Update ZAP graphql addon to version 0.17.0 (!801) · Merge requests · GitLab.org / security-products / dast · GitLab

David Nelson requested to merge update-zap-graphql into main Sep 01, 2023

Upgraded ZAP add-on `GraphQL Support` to 0.17.0

Added

It is now possible to disable the query generator completely.
An informational alert is raised when the GraphQL server implementation is identified using fingerprinting techniques.
An informational alert is raised if a GraphQL endpoint that supports introspection is discovered during spidering.
Support for relative file paths in the Automation Framework job.

Changed

Dependency updates and maintenance changes.
Improved detection of GraphQl endpoints while spidering.
It is no longer a requirement for schema URLs to end with .graphql or .graphqls when importing from the UI.

Fixed

Display the whole operation name in the Sites tree (could be missing a character).
Do not report errors parsing valid JSON arrays.
Fixed exception in the variant when POST message has empty body and no content-type (Issue 7689).