type validations if necessary to handle complex data structures or custom business logic.
Hasura
Ensure that the expected response type in the client matches the actual response type provided by the Hasura GraphQL engine. Verify the GraphQL query or mutation structure and types in the schema, and update the client-side parsing logic to correctly handle the data structure returned by Hasura.
Configuration
Identifier:
schema/response_type_mismatch
Examples
Ignore this check
checks:
schema/response_type_mismatch:
skip: true
Score
- Escape Severity: INFO
Compliance
OWASP: API10:2023
pci: 6.5.1
gdpr: Article-32
soc2: CC5
psd2: Article-97
iso27001: A.14.2
nist: SP800-53
fedramp: AC-4
Classification
- CWE: 573
Score
- CVSS_VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/RL:O