sangria.md

Sangria

Table of Contents

• About
• Security Considerations
• Request Validations
• Notable Vulnerabilities
• Security Disclosure

About

Language: Scala
Source: https://github.com/sangria-graphql/sangria
Documentation: https://sangria-graphql.github.io/learn/

Security Considerations

Sangria provides the following features which should be taken into consideration:

Field Suggestions	Query Depth Limit	Query Cost Analysis	Automatic Persisted Queries	Introspection	Debug Mode	Batch Requests
✅ Enabled by Default	⚠️ Disabled by Default	⚠️ Disabled by Default	❌ No Support	✅ Enabled by Default	❌ No Support	⚠️ Disabled by Default

Request Validations

Total Validation Count: 27

GraphQL Sangria validates the following checks when a query is sent:

Document Validations	Operation Validations	Field Validations	Argument Validations	Fragment Validations	Value Validations	Directive Validations	Variable Validations	Misc. Validations
Executable Definitions	Lone Anonymous Operation	Fields On Correct Type	Known Argument Names	Fragments On Composite Types	Known Type Names	Known Directives	Input Document Non Conflicting Variable Inference
	Unique Operation Names	Overlapping Fields Can Be Merged	Provided Required Arguments	Known Fragment Names	Values Of Correct Type	Unique Directives Per Location	No Undefined Variables
		Scalar Leafs	Unique Argument Names	No Fragment Cycles			No Unused Variables
		Single Field Subscriptions		No Unused Fragments			Unique Variable Names
		Unique Input Field Names		Possible Fragment Spreads			Variables Are Input Types
				Unique Fragment Names			Variables In Allowed Position

Security Disclosure

https://github.com/sangria-graphql/sangria/issues