Skip to content

Latest commit

 

History

History
122 lines (85 loc) · 8.23 KB

mitigations.md

File metadata and controls

122 lines (85 loc) · 8.23 KB

Mitigation Strategies Analysis for 99designs/gqlgen

Mitigation Strategy: Disable GraphQL Introspection in Production

  • Description:

    1. Identify Production Environment: Determine how your application distinguishes between development and production environments (e.g., environment variables, build flags).
    2. Locate gqlgen Server Configuration: Find the code where your gqlgen GraphQL server is initialized. This is typically in your main application file or a dedicated server setup file.
    3. Disable Introspection Flag: Within the gqlgen server configuration, locate the setting that controls introspection. Set this option to disable introspection based on your production environment detection. For example, using srv.DisableIntrospection = true after creating the gqlgen handler.
    4. Deploy and Test: Deploy your application to your production environment and verify that introspection is disabled by attempting an introspection query.

  • Threats Mitigated:

    • Information Disclosure (High Severity): Exposing the GraphQL schema via introspection allows attackers to understand the API structure and identify potential vulnerabilities.

  • Impact:

    • Information Disclosure (High Impact): Significantly reduces the risk of information disclosure by preventing unauthorized schema access.

  • Currently Implemented:

    • Not Implemented: Introspection is enabled by default in gqlgen and needs to be explicitly disabled for production.

  • Missing Implementation:

    • Server initialization code, specifically within the gqlgen handler configuration.

Mitigation Strategy: Implement Query Complexity Limits

  • Description:

    1. Define Complexity Rules: Analyze your GraphQL schema and resolvers to assign complexity scores to each field based on resource consumption.
    2. Set Complexity Threshold: Determine a maximum complexity threshold for queries based on server capacity.
    3. Implement Complexity Calculation: Utilize gqlgen's mechanisms or libraries to calculate query complexity based on defined rules.
    4. Enforce Limits: Implement middleware or directives in gqlgen to intercept queries, calculate complexity, and reject queries exceeding the threshold.

  • Threats Mitigated:

    • Denial of Service (DoS) (High Severity): Complex queries can overload the server, leading to DoS attacks.

  • Impact:

    • Denial of Service (High Impact): Effectively mitigates DoS attacks by preventing resource exhaustion from overly complex queries.

  • Currently Implemented:

    • Not Implemented: Query complexity limits are not enabled by default in gqlgen.

  • Missing Implementation:

    • GraphQL server middleware or directives and complexity rule definitions within gqlgen configuration or resolvers.

Mitigation Strategy: Implement Query Depth Limits

  • Description:

    1. Determine Maximum Depth: Decide on a reasonable maximum query depth for your application.
    2. Configure Depth Limiting Middleware/Directive: Use gqlgen features or libraries to implement query depth limiting.
    3. Enforce Limits: Integrate depth limiting into your gqlgen server pipeline to reject queries exceeding the maximum depth.

  • Threats Mitigated:

    • Denial of Service (DoS) (Medium Severity): Deeply nested queries can cause stack overflow errors or resource exhaustion, leading to DoS.

  • Impact:

    • Denial of Service (Medium Impact): Reduces DoS risk from excessively nested queries, preventing resource exhaustion.

  • Currently Implemented:

    • Not Implemented: Query depth limits are not enabled by default in gqlgen.

  • Missing Implementation:

    • GraphQL server middleware or directives configured within the gqlgen server setup.

Mitigation Strategy: Implement Field-Level Authorization

  • Description:

    1. Define Authorization Rules: Define authorization rules for each field in your GraphQL schema based on roles or permissions.
    2. Implement Authorization Logic in Resolvers: Within resolvers, implement checks using the gqlgen context to verify user permissions before resolving field values.
    3. Enforce Authorization: Use conditional logic in resolvers to authorize access and return errors for unauthorized requests.

  • Threats Mitigated:

    • Unauthorized Access (High Severity): Users might access sensitive data or operations they are not permitted to, leading to data breaches.

  • Impact:

    • Unauthorized Access (High Impact): Significantly reduces unauthorized access risk by enforcing granular access control at the field level within gqlgen resolvers.

  • Currently Implemented:

    • Potentially Partially Implemented: Basic authentication might exist, but field-level authorization within gqlgen resolvers is likely missing.

  • Missing Implementation:

    • Within GraphQL resolvers, adding authorization checks to resolvers handling sensitive data or operations, leveraging gqlgen context.

Mitigation Strategy: Customize GraphQL Error Handling

  • Description:

    1. Create Custom Error Formatter: Implement a custom error formatter function using gqlgen's SetErrorPresenter.
    2. Sanitize Error Messages for Production: In the formatter, differentiate environments and replace detailed error messages with generic ones in production. Log details securely server-side.
    3. Avoid Exposing Internal Details: Ensure production errors do not reveal server paths or sensitive implementation details.

  • Threats Mitigated:

    • Information Disclosure (Medium Severity): Default error responses can leak server details, aiding attackers in reconnaissance.

  • Impact:

    • Information Disclosure (Medium Impact): Reduces information disclosure risk by preventing sensitive server details in error responses customized via gqlgen.

  • Currently Implemented:

    • Not Implemented: Default error handling is used by gqlgen unless customized.

  • Missing Implementation:

    • GraphQL server setup code, configuring the error formatter using srv.SetErrorPresenter in gqlgen.

Mitigation Strategy: Input Validation in Resolvers

  • Description:

    1. Identify Input Arguments: Review your schema and resolvers to identify input arguments.
    2. Define Validation Rules: Define validation rules for each input argument based on data types, formats, and business logic.
    3. Implement Validation Logic in Resolvers: Within resolvers, implement validation logic at the start of the function.
    4. Validate Input: Use validation libraries or custom code to check input against defined rules within gqlgen resolvers.
    5. Handle Validation Errors: Return GraphQL errors for invalid input, providing informative messages without revealing sensitive details, handled by gqlgen's error mechanisms.

  • Threats Mitigated:

    • Injection Attacks (High Severity): Lack of input validation can lead to SQL/NoSQL injection if input is directly used in queries.
    • Business Logic Flaws (Medium Severity): Invalid input can cause unexpected behavior or data corruption.

  • Impact:

    • Injection Attacks (High Impact): Significantly reduces injection attack risk by ensuring validated and sanitized data processing within gqlgen resolvers.
    • Business Logic Flaws (Medium Impact): Prevents business logic flaws by enforcing data integrity in gqlgen resolvers.

  • Currently Implemented:

    • Potentially Partially Implemented: Basic type checking might be in place, but deeper validation within resolvers is likely missing.

  • Missing Implementation:

    • Within GraphQL resolvers, adding validation logic at the start of resolvers handling input arguments in gqlgen.