diff --git a/README.md b/README.md index 499051a..014fdbe 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ # How does it work? graphw00f (inspired by [wafw00f](https://github.com/EnableSecurity/wafw00f)) is the GraphQL fingerprinting tool for GQL endpoints, it sends a mix of benign and malformed queries to determine the GraphQL engine running behind the scenes. -graphw00f will provide insights into what security defences each technology provides out of the box, and whether they are on or off by default. +graphw00f will make use of the GraphQL Threat Matrix project to provide insight into what security defences each technology provides out of the box, and whether they are on or off by default. Specially crafted queries cause different GraphQL server implementations to respond uniquely to queries, mutations and subscriptions, this makes it trivial to fingerprint the backend engine and distinguish between the various GraphQL implementations. (CWE: [CWE-200](https://cwe.mitre.org/data/definitions/200.html)) @@ -58,13 +58,9 @@ graphw00f currently attempts to discover the following GraphQL engines: * Agoo - Ruby # GraphQL Technologies Defence Matrices -Each fingerprinted technology (e.g. Graphene, Ariadne, ...) has an associated document ([example for graphene](https://github.com/dolevf/graphw00f/blob/main/docs/graphene.md)) which covers the security defence mechanisms the specific technology supports to give a better idea how the implementation may be attacked. +The graphw00f project uses the GraphQL Threat Matrix project as its technology security matrix database. When graphw00f successfully fingerprints a GraphQL endpoint, it will print out the threat matrix document. This document helps security engineers to identify how mature the technology is, what security features it offers, and whether it contains CVEs. -``` -| Field Suggestions | Query Depth Limit | Query Cost Analysis | Automatic Persisted Queries | Introspection | Debug Mode | Batch Requests | -|-------------------|-------------------|---------------------|-----------------------------|--------------------|------------|-----------------| -| On by Default | No Support | No Support | No Support | Enabled by Default | N/A | Off by Default | -``` +![GraphQL Threat Matrix](/static/threat-matrix.png?raw=true "GraphQL Threat Matrix") # Prerequisites * python3 @@ -154,7 +150,7 @@ python3 main.py -f -d -t http://localhost:5000 | Node Z | +------------+ - graphw00f - v1.0.4 + graphw00f - v1.1.2 The fingerprinting tool for GraphQL Dolev Farhi @@ -162,7 +158,7 @@ python3 main.py -f -d -t http://localhost:5000 [!] Found GraphQL at http://dvga.example.local:5000/graphql [*] Attempting to fingerprint... [*] Discovered GraphQL Engine: (Graphene) -[!] Attack Surface Matrix: https://github.com/dolevf/graphw00f/blob/main/docs/graphene.md +[!] Attack Surface Matrix: https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/graphene.md [!] Technologies: Python [!] Homepage: https://graphene-python.org [*] Completed. diff --git a/docs/agoo.md b/docs/agoo.md deleted file mode 100644 index 9c22780..0000000 --- a/docs/agoo.md +++ /dev/null @@ -1,17 +0,0 @@ -# Agoo - -# Table of Contents -* [About](#About) -* [Security Features](#Security-Features) - -# About -A High Performance HTTP Server for Ruby - -# Security Features -Agoo offers the following features: - -``` -| Field Suggestions | Query Depth Limit | Query Cost Analysis | Automatic Persisted Queries | Introspection | Debug Mode | Batch Requests | -|-------------------|-------------------|---------------------|-----------------------------|--------------------|----------------|-------------------------------| -| Not Available | Not Supported | Not Supported | Not Supported | Enabled by Default | Off by Default | Not Supported (Array-based) | -``` \ No newline at end of file diff --git a/docs/apollo.md b/docs/apollo.md deleted file mode 100644 index a0eda0e..0000000 --- a/docs/apollo.md +++ /dev/null @@ -1,18 +0,0 @@ -# Apollo - -# Table of Contents -* [About](#About) -* [Security Features](#Security-Features) - -# About -Apollo Server is a community-maintained open-source GraphQL server. It works with many Node.js HTTP server frameworks, or can run on its own with a built-in Express server. Apollo Server works with any GraphQL schema built with GraphQL.js--or define a schema's type definitions using schema definition language (SDL). -Apollo uses TypeScript as its language. - -# Security Features -Apollo offers the following features: - -``` -| Field Suggestions | Query Depth Limit | Query Cost Analysis | Automatic Persisted Queries | Introspection | Debug Mode | Batch Requests | -|-------------------|----------------------------------|----------------------------------|-----------------------------|------------------------------------------------|-------------------------------------------------------------------------------|-----------------| -| On by Default | Supported via External Libraries | Supported via External Libraries | Supported | Enabled if NODE_ENV is not set to 'production' | exception.stacktrace exists if NODE_ENV is not set to 'production' or 'test' | On by default | -``` \ No newline at end of file diff --git a/docs/ariadne.md b/docs/ariadne.md deleted file mode 100644 index 7b5c0a6..0000000 --- a/docs/ariadne.md +++ /dev/null @@ -1,17 +0,0 @@ -# Ariadne - -# Table of Contents -* [About](#About) -* [Security Features](#Security-Features) - -# About -Ariadne is a Python library for implementing GraphQL servers using a schema-first approach. - -# Security Features -Ariadne offers the following features: - -``` -| Field Suggestions | Query Depth Limit | Query Cost Analysis | Automatic Persisted Queries | Introspection | Debug Mode | Batch Requests | -|-------------------|-------------------|---------------------|-----------------------------|--------------------|----------------|-----------------| -| On by Default | Supported | Supported | No Support | Enabled by Default | Off by Default | No Support | -``` \ No newline at end of file diff --git a/docs/dgraph.md b/docs/dgraph.md deleted file mode 100644 index d0ddb3a..0000000 --- a/docs/dgraph.md +++ /dev/null @@ -1,16 +0,0 @@ -# Dgraph - -# Table of Contents -* [About](#About) -* [Security Features](#Security-Features) - -# About -Designed from the ground up to be run in production, Dgraph is the native GraphQL database with a graph backend. It is open-source, scalable, distributed, highly available and lightning fast. - -# Security Features -Dgraph offers the following security features: -``` -| Field Suggestions | Query Depth Limit | Query Cost Analysis | Automatic Persisted Queries | Introspection | Debug Mode | Batch Requests | -|-------------------|-------------------|---------------------|-----------------------------|----------------|----------------|-----------------| -| On by Default | No Support | No Support | Supported | On by Default | N/A | No Support | -``` \ No newline at end of file diff --git a/docs/dianajl.md b/docs/dianajl.md deleted file mode 100644 index 0c51098..0000000 --- a/docs/dianajl.md +++ /dev/null @@ -1,17 +0,0 @@ -# Diana - Julia - -# Table of Contents -* [About](#About) -* [Security Features](#Security-Features) - -# About -Diana.jl is a Julia GraphQL Implementation. - -# Security Features -Diana.jl offers the following security features: - -``` -| Field Suggestions | Query Depth Limit | Query Cost Analysis | Automatic Persisted Queries | Introspection | Debug Mode | Batch Requests | -|-------------------|-------------------|---------------------|-----------------------------|----------------|----------------|-----------------| -| On by Default | No Support | No Support | No Support | On by Default | No Support | No Support | -``` \ No newline at end of file diff --git a/docs/directus.md b/docs/directus.md deleted file mode 100644 