Review graphql-cop capabilities
API Security performs testing of GraphQL endpoints. Security issues for GraphQL is still an area of research, as such any new tools should be reviewed to identify testing gaps with API Security.
Review the new graphql-cop tool and identify issue detections that are missing from API Security. For detections that could be added, create issues for each one.
https://github.com/dolevf/graphql-cop
Detections From GraphQL-Cop
- Alias Overloading (DoS)
- Batch Queries (DoS)
- GET based Queries (CSRF)
- GraphQL Tracing / Debug Modes (Info Leak)
- Field Duplication (DoS)
- Field Suggestions (Info Leak)
- GraphiQL (Info Leak)
- Introspection (Info Leak)
- Directives Overloading (DoS)
Edited by Michael Eddington