From 20bf34fa249feefdd48c7176bb663f52e9a7466d Mon Sep 17 00:00:00 2001
From: Dolev Farhi <farhi.dolev@gmail.com>
Date: Sat, 16 Apr 2022 12:28:31 -0400
Subject: [PATCH] add detections, bump version

---
 .gitignore                              |  1 -
 README.md                               |  1 +
 graphql-cop.py                          |  4 +++-
 lib/tests/dos_circular_introspection.py | 25 +++++++++++++++++++++++++
 version.py                              |  2 +-
 5 files changed, 30 insertions(+), 3 deletions(-)
 create mode 100644 lib/tests/dos_circular_introspection.py

diff --git a/.gitignore b/.gitignore
index de2d5e0..3d51b51 100644
--- a/.gitignore
+++ b/.gitignore
@@ -14,7 +14,6 @@ dist/
 downloads/
 eggs/
 .eggs/
-lib/
 lib64/
 parts/
 sdist/
diff --git a/README.md b/README.md
index 77753f0..95e62be 100644
--- a/README.md
+++ b/README.md
@@ -19,6 +19,7 @@ GraphQL Cop allows you to reproduce the findings by providing cURL commands upon
 - GraphiQL (Info Leak)
 - Introspection (Info Leak)
 - Directives Overloading (DoS)
+- Circular Query using Introspection (DoS)
 
 ## Usage
 
diff --git a/graphql-cop.py b/graphql-cop.py
index e09637b..5631316 100644
--- a/graphql-cop.py
+++ b/graphql-cop.py
@@ -16,6 +16,7 @@
 from lib.tests.dos_field_duplication import field_duplication
 from lib.tests.dos_directive_overloading import directive_overloading
 from lib.tests.info_trace_mode import trace_mode
+from lib.tests.dos_circular_introspection import circular_query_introspection
 from lib.utils import is_graphql, draw_art
 
 
@@ -66,7 +67,8 @@
 
 tests = [field_suggestions, introspection, detect_graphiql, 
          get_method_support, alias_overloading, batch_query,
-         field_duplication, trace_mode, directive_overloading]
+         field_duplication, trace_mode, directive_overloading,
+         circular_query_introspection]
 
 json_output = []
 
diff --git a/lib/tests/dos_circular_introspection.py b/lib/tests/dos_circular_introspection.py
new file mode 100644
index 0000000..50750c7
--- /dev/null
+++ b/lib/tests/dos_circular_introspection.py
@@ -0,0 +1,25 @@
+"""Perform Circular Query based on Introspection."""
+from lib.utils import graph_query, curlify
+
+def circular_query_introspection(url, proxy, headers):
+  """Run a Circular Query using introspection."""
+  res = {
+    'result':False,
+    'title':'Introspection-based Circular Query',
+    'description':'Circular-query using Introspection',
+    'impact':'Denial of Service',
+    'severity':'HIGH',
+    'curl_verify':''
+  }
+
+  q = 'query { __schema { types { fields { type { fields { type { fields { type { fields { type { name } } } } } } } } } } }'
+
+  gql_response = graph_query(url, proxies=proxy, headers=headers, payload=q)
+  res['curl_verify'] = curlify(gql_response)
+  try:
+    if len(gql_response.json()['data']['__schema']['types']) > 25:
+      res['result'] = True
+  except:
+    pass
+
+  return res
diff --git a/version.py b/version.py
index 262a891..2416b1a 100644
--- a/version.py
+++ b/version.py
@@ -1,2 +1,2 @@
 """Version details of graphql-cop."""
-VERSION = '1.2'
+VERSION = '1.3'