Add GraphQL query depth or complexity controls | Critiq Docs

#Metadata

Rule ID: ts.security.apollo-server-missing-query-limits
Severity: medium
Confidence: 0.72
Languages: javascript, typescript
Presets: recommended, security, strict
Stability: experimental
Applies to: block
Tags: apollo, graphql, rules-catalog, security

#Why it matters

Without depth, complexity, persisted operations, or gateway limits, GraphQL endpoints are easier to abuse with expensive queries.

#Remediation

Add depth limits, query complexity rules, persisted operations, rate limits, or terminate behind a gateway/WAF that enforces GraphQL policies.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/typescript/ts.security.apollo-server-missing-query-limits.rule.yaml.

Back to directory Open rule in repository