Unable to use tool error this error occurs

[zenython]

Traceback (most recent call last):
File "/home/user/tools/graphql-cop/graphql-cop.py", line 11, in
from lib.tests.info_field_suggestions import field_suggestions
File "/home/user/tools/graphql-cop/lib/tests/info_field_suggestions.py", line 2, in
from lib.utils import graph_query, get_error, curlify
File "/home/user/tools/graphql-cop/lib/utils.py", line 168
'''
^
SyntaxError: f-string: expecting '}'

[jankoksik]

Hi,
is the issue with the new realese or new updated version?
I will check everything in a moment

[jankoksik]

@zenython I can't reproduce the error :(
Can you provide more information?
python version? command you used ?
I will try to fix this error as fast as possible for you.

[zenython]

i think its because of the way of writing syntax in utils.py", line 168 the script is expecting " } "

[zenython]

python version : Python 3.11.9
and all the requirement latest versions
command used :- python3 graphql-cop.py -h

[jankoksik]

i think its because of the way of writing syntax in utils.py", line 168 the script is expecting " } "

yea but its one line if in f string { } section so it shouldnt be an issue

[jankoksik]

@zenython try updating python to 3.12.0.
I see in the python documentation that they changed something with fstings in this versions.
In my free time i will try to make code more universal :(

[jankoksik]

please let me know if it would work

[dolevf]

I've reverted graphql cop to pre-html reporting feature for now. The tool needs to support not only 3.12

[jankoksik]

There was an issue with fstrings with previous versions of python. I am finishing fix for this :)

[zenython]

Thanks for the fast response and efforts ! 🙏

[jankoksik]

No problem ;)
The fix is ready and waiting in the pull request section.
I would appreciate the review :D

[zenython]

ok lemme see !

[zenython]

yes it works now, great thankyou for the efforts 👍❤️

[jankoksik]

No problem 🫡
Thanks for checking and i hope you will enjoy the changes 😁

[zenython]

there is a problem again 🥲

[zenython]

now this time when is use -f the application crashes

as well as while doing normal query it works good but when i add proxy it says it doesn't have any graphql endpoint
without proxy :-

with proxy :-

and when i use force this error occurs :-

[jankoksik]

Hmmm let me check

[jankoksik]

its not a problem related to my part of the code so i will need some time to analyze

[jankoksik]

can you check for me if this code will work?

def curlify(obj):
  req = obj['request']
  command = "curl -X {method} -H {headers} -d '{data}' '{uri}'"
  method = req['method']
  uri = req["url"]
  if req["body"]:
    try:
      data = req["body"].decode('UTF-8')
    except:
      reqb = bytes(req["body"], 'UTF-8')
      data = reqb.decode('UTF-8')
  else:
    data = ''
  headers = ['"{0}: {1}"'.format(k, v) for k, v in req["headers"].items()]
  headers = " -H ".join(headers)
  return command.format(method=method, headers=headers, data=data, uri=uri)

please let me know

[jankoksik]

Does the issue occur on the 1.12 version as well?

[jankoksik]

@zenython Soooooo i rly tried to reproduce your errors so in my fork i created a massive github actions that tests code from python 3.7 to 3.12 and i still cant reproduce it 🙁

check pull request : #38

[zenython]

sorry there i was out of the town ! wait a sec i will check again

[zenython]

still the error occurs! 🥲

[jankoksik]

hmmm, I guess you are using burp as your proxy.
I am thinking how we can debug it on your side so we know what crashes the app.
Can you check if there is also a problem with 1.12 realese?

[zenython]

yes ! btw you haven't pushed the updated code !?

[zenython]

i this there is a problem with curlify while handling the directories properly

[jankoksik]

can you try changing curlify from utils.py to this code and check it for me ? :

def curlify(obj):
  print(obj)
  req = obj['request']
  command = "curl -X {method} -H {headers} -d '{data}' '{uri}'"
  method = req['method']
  uri = req["url"]
  if req["body"]:
    try:
      data = req["body"].decode('UTF-8')
    except:
      reqb = bytes(req["body"], 'UTF-8')
      data = reqb.decode('UTF-8')
  else:
    data = ''
  headers = ['"{0}: {1}"'.format(k, v) for k, v in req["headers"].items()]
  headers = " -H ".join(headers)
  return command.format(method=method, headers=headers, data=data, uri=uri)

[zenython]

okay lemme check

[jankoksik]

any updates? :D

[zenython]

no still the error occurs !

[jankoksik]

And can you provide the output?
There was a print of object before entering the code further.
Is it empty? If so then smth went wrong earlier.

[jankoksik]

No matter how hard i try i cant reproduce those errors...

> python .\graphql-cop.py -t [...] --proxy=http://127.0.0.1:8080 -f
Running a forced scan against the endpoint /graphiql
Running a forced scan against the endpoint /playground
Running a forced scan against the endpoint /console
Running a forced scan against the endpoint /graphql

Burp is correctly used as a proxy.

im sorry :(

[zenython]

i think python version is creating problem in my pc

[jankoksik]

Well it can be but i am testing different versions using github actions.
Maybe venv broke?
Do you have docker to try to run it?
I will write dockerfile for you when i will be home :)