Project description

clairvoyance

Some GraphQL APIs have disabled introspection. For example, Apollo Server disables introspection automatically if the NODE_ENV environment variable is set to production.

Clairvoyance allows us to get GraphQL API schema when introspection is disabled. It produces schema in JSON format suitable for other tools like GraphQL Voyager, InQL or graphql-path-enum.

Acknowledgments

Thanks to Swan from Escape-Technologies for 2.0 version.

Usage

From Python interpreter

git clone https://github.com/nikitastupin/clairvoyance.git
cd clairvoyance
pip install poetry
poetry config virtualenvs.in-project true
poetry install --no-dev
source .venv/bin/activate

python3 -m clairvoyance --help

python3 -m clairvoyance -o /path/to/schema.json https://swapi-graphql.netlify.app/.netlify/functions/index

From Docker Image

docker run --rm nikitastupin/clairvoyance --help

# Assuming the wordlist.txt file is found in $PWD
docker run --rm -v $(pwd):/tmp/ nikitastupin/clairvoyance -vv -o /tmp/schema.json -w /tmp/wordlist.txt https://swapi-graphql.netlify.app/.netlify/functions/index

You can refer to 2nd half of GraphQL APIs from bug hunter's perspective by Nikita Stupin talk for detailed description.

Which wordlist should I use?

There are at least two approaches:

Use general English words (e.g. google-10000-english).
Create target specific wordlist by extracting all valid GraphQL names from application HTTP traffic, from mobile application static files, etc. Regex for GraphQL name is [_A-Za-z][_0-9A-Za-z]*.

Environment Variables

LOG_FMT=`%(asctime)s \t%(levelname)s\t| %(message)s` # A string format for logging.
LOG_DATEFMT=`%Y-%m-%d %H:%M:%S` # A string format for logging date.
LOG_LEVEL=`INFO` # A string level for logging.

Support

In case of question or issue with clairvoyance please refer to wiki or issues. If this doesn't solve your problem feel free to open a new issue.

Contributing

Pull requests are welcome! For major changes, please open an issue first to discuss what you would like to change. For more information about tests, internal project structure and so on refer to Development wiki page.

Project details

These details have not been verified by PyPI

Project links

Release history Release notifications | RSS feed

2.5.2

Jul 10, 2023

2.5.1

Mar 18, 2023

2.0.6

Dec 5, 2022

This version

2.0.1

Aug 20, 2022

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

clairvoyance-2.0.1.tar.gz (53.2 kB view hashes)

Uploaded Aug 20, 2022 Source

Built Distribution

clairvoyance-2.0.1-py3-none-any.whl (58.6 kB view hashes)

Uploaded Aug 20, 2022 Python 3

Hashes for clairvoyance-2.0.1.tar.gz

Hashes for clairvoyance-2.0.1.tar.gz
Algorithm	Hash digest
SHA256	`7aacd6c166c3bf3b9ffecd411c6e40b14a38f2482c83b3268f6351698e1cf44c`
MD5	`aab7d9170caa4509d72acfac91ecf318`
BLAKE2b-256	`a44ed3b9d8377b0afc8650ad819234b76094e544ccd8027b17f761064e002f7f`

Hashes for clairvoyance-2.0.1-py3-none-any.whl

Hashes for clairvoyance-2.0.1-py3-none-any.whl
Algorithm	Hash digest
SHA256	`403449240f20f9da5f52283e36fcddc81baf466b1910af6319571a04d5c87c2a`
MD5	`5f1444e40047b262092b5f6c7759fe81`
BLAKE2b-256	`954c9606e8a057985efc08b0f39dd0be4548a2a93c65ab48e0535cc82cbaf220`