Damn-Vulnerable-GraphQL-Application
Damn-Vulnerable-GraphQL-Application copied to clipboard
dolevf
[Feature request] python 3.10 supports
I have seen:
- #34
- the readme saying
Note: Python 3.10 is not supported yet! - the Dockerfile using python 3.7
Would be nice to have python 3.10 support for server install.
I can give this a look. In the past, if I recall correctly, some of the dependencies that DVGA uses do not yet support 3.10 themselves. I will check whether there has been any progress.
Yeah, so I looked into this and it appears the websockets/graphql subscription functionality is broken and not currently supported in 3.10. We will need to swap out flask-sockets library with something which is not a small lift. We may look into this in the future but at this point we will put this on ice.
@noraj please see branch https://github.com/dolevf/Damn-Vulnerable-GraphQL-Application/tree/dvga-py3-10 where we have DVGA running on Python 3.10, and if possible, please give it a test run to see everything is working as expected, in particular:
- WebSockets
- GraphQL Subscriptions
Subscription request
With Python 3.10 from the dvga-py3-10
With Python 3.7 from the dockerhub image
So I don't have a working subscription request that I could test.
you can use Altair Client, I believe GraphiQL doesn't support subscriptions
I tried it with Insomnia too, that claims to support websockets https://github.com/Kong/insomnia/discussions/4477, cf. https://insomnia.rest/changelog#2022.6.0 and https://docs.insomnia.rest/insomnia/websockets. So I asked if it supports GraphQL subscriptions.
Well then, I'll try again with Altair.
I'm going to look into the errors that you're observing. Another way you can explore this is:
- Load the UI
- Go to Public Pastes
- Create a paste with the mutation createPaste
- Observe that the Public Paste page (step 2) updated the page immediately without a refresh
https://user-images.githubusercontent.com/5857304/208740937-cf0c970f-edfe-495e-9b9e-acdaf94ea159.mp4