index 11ddc9e..0000000 --- a/docs/directus.md +++ /dev/null @@ -1,17 +0,0 @@ -# Directus - -# Table of Contents -* [About](#About) -* [Security Features](#Security-Features) - -# About -Directus is an open-source suite of software that wraps custom SQL databases with a dynamic API and intuitive Admin App. It allows both administrators and non-technical users to view and manage the content/data stored in pure SQL databases. It can be used as a headless CMS for managing project content, a database client for modeling and viewing raw data, or as customizable WebApp. - -# Security Features -Directus offers the following features: - -``` -| Field Suggestions | Query Depth Limit | Query Cost Analysis | Automatic Persisted Queries | Introspection | Debug Mode | Batch Requests | -|-------------------|--------------------|----------------------|-----------------------------|--------------------|----------------|----------------| -| On by Default | No Support | No Support | No Support | Enabled by Default | Off by Default | No Support | -``` \ No newline at end of file diff --git a/docs/flutter.md b/docs/flutter.md deleted file mode 100644 index c8730be..0000000 --- a/docs/flutter.md +++ /dev/null @@ -1,17 +0,0 @@ -# Flutter - -# Table of Contents -* [About](#About) -* [Security Features](#Security-Features) - -# About -Flutter is GraphQL writte in Dart - -# Security Features -Flutter offers the following security features: - -``` -| Field Suggestions | Query Depth Limit | Query Cost Analysis | Automatic Persisted Queries | Introspection | Debug Mode | Batch Requests | -|-------------------|-------------------|---------------------|-----------------------------|----------------|----------------|-----------------| -| On by Default | No Support | No Support | No Support | On by Default | No Support | No Support | -``` \ No newline at end of file diff --git a/docs/gqlgen.md b/docs/gqlgen.md deleted file mode 100644 index 81660ee..0000000 --- a/docs/gqlgen.md +++ /dev/null @@ -1,17 +0,0 @@ -# gqlgen - -# Table of Contents -* [About](#About) -* [Security Features](#Security-Features) - -# About -gqlgen is a Go library for building GraphQL servers without any fuss, based on schema-first approach. - -# Security Features -gqlgen provides the following security features: - -``` -| Field Suggestions | Query Depth Limit | Query Cost Analysis | Automatic Persisted Queries | Introspection | Debug Mode | Batch Requests | -|-------------------|-------------------|---------------------|-----------------------------|---------------|----------------|-----------------| -| On by Default | No Support | Off by Default | Off by Default | On by Default | Off by Default | Off by Default | -``` \ No newline at end of file diff --git a/docs/graphene.md b/docs/graphene.md deleted file mode 100644 index d361a8f..0000000 --- a/docs/graphene.md +++ /dev/null @@ -1,17 +0,0 @@ -# Graphene - -# Table of Contents -* [About](#About) -* [Security Features](#Security-Features) - -# About -Graphene-Python is a library for building GraphQL APIs in Python easily, its main goal is to provide a simple but extendable API for making developers' lives easier. - -# Security Features -Graphene offers the following features: - -``` -| Field Suggestions | Query Depth Limit | Query Cost Analysis | Automatic Persisted Queries | Introspection | Debug Mode | Batch Requests | -|-------------------|-------------------|---------------------|-----------------------------|--------------------|------------|-----------------| -| On by Default | No Support | No Support | No Support | Enabled by Default | N/A | Off by Default | -``` \ No newline at end of file diff --git a/docs/graphql-go.md b/docs/graphql-go.md deleted file mode 100644 index b50d538..0000000 --- a/docs/graphql-go.md +++ /dev/null @@ -1,17 +0,0 @@ -# GraphQL-Go - -# Table of Contents -* [About](#About) -* [Security Features](#Security-Features) - -# About -An implementation