How to use inql - 10 common examples
To help you get started, we’ve selected a few inql examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
doyensec / graph-ql / inql / introspection.py View on Github 
Main Introspection method.
:param args: arg parser alike arguments
:param print_help: print help lambda
:return: None
"""
# At least one between -t or -f (target) parameters must be set
if args.target is None and args.schema_json_file is None:
print(string_join(red, "Remote GraphQL Endpoint OR a Schema file in JSON format must be specified!", reset))
if print_help:
print_help()
exit(1)
# Only one of them -t OR -f :)
if args.target is not None and args.schema_json_file is not None:
print(string_join(red, "Only a Remote GraphQL Endpoint OR a Schema file in JSON format must be specified, not both!", reset))
if print_help:
print_help()
exit(1)
# Takes care of any configured proxy (-p param)
if args.proxy is not None:
print(string_join(yellow, "Proxy ENABLED: ", args.proxy, reset))
os.environ['http_proxy'] = args.proxy
os.environ['https_proxy'] = args.proxy
# Generate Headers object
headers = {}
if args.headers:
for k, v in args.headers:
headers[k] = v
content['query'] = self._textareas[name].getText()
else:
content[id]['query'] = self._textareas[name].getText()
SwingUtilities.invokeLater(lambda: self._textareas['raw'].setText(json.dumps(content)))
elif name.startswith('gql_variables#'):
id = int(name.split("#")[1])
content = json.loads(self._textareas['raw'].getText())
if id == 0 and not isinstance(content, list):
content['variables'] = json.loads(self._textareas[name].getText())
else:
content[id]['variables'] = json.loads(self._textareas[name].getText())
SwingUtilities.invokeLater(lambda: self._textareas['raw'].setText(json.dumps(content)))
except ValueError:
pass # Avoid crashing for JSON not valid incompatibilities
_textarea.getDocument().addDocumentListener(_PayloadListener(changed_update=on_change))
return thishttp_mutator = EnhancedHTTPMutator(
requests=args.requests,
stub_responses=args.stub_responses,
overrideheaders=overrideheaders)
graphiql_sender = GraphiQLSenderAction(omnimenu=graphiql_omnimenu, http_mutator=http_mutator)
custom_header_setter = CustomHeaderSetterAction(overrideheaders=overrideheaders, text="Set Custom Header")
cfg = [
['Proxy', args.proxy],
['Authorization Key', args.key],
['Load Placeholders', args.detect],
['Generate HTML DOC', args.generate_html],
['Generate Schema DOC', args.generate_schema],
['Generate Stub Queries', args.generate_queries],
['Accept Invalid SSL Certificate', args.insecure_certificate]
]
return GraphQLPanel(
actions=[custom_header_setter, graphiql_sender],
restore=json.dumps({'config': cfg}),
http_mutator=None,
requests=args.requests,
stub_responses=args.stub_responses
).app()
else:
return init(args, lambda: parser.print_help())else:
# Parse the local JSON file
with open(args.schema_json_file, "r") as s:
result_raw = s.read()
argument = json.loads(result_raw)
if args.generate_schema:
schema.generate(argument,
fpath=os.path.join(host, "schema-%s-%s.json" % (today, timestamp)))
if args.generate_html:
html.generate(argument,
fpath=os.path.join(host, "doc-%s-%s.html" % (today, timestamp)),
custom=custom,
target=args.target)
if args.generate_queries:
query.generate(argument,
qpath=os.path.join(host, "%s", today, timestamp, "%s"),
detect=args.detect,
custom=custom,
green_print=lambda s: print(string_join(green, "Writing Queries Templates", reset)))
else:
# Likely missing a required arguments
print("Missing Arguments")
if print_help:
print(white)
print_help()
print(reset)
exit(1)def async_run():
init(AttrDict(args.copy()))
self._state['runs'].append((
target, key, proxy, headers, load_placeholer, generate_html, generate_schema, generate_queries,
accept_invalid_certificate, flag))
self._fileview.refresh()files.addElement(thisObject)
# Pass two: for files.
for i in xrange(0, files.size()):
f = files.elementAt(i)
#if f.split('.')[-1] != 'html':
curDir.add(DefaultMutableTreeNode(files.elementAt(i)))
return curDir
if __name__ == "__main__":
frame = JFrame("FileTree")
frame.setForeground(Color.black)
frame.setBackground(Color.lightGray)
cp = frame.getContentPane()
cp.add(FileTree().this)
frame.pack()
frame.setVisible(True)
frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE)"""
This function will replace known GraphQL arguments types with placeholder values (useful for Burp Suite Repeater)
:param types:
Known types: String, Boolean, Float, Int, NOT_NULL
TODO: add the support for custom objects and lists (partially handled since v4.1)
:return:
Returns a placeholder accordingly to the provided type
"""
# strip the ! character (not null symbol) before returning the type
types = types.replace("!", "")
# Switch between known args types
if "String" in types:
# needed for Burp Repeater string handling
types = string_join('\\"', types, '\\"')
types = types.replace("String", "asd")
elif "Boolean" in types:
types = types.replace("Boolean", "true")
elif "Float" in types:
types = types.replace("Float", "0.5")
elif "Int" in types:
types = types.replace("Int", "1")
return types# Generate Headers object
headers = {}
if args.headers:
for k, v in args.headers:
headers[k] = v
if args.target is not None or args.schema_json_file is not None:
if args.target is not None:
# Acquire GraphQL endpoint URL as a target
host = urlparse(args.target).netloc
else:
# Acquire a local JSON file as a target
print(string_join(yellow, "Parsing local schema file", reset))
host = os.path.splitext(os.path.basename(args.schema_json_file))[0]
if args.detect:
print(string_join(yellow, "Detect arguments is ENABLED, known types will be replaced with placeholder values", reset))
# Used to generate 'unique' file names for multiple documentation
timestamp = str(int(time.time())) # Can be printed with: str(int(timestamp))
today = str(date.today())
# -----------------------
# Custom Objects are required for fields names in the documentation and templates generation
# old -c parameter, enabled by default
custom = True
# Generate the documentation for the target
if args.target is not None:
# Parse response from the GraphQL endpoint
argument = query_result(target=args.target,
key=args.key,
headers=headers,
verify_certificate=not args.insecure_certificate,
requests=args.requests,
stub_responses=args.stub_responses)if verify_certificate:
contents = urllib_request.urlopen(request).read()
else:
ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
contents = urllib_request.urlopen(request, context=ctx).read()
stub_responses[url.netloc] = contents
return contents
except Exception as e:
print(string_join(red, str(e), reset)) green_print=lambda s: print(string_join(green, "Writing Queries Templates", reset)))
Popular inql functions
- inql.actions.executor.ExecutorAction
- inql.actions.sendto.EnhancedHTTPMutator
- inql.actions.sendto.GraphiQLSenderAction
- inql.actions.setcustomheader.CustomHeaderSetterAction
- inql.burp_ext.CustomScanIssue
- inql.generators.html.generate
- inql.generators.query.generate
- inql.generators.schema.generate
- inql.introspection.init
- inql.utils.AttrDict
- inql.utils.inherits_popup_menu
- inql.utils.open
- inql.utils.raw_request
- inql.utils.string_join
- inql.widgets.filetree.FileTree
- inql.widgets.payloadview._PayloadListener
- inql.widgets.propertyeditor.PropertyEditor
- inql.widgets.propertyeditor.PropertyEditor.get_instance
- inql.widgets.propertyeditor.PropertyEditor.last_location
- inql.widgets.tab.GraphQLPanel