Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

⛏️ Write test to detect CSRF vulnerability in GraphQL APIs #109

Open
5 tasks
Ankita28g opened this issue Mar 4, 2023 · 2 comments
Open
5 tasks

⛏️ Write test to detect CSRF vulnerability in GraphQL APIs #109

Ankita28g opened this issue Mar 4, 2023 · 2 comments
Assignees
@Anurag-space
Labels
feature request Requesting a new feature good first issue Good for newcomers hacktoberfest test

Comments

@Ankita28g
Copy link
Contributor

Ankita28g commented Mar 4, 2023
edited by ankush-jain-akto

💭 Introduction:
Report: CSRF on /api/graphql allows executing mutations through GET requests https://0xn3va.gitbook.io/cheat-sheets/web-application/graphql-vulnerabilities#bypass-of-csrf-protection

🎯 Requirements:

  1. Filters - The should run only for GraphQL-related endpoints. eg here
  2. Execute - Modify headers and payload according to blog link
  3. Validate - If response contains 2xx response.

📚 Reading
You can find a detailed documentation of test editor rules here
Find 100+ examples of YAML tests here

✅ Task summary:

  • Ask to be assigned to the issue.
  • Wait to be assigned. We will try to assign in less than 2 hours.
  • Signup for Akto
  • Fork the tests-library repository, create a new branch and commit the yaml file which will be called in your test.
  • Submit the PR here.

🙋🏼‍♂️ Questions:
If you have questions, need any help, or just want to hang out, make sure to join us on our Discord server.
@Ankita28g Ankita28g added good first issue Good for newcomers feature request Requesting a new feature hackfest Hackathon - 24th march to 3rd april labels Mar 4, 2023
@Ankita28g Ankita28g changed the title Report: CSRF on /api/graphql allows executing mutations through GET requests https://0xn3va.gitbook.io/cheat-sheets/web-application/graphql-vulnerabilities#bypass-of-csrf-protection ⚡️ Write test to detect CSRF vulnerability in GraphQL APIs Mar 4, 2023
@Ankita28g Ankita28g changed the title ⚡️ Write test to detect CSRF vulnerability in GraphQL APIs ⛏️ Write test to detect CSRF vulnerability in GraphQL APIs Mar 6, 2023
@Ankita28g Ankita28g added the test label Mar 7, 2023
@Ankita28g Ankita28g added website and removed website labels Mar 16, 2023
@Ankita28g Ankita28g added hacktoberfest and removed hackfest Hackathon - 24th march to 3rd april labels Sep 29, 2023
@ankush-jain-akto ankush-jain-akto mentioned this issue Oct 11, 2023
Closed
@Anurag-space
Copy link

@ankush-jain-akto @Ankita28g
i want to work on this issue. Could you please assign me this issue.
Thank You

@avneesh-akto
Copy link
Contributor

I have assigned it to you @Anurag-space. Happy hacking 🚀 . Feel free to join our Discord

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Anurag-space Anurag-space

Labels
feature request Requesting a new feature good first issue Good for newcomers hacktoberfest test
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Ankita28g @avneesh-akto @Anurag-space