of GraphQL in Go. - -# Security Features -graphql-go offers the following features: - -``` -| Field Suggestions | Query Depth Limit | Query Cost Analysis | Automatic Persisted Queries | Introspection | Debug Mode | Batch Requests | -|-------------------|-------------------|---------------------|-----------------------------|--------------------|----------------|-----------------| -| On by Default | No Support | No Support | No Support | Enabled by Default | Off by Default | No Support | -``` diff --git a/docs/graphql-java.md b/docs/graphql-java.md deleted file mode 100644 index 5d6b475..0000000 --- a/docs/graphql-java.md +++ /dev/null @@ -1,17 +0,0 @@ -# GraphQL Java - -# Table of Contents -* [About](#About) -* [Security Features](#Security-Features) - -# About -The GraphQL Java is an implementation of the GraphQL specification for the Java language. - -# Security Features -GraphQL Java offers the following security features: - -``` -| Field Suggestions | Query Depth Limit | Query Cost Analysis | Automatic Persisted Queries | Introspection | Debug Mode | Batch Requests | -|-------------------|-------------------|---------------------|-----------------------------|--------------------|------------|-----------------| -| On by Default | Off by Default | Off by Default | No Support | Enabled by Default | No Support | Off by Default | -``` \ No newline at end of file diff --git a/docs/graphql-php.md b/docs/graphql-php.md deleted file mode 100644 index 6e84438..0000000 --- a/docs/graphql-php.md +++ /dev/null @@ -1,17 +0,0 @@ -# graphql-php - -# Table of Contents -* [About](#About) -* [Security Features](#Security-Features) - -# About -graphql-php is a PHP implementation of the GraphQL specification. - -# Security Features -graphql-php offers the following features: - -``` -| Field Suggestions | Query Depth Limit | Query Cost Analysis | Automatic Persisted Queries | Introspection | Debug Mode | Batch Requests | -|-------------------|---------------------------------|---------------------------------|-----------------------------|--------------------|----------------|---------------------------------| -| On by Default | Supported - Disabled by Default | Supported - Disabled by Default | No Support | Enabled by Default | Off by Default | Supported - Disabled by Default | -``` \ No newline at end of file diff --git a/docs/graphql-yoga.md b/docs/graphql-yoga.md deleted file mode 100644 index 0177ea6..0000000 --- a/docs/graphql-yoga.md +++ /dev/null @@ -1,16 +0,0 @@ -# GraphQL Yoga - -# Table of Contents -* [About](#About) -* [Security Features](#Security-Features) - -# About -GraphQL Yoga is a fully-featured GraphQL Server with focus on easy setup, performance & great developer experience - -# Security Features -GraphQL Yoga offers the following security features: -``` -| Field Suggestions | Query Depth Limit | Query Cost Analysis | Automatic Persisted Queries | Introspection | Debug Mode | Batch Requests | -|-------------------|-------------------|---------------------|-----------------------------|----------------|----------------|-----------------| -| On by Default | Off by Default | No Support | No Support | Off by Default | Off by Default | Off by Default | -``` diff --git a/docs/graphqlapiforwp.md b/docs/graphqlapiforwp.md deleted file mode 100644 index 7cca930..0000000 --- a/docs/graphqlapiforwp.md +++ /dev/null @@ -1,25 +0,0 @@ -# GraphQL API For WordPress - -# Table of Contents -* [About](#About) -* [Security Features](#Security-Features) - -# About -GraphQL API For WordPress bring the most powerful GraphQL experience into your WordPress site - -# Security Features -GraphQL API For WordPress provides the followign security features: - -``` -| Field Suggestions | Query Depth Limit | Query Cost Analysis | Automatic Persisted Queries | Introspection | Debug Mode | Batch Requests | -|-------------------|-------------------|---------------------|-----------------------------|---------------|------------|-----------------| -| On