Merge pull request #14 from dolevf/add-sigs

add new sigs
dolevf · Aug 27, 2022 · e389682 · e389682
2 parents de32e21 + 81977b3
commit e389682
Show file tree

Hide file tree

Showing 4 changed files with 52 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -59,6 +59,8 @@ graphw00f currently attempts to discover the following GraphQL engines:
 * Agoo - Ruby
 * Mercurius - JavaScript
 * morpheus-graphql - Haskell
+* Lacinia - Clojure
+* Caliban - Scala
 * jaal - Golang
 
 # GraphQL Threat Matrix

diff --git a/graphw00f/helpers.py b/graphw00f/helpers.py
@@ -235,9 +235,20 @@ def get_engines():
     'morpheus-graphql':{
       'name':'morpheus-graphql',
       'url':'https://github.com/morpheusgraphql/morpheus-graphql',
-      'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/morpheus-graphql',
+      'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/morpheus-graphql.md',
       'technology':['Haskell']
     },
+    'lacinia':{
+      'name':'lacinia',
+      'url':'https://github.com/walmartlabs/lacinia',
+      'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/lacinia.md',
+      'technology':['Clojure']
+    },
+    'caliban':{
+      'name':'caliban',
+      'url':'https://github.com/ghostdogpr/caliban',
+      'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/caliban.md',
+      'technology':['Scala']
     'jaal':{
       'name':'jaal',
       'url':'https://github.com/appointy/jaal',

diff --git a/graphw00f/lib.py b/graphw00f/lib.py
@@ -43,6 +43,10 @@ def execute(self, url):
     self.url = url
     if self.engine_lighthouse():
       return 'lighthouse'
+    elif self.engine_caliban():
+      return 'caliban'
+    elif self.engine_lacinia():
+      return 'lacinia'
     elif self.engine_jaal():
       return 'jaal'
     elif self.engine_morpheus():
@@ -435,7 +439,7 @@ def engine_graphqlgo(self):
     '''
     response = self.graph_query(self.url, payload=query)
     try:
-      if response['data']['__typename'] == 'RootQuery':
+      if response['data'] != None and response['data']['__typename'] == 'RootQuery':
         return True
     except KeyError:
       pass
@@ -613,7 +617,7 @@ def engine_mercurius(self):
     return False
 
   def engine_morpheus(self):
-    query = ''''
+    query = '''
       queryy {
           __typename
       }
@@ -625,6 +629,17 @@ def engine_morpheus(self):
 
     return False
 
+  def engine_lacinia(self):
+    query = '''
+      query {
+        graphw00f
+      }
+    '''
+
+    response = self.graph_query(self.url, payload=query)
+
+    if error_contains(response, 'Cannot query field `graphw00f\' on type `QueryRoot\'.'):
+
   def engine_jaal(self):
     query = '''{}'''
     response = self.graph_query(self.url, payload=query, operation='{}')
@@ -634,3 +649,23 @@ def engine_jaal(self):
 
     return False
 
+  def engine_caliban(self):
+    query = '''
+      query {
+        __typename
+      }
+
+      fragment woof on __Schema {
+        directives {
+          name
+        }
+      }
+    '''
+
+    response = self.graph_query(self.url, payload=query)
+
+    if error_contains(response, 'Fragment \'woof\' is not used in any spread'):
+      return True
+
+    return False
+
diff --git a/version.py b/version.py
@@ -1 +1 @@
-VERSION = '1.1.6'
+VERSION = '1.1.7'