Beispiel #1
0
    def resolve(self, next, root, info, **kwargs):
        if helpers.is_level_hard():
            raise werkzeug.exceptions.SecurityError('GraphiQL is disabled')

        cookie = request.cookies.get('env')
        # if cookie and cookie == 'graphiql:enable':
        return next(root, info, **kwargs)
Beispiel #2
0
    def resolve(self, next, root, info, **kwargs):
        if helpers.is_level_hard():
            if info.field_name.lower() in ['__schema', '__introspection']:
                raise werkzeug.exceptions.SecurityError(
                    'Introspection is Disabled')

        return next(root, info, **kwargs)
Beispiel #3
0
def allowed_cmds(cmd):
    if helpers.is_level_easy():
        return True
    elif helpers.is_level_hard():
        if cmd.startswith(('echo', 'ps' 'whoami', 'tail')):
            return True
    return False
Beispiel #4
0
    def resolve(self, next, root, info, **kwargs):
        if helpers.is_level_hard():
            array_qry = []

            if info.context.json is not None:
                if isinstance(info.context.json, dict):
                    array_qry.append(info.context.json)

                for q in array_qry:
                    query = q.get('query', None)
                    if security.on_denylist(query):
                        raise werkzeug.exceptions.SecurityError(
                            'Query is on the deny list.')
        return next(root, info, **kwargs)
Beispiel #5
0
def strip_dangerous_characters(cmd):
    if helpers.is_level_easy():
        return cmd
    elif helpers.is_level_hard():
        return cmd.replace(';', '').replace('&', '')
    return cmd