search

nikitastupin / clairvoyance

Obtain GraphQL API schema even if the introspection is disabled
Apache License 2.0
1.02k stars 92 forks source link

wrong_field_regexes error #27

Closed jondowsec closed 3 years ago

jondowsec commented 3 years ago

Python version: Python 3.7.5 (Ubuntu) Also tested on Python 3.8.10 on Windows. Same issue.

python3 -m clairvoyance -w wordlist.txt https://REDACTED/graphql -vv
[DEBUG][2021-09-10 12:11:02 oracle.py:423]      Root typenames are: {'queryType': 'Query', 'mutationType': 'Mutation', 'subscriptionType': None}
Traceback (most recent call last):
  File "/usr/lib/python3.7/runpy.py", line 193, in _run_module_as_main
    "__main__", mod_spec)
  File "/usr/lib/python3.7/runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "/clairvoyance/clairvoyance/__main__.py", line 97, in <module>
    wordlist, config, input_schema=input_schema, input_document=input_document
  File "/clairvoyance/clairvoyance/oracle.py", line 444, in clairvoyance
    typename = probe_typename(input_document, config)
  File "/clairvoyance/clairvoyance/oracle.py", line 390, in probe_typename
    raise Exception(f"Expected '{errors}' to match any of '{wrong_field_regexes}'.")
Exception: Expected '[{'message': "Cannot query field 'imwrongfield' on type 'Query'.", 'code': 'GRAPHQL_VALIDATION_FAILED'}]' to match any of '['Cannot query field "imwrongfield" on type "(?P<typename>[_0-9a-zA-Z\\[\\]!]*)".', 'Field "[_0-9a-zA-Z\\[\\]!]*" must not have a selection since type "(?P<typename>[_A-Za-z\\[\\]!][_0-9a-zA-Z\\[\\]!]*)" has no subfields.']'.
nikitastupin commented 3 years ago

Hi @jondowsec,

Looking at the exception I conclude that clairvoyance wasn't able to recognize the suggestion because the suggestion uses ' and clairvoyance expects ".

Could you please add regexes to https://github.com/nikitastupin/clairvoyance/blob/33da27e9ba1b27bed9c28921869042e6c61551f3/clairvoyance/oracle.py#L374 (the same ones https://github.com/nikitastupin/clairvoyance/blob/33da27e9ba1b27bed9c28921869042e6c61551f3/clairvoyance/oracle.py#L375-376 except replace ' with ") and run against your GraphQL endpoint?

jondowsec commented 3 years ago

I changed the " with ' and worked like a charm. Thank you.

nikitastupin commented 3 years ago

Cool! You may do a Pull Request with the changes you've made so others will benefit from your improvements 😃

jondowsec commented 3 years ago

Small issue after leaving it for a while I get a TypeRef error:

Traceback (most recent call last):
  File "/usr/lib/python3.7/runpy.py", line 193, in _run_module_as_main
    "__main__", mod_spec)
  File "/usr/lib/python3.7/runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "/clairvoyance/clairvoyance/__main__.py", line 97, in <module>
    wordlist, config, input_schema=input_schema, input_document=input_document
  File "/clairvoyance/clairvoyance/oracle.py", line 453, in clairvoyance
    typeref = probe_field_type(field_name, config, input_document)
  File "/clairvoyance/clairvoyance/oracle.py", line 342, in probe_field_type
    typeref = probe_typeref(documents, "Field", config)
  File "/clairvoyance/clairvoyance/oracle.py", line 329, in probe_typeref
    raise Exception(f"Unable to get TypeRef for {documents} in context {context}")
Exception: Unable to get TypeRef for ['query { bedding }', 'query { bedding { lol } }'] in context Field

If I send query{bedding} and query{bedding{lol}} directly I get this:

Traceback (most recent call last):
  File "/usr/lib/python3.7/runpy.py", line 193, in _run_module_as_main
    "__main__", mod_spec)
  File "/usr/lib/python3.7/runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "/clairvoyance/clairvoyance/__main__.py", line 97, in <module>
    wordlist, config, input_schema=input_schema, input_document=input_document
  File "/clairvoyance/clairvoyance/oracle.py", line 446, in clairvoyance
    typename = probe_typename(input_document, config)
  File "/clairvoyance/clairvoyance/oracle.py", line 392, in probe_typename
    raise Exception(f"Expected '{errors}' to match any of '{wrong_field_regexes}'.")
Exception: Expected '[{'message': "Cannot query field 'bedding' on type 'Query'.", 'code': 'GRAPHQL_VALIDATION_FAILED'}]' to match any of '['Cannot query field "imwrongfield" on type "(?P<typename>[_0-9a-zA-Z\\[\\]!]*)".', 'Field "[_0-9a-zA-Z\\[\\]!]*" must not have a selection since type "(?P<typename>[_A-Za-z\\[\\]!][_0-9a-zA-Z\\[\\]!]*)" has no subfields.', "Cannot query field 'imwrongfield' on type '(?P<typename>[_0-9a-zA-Z\\[\\]!]*)'.", "Field '[_0-9a-zA-Z\\[\\]!]*' must not have a selection since type '(?P<typename>[_A-Za-z\\[\\]!][_0-9a-zA-Z\\[\\]!]*)' has no subfields."]'.

But if I'm reading the above error correctly (which I most certainly might not), then it should be present in the wrong_field_regex array. What am I missing?

nikitastupin commented 3 years ago

I suppose it's again ' / " issue. You can add regexes with ' to https://github.com/nikitastupin/clairvoyance/blob/main/clairvoyance/oracle.py#L374-L377. It should fix the issue.

nikitastupin commented 3 years ago

I'm wrong. We've already fixed https://github.com/nikitastupin/clairvoyance/blob/main/clairvoyance/oracle.py#L374-L377. I think it's better to replace all " to ["'] in regexes so we won't have " / ' issue again.

nikitastupin commented 3 years ago

In particular https://github.com/nikitastupin/clairvoyance/blob/main/clairvoyance/oracle.py#L249-L261 most likely related to the latest issue.

jondowsec commented 3 years ago

Yes, I also fixed it by setting " in the regex and it worked. Thanks.