Add pg_graphql

dolevf · Dec 26, 2023 · 5ceb004 · 5ceb004
1 parent d141a1a
commit 5ceb004
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -65,6 +65,7 @@ graphw00f currently attempts to discover the following GraphQL engines:
 * jaal - Golang
 * absinthe-graphql - Elixir
 * GraphQL.NET - Microsoft .NET
+* pg_graphql - Rust
 
 # GraphQL Threat Matrix
 The graphw00f project uses the [GraphQL Threat Matrix Project](https://github.com/nicholasaleks/graphql-threat-matrix/) as its technology security matrix database. When graphw00f successfully fingerprints a GraphQL endpoint, it will print out the threat matrix document. This document helps security engineers to identify how mature the technology is, what security features it offers, and whether it contains any CVEs.

diff --git a/graphw00f/helpers.py b/graphw00f/helpers.py
@@ -77,7 +77,8 @@ def possible_graphql_paths():
     '/playground',
     '/gql',
     '/query',
-    '/index.php?graphql'
+    '/index.php?graphql',
+    '/rpc/graphql'
   ]
 
 def get_engines():
@@ -268,6 +269,12 @@ def get_engines():
       'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/graphql-dotnet.md',
       'technology':['C#', '.NET']
     },
+    'pg_graphql':{
+      'name':'pg_graphql',
+      'url':'https://supabase.github.io/pg_graphql',
+      'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/pg_graphql.md'  ,
+      'technology':['Rust']
+    }
   }
 
 def user_confirmed(choice):

diff --git a/graphw00f/lib.py b/graphw00f/lib.py
@@ -105,6 +105,8 @@ def execute(self, url):
       return 'absinthe-graphql'
     elif self.engine_graphqldotnet():
       return 'graphql-dotnet'
+    elif self.engine_pggraphql():
+      return 'pg_graphql'
 
     return None
 
@@ -695,6 +697,15 @@ def engine_absinthe(self):
     return False
 
   def engine_graphqldotnet(self):
-      query = 'query @skip { __typename }'
-      response = self.graph_query(self.url, payload=query)
-      return error_contains(response, 'Directive \'skip\' may not be used on Query.')
+    query = 'query @skip { __typename }'
+    response = self.graph_query(self.url, payload=query)
+    return error_contains(response, 'Directive \'skip\' may not be used on Query.')
+
+  def engine_pggraphql(self):
+    query = '''query { __typename @skip(aa:true) }
+    '''
+    response = self.graph_query(self.url, payload=query)
+    if error_contains(response, 'Unknown argument to @skip: aa'):
+      return True
+
+    return False
diff --git a/version.py b/version.py
@@ -1 +1 @@
-VERSION = '1.1.14'
+VERSION = '1.1.15'