diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 00c56eb..a03d153 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -16,18 +16,22 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + - uses: actions/setup-python@v4 + - name: Install dependencies - run: | - pip install poetry + run: pip install poetry + - name: Setup poetry run: | poetry config virtualenvs.in-project true poetry install --no-dev + - name: Build package run: | source .venv/bin/activate poetry build + - name: Upload package uses: pypa/gh-action-pypi-publish@release/v1 with: @@ -41,8 +45,8 @@ jobs: - name: Login to Docker Hub uses: docker/login-action@v2 with: - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Set up QEMU uses: docker/setup-qemu-action@v2 @@ -57,7 +61,7 @@ jobs: context: ./ file: ./Dockerfile push: true - tags: ${{ secrets.DOCKER_HUB_USERNAME }}/clairvoyance:latest + tags: ${{ secrets.DOCKERHUB_USERNAME }}/clairvoyance:latest platforms: linux/amd64,linux/arm64 - name: Image digest diff --git a/README.md b/README.md index bfa15f3..b8664b2 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Clairvoyance -Obtain GraphQL API Schema even if the introspection is disabled. +Obtain GraphQL API schema even if the introspection is disabled. [![PyPI](https://img.shields.io/pypi/v/clairvoyance)](https://pypi.org/project/clairvoyance/) [![PyPI - Python Version](https://img.shields.io/pypi/pyversions/clairvoyance)](https://pypi.org/project/clairvoyance/) @@ -11,14 +11,14 @@ Obtain GraphQL API Schema even if the introspection is disabled. Some GraphQL APIs have disabled introspection. For example, [Apollo Server disables introspection automatically if the `NODE_ENV` environment variable is set to `production`](https://www.apollographql.com/docs/tutorial/schema/#explore-your-schema). -Clairvoyance allows us to get GraphQL API schema when introspection is disabled. It produces schema in JSON format suitable for other tools like [GraphQL Voyager](https://github.com/APIs-guru/graphql-voyager), [InQL](https://github.com/doyensec/inql) or [graphql-path-enum](https://gitlab.com/dee-see/graphql-path-enum). +Clairvoyance helps to obtain GraphQL API schema even if the introspection is disabled. It produces schema in JSON format suitable for other tools like [GraphQL Voyager](https://github.com/APIs-guru/graphql-voyager), [InQL](https://github.com/doyensec/inql) or [graphql-path-enum](https://gitlab.com/dee-see/graphql-path-enum). ## Contributors -Thanks to the [contributors](#contributors) for their work. +Thanks to the contributors for their work. - [nikitastupin](https://github.com/nikitastupin) -- [Escape](https://escape.tech) team : +- [Escape](https://escape.tech) team - [iCarossio](https://github.com/iCarossio) - [Swan](https://github.com/c3b5aw) - [QuentinN42](https://github.com/QuentinN42) @@ -28,15 +28,17 @@ Thanks to the [contributors](#contributors) for their work. - [noraj](https://github.com/noraj) - [belane](https://github.com/belane) -## Getting started +## Getting Started + +### pip ```bash pip install clairvoyance clairvoyance https://rickandmortyapi.com/graphql -o schema.json -# should take about 2 minute +# should take about 2 minutes ``` -## Docker Image +### docker ```bash docker run --rm nikitastupin/clairvoyance --help @@ -51,7 +53,7 @@ There are at least two approaches: - Use general English words (e.g. [google-10000-english](https://github.com/first20hours/google-10000-english)). - Create target specific wordlist by extracting all valid GraphQL names from application HTTP traffic, from mobile application static files, etc. Regex for GraphQL name is [`[_A-Za-z][_0-9A-Za-z]*`](http://spec.graphql.org/June2018/#sec-Names). -### Environment Variables +### Environment variables ```bash LOG_FMT=`%(asctime)s \t%(levelname)s\t| %(message)s` # A string format for logging. @@ -71,4 +73,4 @@ Pull requests are welcome! For major changes, please open an issue first to disc ## Documentation -- You may find more details on how the tool works in the second half of the [GraphQL APIs from bug hunter's perspective by Nikita Stupin](https://youtu.be/nPB8o0cSnvM) talk. +You may find more details on how the tool works in the second half of the [GraphQL APIs from bug hunter's perspective by Nikita Stupin](https://youtu.be/nPB8o0cSnvM) talk. diff --git a/clairvoyance/cli.py b/clairvoyance/cli.py index da424dd..6e66201 100644 --- a/clairvoyance/cli.py +++ b/clairvoyance/cli.py @@ -134,7 +134,7 @@ def cli(argv: Optional[List[str]] = None) -> None: if args.validate: wordlist_parsed = [w for w in wordlist if re.match(r'[_A-Za-z][_0-9A-Za-z]*', w)] logging.info( - f'Removed {len(wordlist) - len(wordlist_parsed)} items from Wordlist, to conform to name regex. ' + f'Removed {len(wordlist) - len(wordlist_parsed)} items from wordlist, to conform to name regex. ' f'https://spec.graphql.org/June2018/#sec-Names' ) wordlist = wordlist_parsed diff --git a/tests/system.py b/tests/system.py index 7935cfb..65f1b93 100644 --- a/tests/system.py +++ b/tests/system.py @@ -57,7 +57,7 @@ def get_type(self, name: str) -> Optional[Dict[str, Any]]: return None def test_validate_wordlist(self): - self.assertIn(b'Removed 1 items from Wordlist', self.clairvoyance.stderr) + self.assertIn(b'Removed 1 items from wordlist', self.clairvoyance.stderr) def test_found_root_type_names(self) -> None: self.assertEqual(self.schema['queryType'], {'name': 'Query'})