/docs/desktop/addons/graphql-support/ Recent content in GraphQL Support on ZAP Hugo en-us /docs/desktop/addons/graphql-support/options/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/desktop/addons/graphql-support/options/ <h1 id="graphql-options">GraphQL Options</h1> <p>In this document, a &lsquo;Query&rsquo; may refer to a GraphQL query, subscription or mutation.</p> <h2 id="query-generator-configuration">Query Generator Configuration <a class="header-link" href="#query-generator-configuration"><svg class="fill-current o-60 hover-accent-color-light" height="22px" viewBox="0 0 24 24" width="22px" xmlns="http://www.w3.org/2000/svg"><path d="M0 0h24v24H0z" fill="none"/><path d="M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z" fill="currentColor"/></svg></a></h2> <p>The query generator uses the imported schema to generate queries for the target endpoint. If enabled, it may be configured with the following options.</p> /docs/desktop/addons/graphql-support/variant/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/desktop/addons/graphql-support/variant/ <h1 id="graphql-variant">GraphQL Variant</h1> <p>The GraphQL variant is responsible for two things:</p> <ol> <li>Correctly representing the nodes for a GraphQL request in the sites tree.</li> <li>Allow injecting payloads in GraphQL queries (Active Scan Input Vector support).</li> </ol> <p>The following sections will elaborate a little on each of these functionalities.</p> <h2 id="sites-tree-representation">Sites Tree Representation <a class="header-link" href="#sites-tree-representation"><svg class="fill-current o-60 hover-accent-color-light" height="22px" viewBox="0 0 24 24" width="22px" xmlns="http://www.w3.org/2000/svg"><path d="M0 0h24v24H0z" fill="none"/><path d="M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z" fill="currentColor"/></svg></a></h2> <p>Each unique GraphQL request proxied through ZAP is represented in the sites tree. Requests are placed under a common node if they have the same operations. Two queries that have the same fields will be represented by the same node. The only exception is when a query is sent with inline arguments and also using variables. In this case, a prefix of either &lsquo;0&rsquo; or &lsquo;1&rsquo; is added to distinguish between them respectively.<br> For example, the following figure illustrates how two requests may be represented in the sites tree.<br> <img src="/docs/desktop/addons/graphql-support/images/sitesTreeExample.png" alt=""></p> /docs/desktop/addons/graphql-support/automation/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/desktop/addons/graphql-support/automation/ <h1 id="graphql-automation-framework-support">GraphQL Automation Framework Support</h1> <p>This add-on supports the Automation Framework.</p> <p>The add-on will import GraphQL schemas using introspection if endpoints are found while spidering. However, specifying an endpoint and (optionally) a schema file or URL is recommended if they are available.</p> <h2 id="job-graphql">Job: graphql <a class="header-link" href="#job-graphql"><svg class="fill-current o-60 hover-accent-color-light" height="22px" viewBox="0 0 24 24" width="22px" xmlns="http://www.w3.org/2000/svg"><path d="M0 0h24v24H0z" fill="none"/><path d="M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z" fill="currentColor"/></svg></a></h2> <p>The <em>graphql</em> job allows you to import GraphQL schemas locally or from a URL. It supports the following parameters:</p> /docs/desktop/addons/graphql-support/alerts/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/desktop/addons/graphql-support/alerts/ <h1 id="id-50007">GraphQL Alerts</h1> <p>The following alerts are raised by the GraphQL add-on.</p> <table> <thead> <tr> <th>Alert Reference</th> <th>Name</th> <th>Description</th> <th>Latest Code</th> </tr> </thead> <tbody> <tr> <td><a href="/docs/alerts/50007-1/">50007-1</a></td> <td>GraphQL Endpoint Supports Introspection</td> <td>This alert is raised when the spider discovers a GraphQL endpoint that supports introspection.</td> <td><a href="https://github.com/zaproxy/zap-extensions/tree/main/addOns/graphql/src/main/java/org/zaproxy/addon/graphql/GraphQlParser.java">GraphQlParser.java</a></td> </tr> <tr> <td><a href="/docs/alerts/50007-2/">50007-2</a></td> <td>GraphQL Server Implementation Identified</td> <td>This alert is raised when the GraphQL implementation used by the server is identified. It utilises fingerprinting techniques adapted from the tool <a href="https://github.com/dolevf/graphw00f">graphw00f</a>. <strong>Note:</strong> If the Tech Detection (Wappalyzer) add-on is installed the fingerprinter will also add identified GraphQL Engines to the Technology tab/data.</td> <td><a href="https://github.com/zaproxy/zap-extensions/tree/main/addOns/graphql/src/main/java/org/zaproxy/addon/graphql/GraphQlFingerprinter.java">GraphQlFingerprinter.java</a></td> </tr> <tr> <td><a href="/docs/alerts/50007-3/">50007-3</a></td> <td>GraphQL Circular References in Schema</td> <td>This alert is raised when cycles are found in the object types in the imported GraphQL schema. A new alert is raised for each unique cycle. The alert contains information about the cycle and a message with an example query. No requests are actually sent.</td> <td><a href="https://github.com/zaproxy/zap-extensions/tree/main/addOns/graphql/src/main/java/org/zaproxy/addon/graphql/GraphQlCycleDetector.java">GraphQlCycleDetector.java</a></td> </tr> </tbody> </table> <p>Alert ID: <a href="/docs/alerts/50007/">50007</a>.</p> /docs/desktop/addons/graphql-support/script/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/desktop/addons/graphql-support/script/