Active attacks can inject into GraphQL request bodies

Purpose

Request bodies that are GraphQL should be injected with active check attacks. Injection locations should be created for string values in the query. A maximum of 5 injection locations should be created encompassing both queries and mutations.

Example

A request that sends the body:

mutation {
 updateAuthor ( authorId:1, firstName: "Aldous", lastName: "Huxley")
 {
  id
  firstName
  lastName
 }
}

Injection locations should be created for firstName and lastName.