Skip to main content

Error type inconsistency

Description

An error type inconsistency occurred.

Remediation

An error type inconsistency can be caused by a misconfiguration of the GraphQL server. To fix this issue, return a contextual error type for each error instead of an Internal Server Error.

For example, if the request fails during the validation phase, return a validation error. By default, it will return an Internal Server Error.

GraphQL Specific

Apollo

Ensure consistent error type handling in the Apollo framework engine by defining a standardized error interface or class. This should encapsulate all necessary information about an error, such as the message, code, and any additional context. Use this error type across all resolvers and middleware to maintain consistency. Additionally, consider implementing error handling middleware that can intercept and format these errors before they are sent to the client, adhering to the GraphQL error specification.

Yoga

Ensure consistent error type handling in the Yoga framework engine by implementing a standardized error interface or class. This should encapsulate all error information, providing a consistent structure for error objects. Additionally, use a centralized error handling mechanism to manage exceptions and errors uniformly across the framework.

Awsappsync

Ensure that the error types returned by AWS AppSync resolvers are consistent across your GraphQL schema. Define a standard error object structure and use it throughout your resolvers. This can be achieved by creating custom error types in your schema and handling errors in resolver mapping templates to conform to these types. Additionally, consider implementing error handling logic in your Lambda functions or data sources to return errors that match your defined schema. Consistent error handling improves the client's ability to handle errors gracefully and debug issues more effectively.

Graphqlgo

Ensure consistent error types by defining a custom error interface in the GraphQL Go framework. Implement this interface across all resolvers and use it to handle and return errors uniformly. This will help maintain consistency and improve error handling in your GraphQL API.

Graphqlruby

Ensure consistent error handling by defining a custom error class inheriting from GraphQL::ExecutionError and use it across your resolvers. Implement a method to standardize error messages and types. Use this custom error class to capture and format exceptions, providing a consistent error structure in the GraphQL response.

Hasura

Ensure that the error types returned by the Hasura engine are consistent across your GraphQL schema. This can be achieved by defining custom error types in your schema and using them uniformly in your resolvers. Additionally, make sure to handle exceptions properly and map them to the defined error types before sending the response to the client. Consistent error handling improves the client's ability to handle errors gracefully and debug issues more effectively.

Configuration

Identifier: configuration/error_type_inconsistency

Examples

Ignore this check

checks:
configuration/error_type_inconsistency:
skip: true

Score

  • Escape Severity: INFO

Compliance

  • OWASP: API8:2023

  • pci: 6.5.5

  • gdpr: Article-32

  • soc2: CC1

  • psd2: Article-95

  • iso27001: A.14.2

  • nist: SP800-53

  • fedramp: SI-11

Classification

  • CWE: 704

Score

  • CVSS_VECTOR: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:W/RC:C/CR:X/IR:X/AR:X/MAV:N/MAC:L/MPR:N/MUI:N/MS:U/MC:N/MI:N/MA:L
  • CVSS_SCORE: 4.7