Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

added GraphQLQuery class for detection purposes #41

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

added GraphQLQuery class for detection purposes #41

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 28 additions & 14 deletions graphw00f/lib.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import requests
import requests, json

from graphw00f.helpers import error_contains

Expand All @@ -9,6 +9,21 @@ class GraphQLDetectionFailed(Exception):

class GraphQLError(Exception):
pass
class GraphQLQuery:
def __init__(self, name, query, expected_response):
self.name = name
self.query = query
self.expected_response = expected_response

def __repr__(self):
return f"GraphQLQuery(name={self.name}, query={self.query}, expected_response={self.expected_response})"

@classmethod
def from_json(cls, json_file):
with open(json_file, 'r') as file:
data = json.load(file)
queries = data['queries']
return [cls(query['name'], query['query'], query['expected_response']) for query in queries]

class GRAPHW00F:
def __init__(self, headers,
Expand All @@ -24,20 +39,19 @@ def __init__(self, headers,
self.proxies = proxies

def check(self, url):
query = '''
query {
__typename
}
'''
response = self.graph_query(url, payload=query)

if response.get('data'):
if response.get('data', {}).get('__typename', '') in ('Query', 'QueryRoot', 'query_root'):
# Parse JSON file and create list of GraphQLQuery objects
query_objects = GraphQLQuery.from_json('queries.json')

# Check for each query in Query Objects
for query_object in query_objects:
response = self.graph_query(url, payload=query_object.query)
if response.get('data'):
if response.get('data', {}).get(query_object.expected_response, '') in ('Query', 'QueryRoot', 'query_root'):
return True
elif response.get('errors') and (any('locations' in i for i in response['errors']) or any('extensions' in i for i in response['errors'])):
return True
elif response.get('data'):
return True
elif response.get('errors') and (any('locations' in i for i in response['errors']) or any('extensions' in i for i in response['errors'])):
return True
elif response.get('data'):
return True
else:
raise GraphQLDetectionFailed

Expand Down
14 changes: 14 additions & 0 deletions queries.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
{
"queries": [
{
"name": "typenameQuery",
"query":"query{__typename}",
"expected_response":"__typename"
},
{
"name": "introspectionQuery",
"query": "query { __schema {types {name}}}",
"expected_response": "__schema"
}
]
}