by Default | No Support | No Support | Off by Default | N/A | No Support | No Support | -``` - -While GraphQL API for Wordpress does not provide common security mechanisms out of the box, it does provide additional controls: - -* Access Control Lists -* Persisted Queries on custom endpoints -* Access granularity on schemas - -The existence of these features in practice depends on the WordPress Admin, they may or may not be enabled. \ No newline at end of file diff --git a/docs/hasura.md b/docs/hasura.md deleted file mode 100644 index 1798fb6..0000000 --- a/docs/hasura.md +++ /dev/null @@ -1,19 +0,0 @@ -# Hasura - -# Table of Contents -* [About](#About) -* [Security Features](#Security-Features) - -# About -The Hasura GraphQL engine makes your data instantly accessible over a real-time GraphQL API, so you can build and ship modern apps and APIs faster. Hasura connects to your databases, REST servers, GraphQL servers, and third party APIs to provide a unified realtime GraphQL API across all your data sources. - -# Security Features -While Hasura Cloud provides some security mechanisms, Hasura API (the non-cloud version) provides a limited set of security features: - -``` -| Field Suggestions | Query Depth Limit | Query Cost Analysis | Automatic Persisted Queries | Introspection | Debug Mode | Batch Requests | -|-------------------|-------------------|---------------------|-----------------------------|---------------|------------|-----------------| -| On by Default | No Support | No Support | No Support | N/A | No Support | No Support | -``` - -Hasura non-cloud provides Access Control Lists options, however, they must be explicitly enabled and used. \ No newline at end of file diff --git a/docs/hypergraphql.md b/docs/hypergraphql.md deleted file mode 100644 index f2f2170..0000000 --- a/docs/hypergraphql.md +++ /dev/null @@ -1,17 +0,0 @@ -# HyperGraphQL - -# Table of Contents -* [About](#About) -* [Security Features](#Security-Features) - -# About -An implementation of GraphQL in Java - -# Security Features -HyperGraphQL offers the following features: - -``` -| Field Suggestions | Query Depth Limit | Query Cost Analysis | Automatic Persisted Queries | Introspection | Debug Mode | Batch Requests | -|-------------------|-------------------|---------------------|-----------------------------|--------------------|------------|-----------------| -| No Support | No Support | No Support | No Support | Enabled by Default | No Support | No Support | -``` diff --git a/docs/juniper.md b/docs/juniper.md deleted file mode 100644 index 470f26e..0000000 --- a/docs/juniper.md +++ /dev/null @@ -1,17 +0,0 @@ -# Juniper - -# Table of Contents -* [About](#About) -* [Security Features](#Security-Features) - -# About -Juniper is a GraphQL server library for Rust. Build type-safe and fast API servers with minimal boilerplate and configuration. - -# Security Features -Juniper offers the following security features: - -``` -| Field Suggestions | Query Depth Limit | Query Cost Analysis | Automatic Persisted Queries | Introspection | Debug Mode | Batch Requests | -|-------------------|-------------------|---------------------|-----------------------------|----------------|----------------|-----------------| -| No Support | No Support | No Support | No Support | On by Default | No Support | Offby Default | -``` \ No newline at end of file diff --git a/docs/lighthouse.md b/docs/lighthouse.md deleted file mode 100644 index f138612..0000000 --- a/docs/lighthouse.md +++ /dev/null @@ -1,17 +0,0 @@ -# Lighthouse - -# Table of Contents -* [About](#About) -* [Security Features](#Security-Features) - -# About -Lighthouse is a GraphQL framework that integrates with your Laravel application. It takes the best ideas of both and combines them to solve common tasks with ease and offer flexibility when you need it. - -# Security Features -Lighthouse