[Feature] Implement per-request attack from graphql-cop
Opened this issue · 0 comments
omar2535 commented
Overview
Scouring the open internet, we can find various tools which perform security audits against GraphQL APIs. One of such interesting tools is graphql-cop. GraphQLer can implement some of the checks seen in graphql-cop per request.
Deliverables
In the README of graphql-cop:
- Alias Overloading (DoS)
- Batch Queries (DoS)
- GET based Queries (CSRF)
- POST based Queries using urlencoded payloads (CSRF)
- GraphQL Tracing / Debug Modes (Info Leak)
- Field Duplication (DoS)
- Field Suggestions (Info Leak)
- GraphiQL (Info Leak)
- Introspection (Info Leak)
- Directives Overloading (DoS)
- Circular Query using Introspection (DoS)
- Mutation support over GET methods (CSRF)
Implement each of these for every request sent