Open Ankita28g opened 1 year ago
@Ankita28g - could you please assign this to me. I can work on this.
I've assigned it to you, @rashmibharambe . Happy hacking! Feel free to join our Discord if you need assistance.
I've assigned it to you, @rashmibharambe . Happy hacking! Feel free to join our Discord if you need assistance.
@avneesh-akto - I have raised PR, also tested on tests editor before raising PR. https://github.com/akto-api-security/tests-library/pull/31
@rashmibharambe Thanks for trying out Akto, In your test, you have concatenated the request multiple times, which will not work in actual graphql request, In one request you can send one "query" or "mutation",
such as "mutation { query1, query2, query3 .... } "
multiple mutations needs to be wrapped inside single mutation query, thats why your test won't work. you can check it yourself in graphql playground available online.
@rashmibharambe Thanks for trying out Akto, In your test, you have concatenated the request multiple times, which will not work in actual graphql request, In one request you can send one "query" or "mutation",
such as "mutation { query1, query2, query3 .... } "
multiple mutations needs to be wrapped inside single mutation query, thats why your test won't work. you can check it yourself in graphql playground available online.
@shivam-rawat-akto I have made the changes to append multiple queries. Also referred hasura graphql playground, query is working with append as you suggested -
@shivam-rawat-akto Can you please review this
Hey @rashmibharambe, saw your changes, you will have to extract the mutation query from request payload to concatenate also can you please test it out yourself if your test works?
💭 Introduction: https://0xn3va.gitbook.io/cheat-sheets/web-application/graphql-vulnerabilities#bypass-of-rate-limits
📚 Reading You can find a detailed documentation of test editor rules here Find 100+ examples of YAML tests here
✅ Task summary:
Attempt
tab, if the payload changes, then task is done.✌🏻 Hints: You can build the yaml template by referring this link
🙋🏼♂️ Questions: If you have questions, need any help, or just want to hang out, make sure to join us on our Discord server.