⛏️ Write test to detect CSRF vulnerability in GraphQL APIs

[Ankita28g]

💭 Introduction: Report: CSRF on /api/graphql allows executing mutations through GET requests https://0xn3va.gitbook.io/cheat-sheets/web-application/graphql-vulnerabilities#bypass-of-csrf-protection

🎯 Requirements:

1. Filters - The should run only for GraphQL-related endpoints. eg here
2. Execute - Modify headers and payload according to blog link
3. Validate - If response contains 2xx response.

📚 Reading You can find a detailed documentation of test editor rules here Find 100+ examples of YAML tests here

✅ Task summary:

• [ ] Ask to be assigned to the issue.
• [ ] Wait to be assigned. We will try to assign in less than 2 hours.
• [ ] Signup for Akto
• [ ] Fork the tests-library repository, create a new branch and commit the yaml file which will be called in your test.
• [ ] Submit the PR here.

🙋🏼‍♂️ Questions: If you have questions, need any help, or just want to hang out, make sure to join us on our Discord server.

[Anurag-space]

@ankush-jain-akto @Ankita28g i want to work on this issue. Could you please assign me this issue. Thank You

[avneesh-akto]

I have assigned it to you @Anurag-space. Happy hacking 🚀 . Feel free to join our Discord