add lighthouse php

dolevf · Apr 25, 2022 · 6877e2c · 6877e2c
1 parent fcc393b
commit 6877e2c
Show file tree

Hide file tree

Showing 5 changed files with 42 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -54,6 +54,7 @@ graphw00f currently attempts to discover the following GraphQL engines:
 * Directus - TypeScript
 * AWS AppSync
 * GraphQL Yoga - TypeScript
+* Lighthouse - PHP
 
 # GraphQL Technologies Defence Matrices
 Each fingerprinted technology (e.g. Graphene, Ariadne, ...) has an associated document ([example for graphene](https://github.com/dolevf/graphw00f/blob/main/docs/graphene.md)) which covers the security defence mechanisms the specific technology supports to give a better idea how the implementation may be attacked.

diff --git a/docs/lighthouse.md b/docs/lighthouse.md
@@ -0,0 +1,17 @@
+# Lighthouse
+
+# Table of Contents
+* [About](#About)
+* [Security Features](#Security-Features)
+
+# About
+Lighthouse is a GraphQL framework that integrates with your Laravel application. It takes the best ideas of both and combines them to solve common tasks with ease and offer flexibility when you need it.
+
+# Security Features
+Lighthouse offers the following features:
+
+```
+| Field Suggestions | Query Depth Limit | Query Cost Analysis | Automatic Persisted Queries | Introspection      | Debug Mode     | Batch Requests  |
+|-------------------|-------------------|---------------------|-----------------------------|--------------------|----------------|-----------------|
+| On by Default     | Supported         | Supported           | No Support                  | Enabled by Default | Off by Default | On by Default   |
+```
diff --git a/graphw00f/helpers.py b/graphw00f/helpers.py
@@ -11,11 +11,11 @@ class bcolors:
   FAIL = '\033[91m'
   ENDC = '\033[0m'
 
-def error_contains(response, word_to_match):
+def error_contains(response, word_to_match, part='message'):
   if isinstance(response, dict):
     if response.get('errors'):
       for i in response['errors']:
-        err_message = i.get('message', '')
+        err_message = i.get(part, '')
         if word_to_match in err_message:
           return True
     return False
@@ -198,6 +198,12 @@ def get_engines():
       'url':'https://github.com/dotansimha/graphql-yoga',
       'ref':'https://github.com/dolevf/graphw00f/blob/main/docs/graphql-yoga.md',
       'technology':['TypeScript']
+    },
+    'lighthouse':{
+      'name':'Lighthouse',
+      'url':'https://github.com/nuwave/lighthouse',
+      'ref':'https://github.com/dolevf/graphw00f/blob/main/docs/lighthouse.md',
+      'technology':['PHP']
     }
   }
 

diff --git a/graphw00f/lib.py b/graphw00f/lib.py
@@ -39,7 +39,9 @@ def check(self, url):
 
   def execute(self, url):
     self.url = url
-    if self.engine_graphql_yoga():
+    if self.engine_lighthouse():
+      return 'lighthouse'
+    elif self.engine_graphql_yoga():
       return 'graphql_yoga'
     elif self.engine_dgraph():
       return 'dgraph'
@@ -567,3 +569,15 @@ def engine_directus(self):
         return True
 
     return False
+
+  def engine_lighthouse(self):
+    query = '''
+      query {
+        __typename @include(if: falsee)
+      }
+    '''
+    response = self.graph_query(self.url, payload=query)
+    if error_contains(response, 'Internal server error') or error_contains(response, 'internal', part='category'):
+      return True
+
+    return False 
diff --git a/version.py b/version.py
@@ -1 +1 @@
-VERSION = '1.0.9'
+VERSION = '1.1.0'