search

swisskyrepo / GraphQLmap

GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)
MIT License
1.37k stars 193 forks source link

TypeError: can only concatenate str (not "NoneType") to str #38

Open chevyphillip opened 2 years ago

chevyphillip commented 2 years ago 
   _____                 _      ____  _
  / ____|               | |    / __ \| |
 | |  __ _ __ __ _ _ __ | |__ | |  | | |     _ __ ___   __ _ _ __
 | | |_ | '__/ _` | '_ \| '_ \| |  | | |    | '_ ` _ \ / _` | '_ \
 | |__| | | | (_| | |_) | | | | |__| | |____| | | | | | (_| | |_) |
  \_____|_|  \__,_| .__/|_| |_|\___\_\______|_| |_| |_|\__,_| .__/
                  | |                                       | |
                  |_|                                       |_|
                              Author: @pentest_swissky Version: 1.0
GraphQLmap > dump_via_fragment
============= [SCHEMA] ===============
e.g: name[Type]: arg (Type!)

00: Query
    getProperty[Property]: entity (String!), entity_id (String!), prop_keys (None!), Traceback (most recent call last):
  File "/Library/Frameworks/Python.framework/Versions/3.9/bin/graphqlmap", line 4, in <module>
    __import__('pkg_resources').run_script('graphqlmap==0.0.1', 'graphqlmap')
  File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/pkg_resources/__init__.py", line 651, in run_script
    self.require(requires)[0].run_script(script_name, ns)
  File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/pkg_resources/__init__.py", line 1455, in run_script
    exec(script_code, namespace, namespace)
  File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/graphqlmap-0.0.1-py3.9.egg/EGG-INFO/scripts/graphqlmap", line 81, in <module>
  File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/graphqlmap-0.0.1-py3.9.egg/EGG-INFO/scripts/graphqlmap", line 59, in __init__
  File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/graphqlmap-0.0.1-py3.9.egg/graphqlmap/attacks.py", line 74, in dump_schema
TypeError: can only concatenate str (not "NoneType") to str
emtunc commented 2 years ago

I got this whilst playing with the tool today. Quick dirty hack:

Edit line 74 in attacks.py so that it looks like this:

                        # generate mutation query
                        if not args_name and not args_ttype:
                            mutation_args += args_name + ":" + args_ttype + ","