fix: Data schema exposed via GraphQL API public introspection (GHSA-48q3-prgv-gm4w) (#9819)

src/Security/CheckGroups/CheckGroupServerConfig.js

@@ -80,6 +80,16 @@ class CheckGroupServerConfig extends CheckGroup {
           }
         },
       }),
+      new Check({
+        title: 'GraphQL public introspection disabled',
+        warning: 'GraphQL public introspection is enabled, which allows anyone to access the GraphQL schema.',
+        solution: "Change Parse Server configuration to 'graphQLPublicIntrospection: false'. You will need to use master key or maintenance key to access the GraphQL schema.",
+        check: () => {
+          if (config.graphQLPublicIntrospection !== false) {
+            throw 1;
+          }
+        },
+      }),
     ];
   }
 }