offers the following features: - -``` -| Field Suggestions | Query Depth Limit | Query Cost Analysis | Automatic Persisted Queries | Introspection | Debug Mode | Batch Requests | -|-------------------|-------------------|---------------------|-----------------------------|--------------------|----------------|-----------------| -| On by Default | Supported | Supported | No Support | Enabled by Default | Off by Default | On by Default | -``` \ No newline at end of file diff --git a/docs/ruby-graphql.md b/docs/ruby-graphql.md deleted file mode 100644 index cf6b180..0000000 --- a/docs/ruby-graphql.md +++ /dev/null @@ -1,17 +0,0 @@ -# Ruby GraphQL - -# Table of Contents -* [About](#About) -* [Security Features](#Security-Features) - -# About -ruby-graphql is a Ruby implementation of the GraphQL specification. - -# Security Features -Ruby GraphQL provides the following security features: - -``` -| Field Suggestions | Query Depth Limit | Query Cost Analysis | Automatic Persisted Queries | Introspection | Debug Mode | Batch Requests | -|-------------------|-------------------|---------------------|-----------------------------|--------------------|------------|-----------------| -| On by Default | No Support | Off by Default | Off by Default | Enabled by Default | No Support | On by Default | -``` \ No newline at end of file diff --git a/docs/sangria.md b/docs/sangria.md deleted file mode 100644 index daa882a..0000000 --- a/docs/sangria.md +++ /dev/null @@ -1,17 +0,0 @@ -# Sangria - -# Table of Contents -* [About](#About) -* [Security Features](#Security-Features) - -# About -Sangria is a Scala GraphQL Implementation. - -# Security Features -Sangria offers the following security features: - -``` -| Field Suggestions | Query Depth Limit | Query Cost Analysis | Automatic Persisted Queries | Introspection | Debug Mode | Batch Requests | -|-------------------|-------------------|---------------------|-----------------------------|----------------|----------------|-----------------| -| On by Default | Off by Default | Off by Default | No Support | On by Default | No Support | Off by Default | -``` \ No newline at end of file diff --git a/docs/strawberry.md b/docs/strawberry.md deleted file mode 100644 index 20869d1..0000000 --- a/docs/strawberry.md +++ /dev/null @@ -1,17 +0,0 @@ -# Strawberry - -# Table of Contents -* [About](#About) -* [Security Features](#Security-Features) - -# About -Strawberry is a new GraphQL library for Python 3, inspired by dataclasses. - -# Security Features -Strawberry offers the following features: - -``` -| Field Suggestions | Query Depth Limit | Query Cost Analysis | Automatic Persisted Queries | Introspection | Debug Mode | Batch Requests | -|-------------------|-------------------|---------------------|-----------------------------|--------------------|------------|-----------------| -| On by Default | Off by Default | No Support | No Support | Enabled by Default | N/A | No Support | -``` \ No newline at end of file diff --git a/docs/tartiflette.md b/docs/tartiflette.md deleted file mode 100644 index f466e34..0000000 --- a/docs/tartiflette.md +++ /dev/null @@ -1,19 +0,0 @@ -# Tartiflette - -# Table of Contents -* [About](#About) -* [Security Features](#Security-Features) - -# About -Tartiflette is a library for building GraphQL APIs in Python, built with Python 3.6+ - -# Security Features -Tartiflette offers the following features: - -``` -| Field Suggestions | Query Depth Limit | Query Cost Analysis | Automatic Persisted Queries | Introspection | Debug Mode | Batch Requests | -|-------------------|-------------------|---------------------|-----------------------------|--------------------|------------|-----------------| -| No Support | No Support | No Support | No Support | Enabled by Default | N/A | No Support | -``` - -Despite Tartiflette not having basic security support, it does provide [rate limits on a per field