Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE] Implement per-request attack from graphql-cop #59

Open
omar2535 opened this issue Apr 27, 2024 · 0 comments
Open

[FEATURE] Implement per-request attack from graphql-cop #59

omar2535 opened this issue Apr 27, 2024 · 0 comments
Labels
➕enhancement New feature or request

Comments

@omar2535
Copy link
Owner

Overview

Scouring the open internet, we can find various tools which perform security audits against GraphQL APIs. One of such interesting tools is graphql-cop. GraphQLer can implement some of the checks seen in graphql-cop per request.

Deliverables

In the README of graphql-cop:

- Alias Overloading (DoS)
- Batch Queries (DoS)
- GET based Queries (CSRF)
- POST based Queries using urlencoded payloads (CSRF)
- GraphQL Tracing / Debug Modes (Info Leak)
- Field Duplication (DoS)
- Field Suggestions (Info Leak)
- GraphiQL (Info Leak)
- Introspection (Info Leak)
- Directives Overloading (DoS)
- Circular Query using Introspection (DoS)
- Mutation support over GET methods (CSRF)

Implement each of these for every request sent
@omar2535 omar2535 added the ➕enhancement New feature or request label Apr 27, 2024
@omar2535 omar2535 mentioned this issue Jul 10, 2024
Merged
@omar2535 omar2535 changed the title [Feature] Implement per-request attack from graphql-cop [FEATURE] Implement per-request attack from graphql-cop Nov 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
➕enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@omar2535