PREQUEL-2025-0011

GraphQL internal server error due to record not foundMedium

Impact: 7/10

Mitigation: 5/10

PREQUEL-2025-0011View on GitHub

GraphQLDatabaseErrors

Description

The application is experiencing internal server errors when GraphQL operations attempt to access records that do not exist in the database. This occurs when GraphQL queries reference entities that have been deleted, were never created, or are inaccessible due to permission issues. Instead of handling these cases gracefully with proper error responses, the API is escalating them to internal server errors that may impact \nclient applications and user experience.\n

Mitigation

- Implement proper error handling in GraphQL resolvers to catch and transform \"not found\" errors into user-friendly GraphQL errors\n- Add null-checking logic before attempting to access properties of potentially non-existent records\n- Update GraphQL schema to use nullable types for fields that might reference missing records\n- Consider implementing a DataLoader pattern with batch loading to reduce N+1 query problems and improve error handling\n- Add validation middleware that checks record existence before performing operations\n- Update client applications to handle these specific GraphQL errors gracefully\n- Implement proper logging that captures the specific record IDs that were not found to aid in debugging\n- Consider implementing soft deletes for frequently referenced entities to prevent \"not found\" scenarios\n

References

• https://graphql.org/learn/validation/
• https://www.apollographql.com/docs/apollo-server/data/errors/
• https://www.howtographql.com/advanced/5-common-questions/