From 5ceb0049475137329f8f485fd087231614bd9fe6 Mon Sep 17 00:00:00 2001
From: Dolev Farhi <farhi.dolev@gmail.com>
Date: Mon, 25 Dec 2023 23:02:42 -0500
Subject: [PATCH] Add pg_graphql

---
 README.md            |  1 +
 graphw00f/helpers.py |  9 ++++++++-
 graphw00f/lib.py     | 17 ++++++++++++++---
 version.py           |  2 +-
 4 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 93c4d8f..4d3be17 100644
--- a/README.md
+++ b/README.md
@@ -65,6 +65,7 @@ graphw00f currently attempts to discover the following GraphQL engines:
 * jaal - Golang
 * absinthe-graphql - Elixir
 * GraphQL.NET - Microsoft .NET
+* pg_graphql - Rust
 
 # GraphQL Threat Matrix
 The graphw00f project uses the [GraphQL Threat Matrix Project](https://github.com/nicholasaleks/graphql-threat-matrix/) as its technology security matrix database. When graphw00f successfully fingerprints a GraphQL endpoint, it will print out the threat matrix document. This document helps security engineers to identify how mature the technology is, what security features it offers, and whether it contains any CVEs.
diff --git a/graphw00f/helpers.py b/graphw00f/helpers.py
index c6ead41..822bc14 100644
--- a/graphw00f/helpers.py
+++ b/graphw00f/helpers.py
@@ -77,7 +77,8 @@ def possible_graphql_paths():
     '/playground',
     '/gql',
     '/query',
-    '/index.php?graphql'
+    '/index.php?graphql',
+    '/rpc/graphql'
   ]
 
 def get_engines():
@@ -268,6 +269,12 @@ def get_engines():
       'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/graphql-dotnet.md',
       'technology':['C#', '.NET']
     },
+    'pg_graphql':{
+      'name':'pg_graphql',
+      'url':'https://supabase.github.io/pg_graphql',
+      'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/pg_graphql.md'  ,
+      'technology':['Rust']
+    }
   }
 
 def user_confirmed(choice):
diff --git a/graphw00f/lib.py b/graphw00f/lib.py
index 0eeab70..a1f234a 100644
--- a/graphw00f/lib.py
+++ b/graphw00f/lib.py
@@ -105,6 +105,8 @@ def execute(self, url):
       return 'absinthe-graphql'
     elif self.engine_graphqldotnet():
       return 'graphql-dotnet'
+    elif self.engine_pggraphql():
+      return 'pg_graphql'
 
     return None
 
@@ -695,6 +697,15 @@ def engine_absinthe(self):
     return False
 
   def engine_graphqldotnet(self):
-      query = 'query @skip { __typename }'
-      response = self.graph_query(self.url, payload=query)
-      return error_contains(response, 'Directive \'skip\' may not be used on Query.')
\ No newline at end of file
+    query = 'query @skip { __typename }'
+    response = self.graph_query(self.url, payload=query)
+    return error_contains(response, 'Directive \'skip\' may not be used on Query.')
+  
+  def engine_pggraphql(self):
+    query = '''query { __typename @skip(aa:true) }
+    '''
+    response = self.graph_query(self.url, payload=query)
+    if error_contains(response, 'Unknown argument to @skip: aa'):
+      return True
+    
+    return False
\ No newline at end of file
diff --git a/version.py b/version.py
index 4fc4579..7231628 100644
--- a/version.py
+++ b/version.py
@@ -1 +1 @@
-VERSION = '1.1.14'
+VERSION = '1.1.15'