Skip to main content

Graphql文档解析工具,提供解析成前端/Postman可用的query语句(.gql)或者RESTFul可使用的(.json)文件能力

Project description

graphql_schema_parse

解析GraphQL文档,并提供将其转成**.gql**(前端查询可用得query字符串),.json(requests可用得json关键字参数接收数据)

GraphQL

GraphQL 既是一种用于 API 的查询语言也是一个满足你数据查询的运行时,详细内容点击标题访问官网 在实际工作种,最常用的是 query(查询), mutation(更改/新增), subscription

当发起一个GraphQL请求之后,通过抓包能够发现,最终和RESTFul发送请求没多大区别,它指定了JSON格式传参数,大致如下

{
  "query": " query users {\n        users{\n                  id\n                  username\n                 }\n             \n        }\n        ",
  "variables": {},
  "operationName": "users"
}
{
  "query": "mutation addUser($username: String!, $password: String!) {\n  addUser(username: $username, password: $password) {\n    id\n    username\n  }\n}\n",
  "variables": {
    "username": "gql",
    "password": "gql1"
  },
  "operationName": "addUser"
}
{
  "query": "mutation addUserInput($user: AddUserInput!) {\n  addUserInput(user: $user) {\n    id\n    username\n  }\n}\n",
  "variables": {
    "user": {
      "username": "haha",
      "password": "gg"
    }
  },
  "operationName": "addUserInput"
}
  • query: 其实就是生成的查询部分语句,前端传字段后端定义有返回
  • variables: 使用query语句中的变量名
  • operationName: 则是后端在实现时指定的接口名称(暂时这么理解吧) 这里用的Python语言,实际 _ 会被转换成 驼峰写法

GraphQL示例应用

提供的GraphQL示例应用源码地址:https://gitee.com/zy7y/starlette-example

源码使用

  1. 克隆
git clone https://gitee.com/zy7y/starlette-example
  1. 安装依赖
pip install -r requirements.txt 
pip install strawberry-graphql[debug-server]

3. 启动

cd injection_service\graphql
strawberry server schema 

访问:http://127.0.0.1:8000

通过url获取接口文档

# 转JSON
gql parse http://127.0.0.1:8000 目录地址

# 转GQL
gql parse http://127.0.0.1:8000 --to gql 目录地址

# 转sqlmap(-r HTTP请求信息.txt)
# 带json
gql parse http://127.0.0.1:8000 --headers .\examples\headers.json --to sqlmap .\examples\sqlmap(json)示例
# 不带json
gql parse http://127.0.0.1:8000 --to sqlmap .\examples\sqlmap示例

需要Token认证

// 新建headers.json 如下
{
"Authorization": "Bearer token"
}
gql parse http://127.0.0.1:8000 --headers headers.json 目录地址

url获取示例

使用graphql-schema-parse

安装

pip install graphql-schema-parse

通过SDL获取接口文档

  1. 前置条件
# 在执行启动服务相同目录下执行, 得到SDL
strawberry export-schema schema > schema.graphql

2. 通过graphql文件转换成gql sdl文件必须是utf-8编码,不是则自行修改

gql parse examples\schema.graphql --to gql 目录地址

测试

  1. gql文件(查询-query) 将生成的users.gql 文件内容复制到127.0.0.1:8000当中
  2. gql文件(突变-mutation) 将生成的addUser.gql 文件内容复制到127.0.0.1:8000当中
  3. json文件(查询-query) 将生成的users.json 文件内容赋值给data,使用requests包发送请求,代码如下
from requests import post

url = "http://127.0.0.1:8000/graphql"
data = {
    "query": " query users {\n        users{\n                  id\n                  username\n                 }\n             \n        }\n        ",
    "variables": {}, "operationName": "users"}
print(post(url, json=data).json())

4. json文件(突变-mutation) 将生成的addUsers.json 文件内容赋值给data,使用requests包发送请求,代码如下

from requests import post

url = "http://127.0.0.1:8000/graphql"
data = {
    "query": " mutation addUserInput ($user: AddUserInput!){\n        addUserInput (user: $user){\n                  id\n                  username\n                 }\n             \n        }\n        ",
    "variables": {"user": {"username": "", "password": ""}}, "operationName": "addUserInput"}
print(post(url, json=data).json())

5. txt文件(sqlmap -r httpinfo.txt, 可用于sqlmap sql注入扫描) addUserInput.txt文件内容

POST /graphql HTTP/1.1
HOST: http://127.0.0.1:8000
Authorization: Bearer token
Content-Type: application/json

{"query": " mutation addUserInput ($user: AddUserInput!){\n        addUserInput (user: $user){\n                  id\n                  username\n                 }\n             \n        }\n        ", "variables": {"user": {"username": "*", "password": "*"}}, "operationName": "addUserInput"}
# 安装sqlmap
pip install sqlmap

# 进行SQL注入扫描, sqlmap详细用法前往sqlmap官网学习
sqlmap -r addUserInput.txt --level 5 --risk 3

扫描过程中 扫描结果(获取到了我的数据库为SQLlite)

参数详情

gql parse --help 

output:

Usage: cli.py parse [OPTIONS] FROM_PATH TO_DIRECTORY

  将Graphql接口文档转成gql文件/Json文件 :param from_path: 接口文档地址, 本地JSON文件地址(.json) 或者 本地
  SDL文件(.schema ), 或者 服务器URL填入(服务器的IP:PORT) :param to: 转换之后的文件类型, 可选
  TO_DIRECTORY  生成文件保存目录,不存在时,自动创建  [required]

Options:
  --headers TEXT   url方式获取接口文档时,可选项传入请求头json文件地址
  --to [json|gql]  [default: ToType.to_json]
  --depth INTEGER  query语句体中可用查询字段递归深度  [default: 1]
  --help           Show this message and exit.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

graphql-schema-parse-0.2.0.tar.gz (10.9 kB view details)

Uploaded Source

Built Distribution

graphql_schema_parse-0.2.0-py3-none-any.whl (11.0 kB view details)

Uploaded Python 3

File details

Details for the file graphql-schema-parse-0.2.0.tar.gz.

File metadata

  • Download URL: graphql-schema-parse-0.2.0.tar.gz
  • Upload date:
  • Size: 10.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.1.12 CPython/3.9.6 Windows/10

File hashes

Hashes for graphql-schema-parse-0.2.0.tar.gz
Algorithm Hash digest
SHA256 5f46b01f8b714786fa8d79366832bb4f8dc726096ae984fbcf81100dc2f5b0e4
MD5 21e56905564f49f0e64c9fb94884ba0d
BLAKE2b-256 3305f26b12b528b64ffa7521cbc5dc52fde6a152f7581b010a1071812ffcbee9

See more details on using hashes here.

File details

Details for the file graphql_schema_parse-0.2.0-py3-none-any.whl.

File metadata

File hashes

Hashes for graphql_schema_parse-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 b78fe007e574f9d256ac15d502ef51e959be899c93155069bcd5ea1fbca3a849
MD5 5230d576b17e201b98868edaf260c49e
BLAKE2b-256 b3ca214dfbb940c1d89a27bcfe81c4b77c1ad2fe82c19d8290ff4104e0d4cb83

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page