CSRF Protection Disabled in Apollo GraphQL Server

Description

The Apollo GraphQL server has CSRF protection disabled by setting the 'csrfPrevention' option to false, making it vulnerable to Cross-Site Request Forgery (CSRF) attacks.

Examples

Insecure Code

new ApolloServer({ csrfPrevention: false })

Secure Code

new ApolloServer({ csrfPrevention: true })

Remediation

Enable CSRF protection by setting 'csrfPrevention' to true.

Rule Details

Field	Value
ID	CODE-0210
Category	Web
Severity	HIGH
CWE	CWE-352
Confidence	HIGH
Impact	MEDIUM
Likelihood	MEDIUM
Exploitability	EASY
Tags	csrf, apollo-graphql
OWASP	N/A

References

https://www.apollographql.com/docs/apollo-server/v3/security/cors/#preventing-cross-site-request-forgery-csrf

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

CSRF Protection Disabled in Apollo GraphQL Server

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

CSRF Protection Disabled in Apollo GraphQL Server ​

Description ​

Examples ​

Insecure Code ​

Secure Code ​

Remediation ​

Rule Details ​

References ​

CSRF Protection Disabled in Apollo GraphQL Server

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

References