If recursion depth reached, truncate the query smartly

doyensec / inql

InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.

https://doyensec.com/

Apache License 2.0

1.53k stars 158 forks source link

If recursion depth reached, truncate the query smartly #79

Closed execveat closed 1 year ago

execveat commented 1 year ago

Right now once the depth counter is reached, no more subqueries will get sent and the message !!! MAX RECURSION DEPTH REACHED !!! gets appended instead.

This usually leaves GraphQL query in an incorrect status, - it can't be sent without modifications. Try to truncate the query smartly (or comment out the part of the query that would prevent it from working).

execveat commented 1 year ago

Here's an idea. Instead of this:

a {
  b
  c {
    !!! MAX RECURSION DEPTH REACHED !!!
  }
  d
}

do this:

a {
  b
  # c {}
  d
}

execveat commented 1 year ago

Moved to https://github.com/doyensec/GQLSpection/issues/20