search

doyensec / GQLSpection

GQLSpection - parses GraphQL introspection schema and generates possible queries
Apache License 2.0
66 stars 7 forks source link

IntrospectionQuery error/malformed #36

Open nrathaus opened 7 months ago

nrathaus commented 7 months ago

The schema used in the function seems to be incorrect - there is an extra } at line 60 (of the query, not of the python file)

Traceback (most recent call last):
  File "/home/x/src/GQLSpection/src/gqlspection/cli.py", line 50, in cli
    run(file_, url, all_queries, all_mutations, query, mutation, stuff_to_print)
  File "/home/x/src/GQLSpection/src/gqlspection/cli.py", line 60, in run
    schema = parse_schema(file_, url)
  File "/home/x/src/GQLSpection/src/gqlspection/cli.py", line 100, in parse_schema
    return GQLSchema(url=url)
  File "/home/x/src/GQLSpection/src/gqlspection/GQLSchema.py", line 30, in __init__
    introspection_result = self.send_request(url, extra_headers)
  File "/home/x/src/GQLSpection/src/gqlspection/GQLSchema.py", line 98, in send_request
    raise Exception([error['message'] for error in result['errors']])
Exception: ['Parse error on "}" (RCURLY) at [1, 509]']
nrathaus commented 7 months ago

Trying the OWASP one - https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/12-API_Testing/01-Testing_GraphQL:

query IntrospectionQuery {
  __schema {
    queryType {
      name
    }
    mutationType {
      name
    }
    subscriptionType {
      name
    }
    types {
      ...FullType
    }
    directives {
      name
      description
      locations
      args {
        ...InputValue
      }
    }
  }
}
fragment FullType on __Type {
  kind
  name
  description
  fields(includeDeprecated: true) {
    name
    description
    args {
      ...InputValue
    }
    type {
      ...TypeRef
    }
    isDeprecated
    deprecationReason
  }
  inputFields {
    ...InputValue
  }
  interfaces {
    ...TypeRef
  }
  enumValues(includeDeprecated: true) {
    name
    description
    isDeprecated
    deprecationReason
  }
  possibleTypes {
    ...TypeRef
  }
}
fragment InputValue on __InputValue {
  name
  description
  type {
    ...TypeRef
  }
  defaultValue
}
fragment TypeRef on __Type {
  kind
  name
  ofType {
    kind
    name
    ofType {
      kind
      name
      ofType {
        kind
        name
        ofType {
          kind
          name
          ofType {
            kind
            name
            ofType {
              kind
              name
              ofType {
                kind
                name
              }
            }
          }
        }
      }
    }
  }
}

Works as expected

nrathaus commented 7 months ago

I think the bug is here:

diff --git a/src/gqlspection/introspection_query.py b/src/gqlspection/introspection_query.py
index 601f7b0..9b9e467 100644
--- a/src/gqlspection/introspection_query.py
+++ b/src/gqlspection/introspection_query.py
@@ -10,7 +10,6 @@ query IntrospectionQuery {
         queryType {
             name
             }
-        }
         # 'mutationType' can be null if there are no mutations.
         mutationType {
             name