basis](https://tartiflette.io/docs/tutorial/rate-limit-fields-with-directives). diff --git a/docs/templ.md b/docs/templ.md deleted file mode 100644 index 39bb073..0000000 --- a/docs/templ.md +++ /dev/null @@ -1,9 +0,0 @@ -# ProductName - -# Table of Contents -* [About](#About) -* [Security Features](#Security-Features) - -# About - -# Security Features \ No newline at end of file diff --git a/docs/wpgraphql.md b/docs/wpgraphql.md deleted file mode 100644 index 928ea2e..0000000 --- a/docs/wpgraphql.md +++ /dev/null @@ -1,16 +0,0 @@ -# WPGraphQL - -# Table of Contents -* [About](#About) -* [Security Features](#Security-Features) - -# About -WPGraphQL is a WordPress plugin which provides a WordPress instance with immediate GraphQL API support. - -# Security Features -WPGraphQL offers the following security features: -``` -| Field Suggestions | Query Depth Limit | Query Cost Analysis | Automatic Persisted Queries | Introspection | Debug Mode | Batch Requests | -|-------------------|-------------------|---------------------|-----------------------------|----------------|----------------|-----------------| -| On by Default | Off by Default | No Support | No Support | Off by Default | Off by Default | On by Default | -``` \ No newline at end of file diff --git a/graphw00f/helpers.py b/graphw00f/helpers.py index 5bf7bde..fb1ec96 100644 --- a/graphw00f/helpers.py +++ b/graphw00f/helpers.py @@ -70,145 +70,145 @@ def get_engines(): 'apollo':{ 'name':'Apollo', 'url':'https://www.apollographql.com', - 'ref':'https://github.com/dolevf/graphw00f/blob/main/docs/apollo.md', + 'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/apollo.md', 'technology':['JavaScript', 'Node.js', 'TypeScript'] }, 'aws-appsync':{ 'name':'AWS AppSync', 'url':'https://aws.amazon.com/appsync', - 'ref':'https://aws.amazon.com/appsync', + 'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/appsync.md', 'technology':[], }, 'graphene':{ 'name':'Graphene', 'url':'https://graphene-python.org', - 'ref':'https://github.com/dolevf/graphw00f/blob/main/docs/graphene.md', + 'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/graphene.md', 'technology':['Python'] }, 'hasura':{ 'name':'Hasura', 'url':'https://hasura.io', - 'ref':'https://github.com/dolevf/graphw00f/blob/main/docs/hasura.md', + 'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/hasura.md', 'technology':['Haskell'] }, 'graphql-php':{ 'name':'GraphQL PHP', 'url':'https://webonyx.github.io/graphql-php', - 'ref':'https://github.com/dolevf/graphw00f/blob/main/docs/graphql-php.md', + 'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/graphql-php.md', 'technology':['PHP'] }, 'ruby-graphql':{ 'name':'Ruby GraphQL', 'url':'https://graphql-ruby.org', - 'ref':'https://github.com/dolevf/graphw00f/blob/main/docs/ruby-graphql.md', + 'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/graphql-ruby.md', 'technology':['Ruby'] }, 'hypergraphql':{ 'name':'HyperGraphQL', 'url':'https://www.hypergraphql.org', - 'ref':'https://github.com/dolevf/graphw00f/blob/main/docs/hypergraphql.md', + 'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/hypergraphql.md', 'technology':['Java'] }, 'ariadne':{ 'name':'Ariadne', 'url':'https://ariadnegraphql.org', - 'ref':'https://github.com/dolevf/graphw00f/blob/main/docs/ariadne.md', + 'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/ariadne.md', 'technology':['Python'] }, 'graphql-api-for-wp':{ 'name':'GraphQL API for Wordpress', 'url':'https://graphql-api.com', - 'ref':'https://github.com/dolevf/graphw00f/blob/main/docs/graphqlapiforwp.md', + 'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/graphql-api-for-wp.md', 'technology':['PHP'], }, 'wpgraphql':{ 'name':'WPGraphQL WordPress Plugin', 'url':'https://www.wpgraphql.com', - 'ref':'https://github.com/dolevf/graphw00f/blob/main/docs/wpgraphql.md', + 'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/wp-graphql.md', 'technology':['PHP'] }, 'gqlgen':{ 'name':'gqlgen - GraphQL