[Feature] Implement per-request attack from graphql-cop

Question

[Feature] Implement per-request attack from graphql-cop

Opened this issue 5 months ago · 0 comments

Overview

Scouring the open internet, we can find various tools which perform security audits against GraphQL APIs. One of such interesting tools is graphql-cop. GraphQLer can implement some of the checks seen in graphql-cop per request.

Deliverables

In the README of graphql-cop:

- Alias Overloading (DoS)
- Batch Queries (DoS)
- GET based Queries (CSRF)
- POST based Queries using urlencoded payloads (CSRF)
- GraphQL Tracing / Debug Modes (Info Leak)
- Field Duplication (DoS)
- Field Suggestions (Info Leak)
- GraphiQL (Info Leak)
- Introspection (Info Leak)
- Directives Overloading (DoS)
- Circular Query using Introspection (DoS)
- Mutation support over GET methods (CSRF)

Implement each of these for every request sent