Closed Sim4n6 closed 2 years ago
Hi @Sim4n6,
Thanks for reporting this! Most likely the server returns a response which isn't recognized by clairvoyance.
You can try to issue query { lhEvents(filter: 7) }
query manually and see wether a response similar to one from https://swapi-graphql.netlify.app/.netlify/functions/index. If they aren't similar we might need to improve clairvoyance to handle a type of server you're running it against.
the error msg is :
{"errors":[{"message":"Field \"lhEvents\" of type \"[LhEvent!]!\" must have a selection of subfields. Did you mean \"lhEvents { ... }\"?","locations":[{"line":1,"column":9}],"extensions":{"code":"GRAPHQL_VALIDATION_FAILED"}},{"message":"Expected value of type \"LhEventFilter\", found 7.","locations":[{"line":1,"column":26}],"extensions":{"code":"GRAPHQL_VALIDATION_FAILED"}}]}
I've looked at the issue one more time and it looks like that clairvoyance tries to obtain TypeRef for filter
argument but it fails to do so because all of the queries ('query { lhEvents(filter: 7) }'
, 'query { lhEvents(filter: {}) }'
, 'query { lhEvents(filte: 7) }'
) trigger a field error message but we need a query that will trigger an argument error message.
@Sim4n6 If you'll provide the exact endpoint it will be much easier to debug. You can DM me on Twitter http://twitter.com/_nikitastupin if you'd like to keep an endpoint private.
Also it looks like https://github.com/nikitastupin/clairvoyance/issues/16#issue-829588212 has the same issue
I would love to but I can't since the targeted endpoint is part of a private bug bounty program !
But feel free to ask me to perform any task/verification/debug possible.
@Sim4n6 could you please try out fix-issues-16-and-20 and see wether it fixes the bug?
So, just make sure that I understand what you want. I git clone and then switch to #23 branch. And initiate the clairvoyance scan right ?
Working on that right now ...
Yep, you've got everything right. Just clone the repo, git checkout fix-issues-16-and-20
and test it agains your endpoint.
It worked like a charm !
Cool! 🚀
I issued clairvoyance against an graphql endpoint:
I'm getting the following error :