for Go', 'url':'https://gqlgen.com', - 'ref':'https://github.com/dolevf/graphw00f/blob/main/docs/gqlgen.md', + 'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/gqlgen.md', 'technology':['Go'] }, 'graphql-go':{ 'name':'graphql-go -GraphQL for Go', 'url':'https://github.com/graphql-go/graphql', - 'ref':'https://github.com/dolevf/graphw00f/blob/main/docs/graphql-go.md', + 'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/graphql-go.md', 'technology':['Go'] }, 'graphql-java':{ 'name':'graphql-java - GraphQL for Java', 'url':'https://www.graphql-java.com', - 'ref':'https://github.com/dolevf/graphw00f/blob/main/docs/graphql-java.md', + 'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/graphql-java.md', 'technology':['Java'] }, 'juniper':{ 'name':'Juniper - GraphQL for Rust', 'url':'https://graphql-rust.github.io', - 'ref':'https://github.com/dolevf/graphw00f/blob/main/docs/juniper.md', + 'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/juniper.md', 'technology':['Rust'] }, 'sangria':{ 'name':'Sangria - GraphQL for Scala', 'url':'https://sangria-graphql.github.io', - 'ref':'https://github.com/dolevf/graphw00f/blob/main/docs/sangria.md', + 'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/sangria.md', 'technology':['Scala'] }, 'flutter':{ 'name':'Flutter - GraphQL for Dart', 'url':'https://github.com/zino-app/graphql-flutter', - 'ref':'https://github.com/dolevf/graphw00f/blob/main/docs/flutter.md', + 'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/gql-dart.md', 'technology':['Dart'] }, 'dianajl':{ 'name':'Diana.jl - GraphQL for Julia', 'url':'https://github.com/neomatrixcode/Diana.jl', - 'ref':'https://github.com/dolevf/graphw00f/blob/main/docs/dianajl.md', + 'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/diana.md', 'technology':['Julia'] }, 'strawberry':{ 'name':'Strawberry - GraphQL for Python', 'url':'https://github.com/strawberry-graphql/strawberry', - 'ref':'https://github.com/dolevf/graphw00f/blob/main/docs/strawberry.md', + 'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/strawberry.md', 'technology':['Python'] }, 'tartiflette':{ 'name':'tartiflette - GraphQL for Python', 'url':'https://github.com/tartiflette/tartiflette', - 'ref':'https://github.com/dolevf/graphw00f/blob/main/docs/tartiflette.md', + 'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/tartiflette.md', 'technology':['Python'] }, 'dgraph':{ 'name':'Dgraph', 'url':'https://dgraph.io/', - 'ref':'https://github.com/dolevf/graphw00f/blob/main/docs/dgraph.md', + 'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/dgraph.md', 'technology':['JavaScript'] }, 'directus':{ 'name':'Directus', 'url':'https://directus.io/', - 'ref':'https://github.com/dolevf/graphw00f/blob/main/docs/directus.md', + 'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/directus.md', 'technology':['TypeScript'] }, 'graphql_yoga':{ 'name':'GraphQL Yoga', 'url':'https://github.com/dotansimha/graphql-yoga', - 'ref':'https://github.com/dolevf/graphw00f/blob/main/docs/graphql-yoga.md', + 'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/graphql-yoga.md', 'technology':['TypeScript'] }, 'lighthouse':{ 'name':'Lighthouse', 'url':'https://github.com/nuwave/lighthouse', - 'ref':'https://github.com/dolevf/graphw00f/blob/main/docs/lighthouse.md', + 'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/lighthouse.md', 'technology':['PHP'] }, 'agoo':{ 'name':'Agoo', 'url':'https://github.com/ohler55/agoo', - 'ref':'https://github.com/dolevf/graphw00f/blob/main/docs/agoo.md', + 'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/agoo.md', 'technology':['Ruby'] } } diff --git a/static/threat-matrix.png b/static/threat-matrix.png new file mode 100644 index 0000000..5a4e315 Binary files /dev/null and b/static/threat-matrix.png differ diff --git a/version.py b/version.py index 0ad4a58..7aa8b1a 100644 --- a/version.py +++ b/version.py @@ -1 +1 @@ -VERSION = '1.1.1' +VERSION = '1.1.2'