Language: javascript
Source: https://github.com/apollographql/apollo-server
Documentation: https://www.apollographql.com/docs/apollo-server/
Apollo provides the following features which should be taken into consideration:
Field Suggestions | Query Depth Limit | Query Cost Analysis | Automatic Persisted Queries | Introspection | Debug Mode | Batch Requests |
---|---|---|---|---|---|---|
✅ Enabled by Default |
Disabled by Default (Supported via External Libraries) |
Disabled by Default (Supported via External Libraries) |
Disabled by Default |
✅ Enabled if NODE_ENV is not set to 'production' |
✅ exception.stacktrace exists if NODE_ENV is not set to 'production' or 'test' |
✅ Enabled by Default |
Total Validation Count: 34
Apollo is based on graphql-js which validates the following checks when a query is sent:
CVE ID | Date | Score | Description |
---|---|---|---|
CVE-2021-41249 | 2021-11-04 | 7.1 | Cross-site Scripting Vulnerability in GraphQL Playground (distributed by Apollo Server) |
- | 2020-05-04 | Moderate | Schema validation rules are not passed to the subscription server, including rules that restrict introspection |