Skip to content

Commit

Permalink
Add tailcall support
Browse files Browse the repository at this point in the history
  • Loading branch information
Dolev Farhi committed May 24, 2024
1 parent 5ceb004 commit fef68a2
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 1 deletion.
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,7 @@ graphw00f currently attempts to discover the following GraphQL engines:
* absinthe-graphql - Elixir
* GraphQL.NET - Microsoft .NET
* pg_graphql - Rust
* tailcall - Rust

# GraphQL Threat Matrix
The graphw00f project uses the [GraphQL Threat Matrix Project](https://github.com/nicholasaleks/graphql-threat-matrix/) as its technology security matrix database. When graphw00f successfully fingerprints a GraphQL endpoint, it will print out the threat matrix document. This document helps security engineers to identify how mature the technology is, what security features it offers, and whether it contains any CVEs.
Expand Down
6 changes: 6 additions & 0 deletions graphw00f/helpers.py
Original file line number Diff line number Diff line change
Expand Up @@ -274,6 +274,12 @@ def get_engines():
'url':'https://supabase.github.io/pg_graphql',
'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/pg_graphql.md' ,
'technology':['Rust']
},
'tailcall':{
'name':'tailcall',
'url':'https://tailcall.run',
'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/tailcall.md',
'technology':['Rust']
}
}

Expand Down
16 changes: 16 additions & 0 deletions graphw00f/lib.py
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,8 @@ def execute(self, url):
return 'graphql_yoga'
elif self.engine_agoo():
return 'agoo'
elif self.engine_tailcall():
return 'tailcall'
elif self.engine_dgraph():
return 'dgraph'
elif self.engine_graphene():
Expand Down Expand Up @@ -560,6 +562,20 @@ def engine_tartiflette(self):

return False

def engine_tailcall(self):
query = '''
aa {
__typename
}
'''
response = self.graph_query(self.url, payload=query)

if error_contains(response, 'expected executable_definition'):
return True

return False


def engine_dgraph(self):
query = '''
query {
Expand Down
2 changes: 1 addition & 1 deletion version.py
Original file line number Diff line number Diff line change
@@ -1 +1 @@
VERSION = '1.1.15'
VERSION = '1.1.16'

0 comments on commit fef68a2

Please sign in to comment.