Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practising GraphQL Security.

License: MIT License

Dockerfile 0.23% Python 14.96% CSS 17.04% JavaScript 52.81% HTML 14.96%

vulnerability graphql security penetration-testing damn-vulnerable damn-vulnerable-web-application graphql-security exploitation

damn-vulnerable-graphql-application's Introduction

Hi there 👋

🔒 I'm a Security Engineer who loves learning new technologies.
☁️ Ask me about Continuous Security, AWS, Python, Application Security, GraphQL Security, Authorization at Scale and Open Source Vulnerability Research
📖 Interested in GraphQL? Give my book Black Hat GraphQL a read
📖 Interested in Hacking with Bash scripting? Give my recent book Black Hat Bash a read

damn-vulnerable-graphql-application's People

Contributors

Stargazers

Watchers

Forkers

araiaan connormckinnon93 007divyachawla vishnurajkv shahid1996 rajesh6927 hoolicorp adeyosemanputra slooppe ahmedelkordy409 bbhunter uchihasr issabayevmk th3cyb3rc0p dpupas idkwim silentsoul04 aasicq dilansri lyrl rodrigoieh srinathredbery kultism mohsinkhansec amfolgar attacker-codeninja nathanawmk wfellis sashka3076 hav-0c farid007 pmscheffler skynet1986 c0axial nobox910 qemm 0xbharath ricekot jameskolleh cryptoknife ktzgraph ndbrain fabiopw atasky jessepinkman9900 elamaran619 1n1t6sh3ll glyynr cai-xd security-kma athul1337 divyanshukothari trevorkinsie imbuggieee wayc0des-land rajat-kanti-dutta svetek shreni123 mks-01 thanhtuan1695 menard-codes doyensec ch264 pankajkumarkbn plasmak d3lt4-024 p3t3rp4rk3r polling-repo-continua magnologan djsousuo gwill-b apeezy9102 j050100 danzee1 iamkashz t1ng saadi1995 metubeapp sumodgeorge ctfplayground infosecdemon phvietan kingbeom minkione darkoneiroi yas11r nicholasaleks arispoz aldavidov beth-linker joeapiiro kariih designerscoders anaplantestenv adamthecreator excloudx6 alaa205030 sajibekanti istvanbenedek elcaveman

damn-vulnerable-graphql-application's Issues

Information Disclosure :: Stack Trace Errors

Stack trace doesn't seem to be enabled or properly implemented. I checked graphene documentation but tbh I did not understand how to get a proper stack trace. Is there a way to enable a proper stack trace that would also be picked up by graphql-cop?

At the moment:

Navigate to /graphiql

Query using invalid syntax and observe the response.

query {
pastes {
conteeeent
}
}

HTTP/1.1 400 BAD REQUEST
Content-Type: application/json
Content-Length: 147
Date: Thu, 01 Sep 2022 11:10:27 GMT

{"errors":[{"message":"Cannot query field "conteeeent" on type "PasteObject". Did you mean "content"?","locations":[{"line":3,"column":9}]}]}

Damm-valun

400 errors in response when queryng

what's wrong with it？Other queries are also such problems...

/solutions#misc-weakpass

GraphQL Query Weak Password Protection solution is not displayed

[Feature request] python 3.10 supports

I have seen:

#34
the readme saying Note: Python 3.10 is not supported yet!
the Dockerfile using python 3.7

Would be nice to have python 3.10 support for server install.

Minor error and question

In the Deep Recursion Query Attack solution, I think that "Title" is a typo: it triggers an error.

Apart from that, I have been trying to understand how one can come up to build such a circular query, and why a structure like owner -> paste -> owner -> paste -> owner.... does not work - and we need to add edges and node.
I've retrieved the Introspection schema with InQL and I've also fed it to GraphQL voyager, but still I'm not sure how I could figure out the correct structure of the circular query myself.
I clearly miss some Graphql concept here, I've tried to read about connections edges and nodes but I can't put everything together.
A few words of explanation or a reference to something to read would be really welcome.
T.I.A.

GraphQL belongs to the GraphQL Foundation, not Facebook

Neat project! I noticed the description says "Facebook's GraphQL technology", but GraphQL was transferred to the GraphQL Foundation in 2019 to be a vendor neutral home for the technology and has evolved significantly since then, so I thought you might like to correct the inaccuracy? Either way, thanks for the work on this project! 🙌

Error in the Solutions page

On the Solutions page, the Information Disclosure :: GraphQL Interface section mentions you can use the Nmap NSE script to enumerate GraphiQL endpoints. The script exits once it finds one endpoint that allows Introspection, so it will not enumerate all endpoints.

update prerequisites

Can you update the prerequisites section to show Python 3.6+ is needed?

I've spent an hour trying to figure out why I couldn't get the app to start until someone pointed out to me that f-string support is only available from 3.6 and I was using a system with 3.5 installed.

Add tests

.

Leap Graph hyperlink in GraphQL Resources -> Articles leads to Gambling Site

As stated in the title, the following link in GraphQL Resources -> Articles, https://leapgraph.com/graphql-api-security, now leads to a gambling site.

Missing `init.py` files in `core` and `db` folder

Hello!

I noticed that __init__.py files do not exist in core and db folders. Though, core is used as a python package.
Indeed, this is valid Python, and it will work with a Python interpreter in a version greater than 3.3.

However, I think adding these files would be a better practice to indicate that core and db are Python packages.
First, packages without __init__.py files or namespace package are usually used to organize multiple packages, which is not the intention here.
Also, __init__.py files are present in similar projects like for example in skflabs

Would it be possible to add __init__.py in the core and db folders so they will be standard python packages? If you agree, I'll create a PR for this.
Thanks!

Definition file?

Hi.
Is there an API definition file somewhere we can use so that the likes of Zaproxy can know what APIs are available?
Thanks.

Postman collection to test Solutions

I love the practice and learning I could get from the Damn Vulnerable GraphQL Application. In addition to the Solutions provided and the instructions on the home page, do you think you'd like to support it with a Postman collection?
This one was convenient for me as I worked alongside the application, the Attack to Learn collection in this public workspace can be forked and since this is on a public workspace, it's also open to contributions since the collections are version controlled.

Let me know what you think of this one.

Supporting Postman Collection - Attack to Learn

DVGA gets VERY slow when scanned by ZAP

A ZAP active scan causes DVGA to run very slowly - I'm currently getting response times of around 2 mins when accessing the top page via curl on the command line.
I know ZAP can put applications under a lot of strain but most do not react this badly 😁
Tested with OWASP ZAP 2.12.0. Update to get the latest graphql add-on, then import the DVGA graphql definition and start and active scan.

Create Authentication & Authorization layer

Add authentication and authorization layer

New roles: Ideally 2, normal user and administrator

This will give us more options to introduce Authorization layer vulnerabilities.

Minor incongruences

When you create a paste:

no matter if you specify public or private, it always goes to the private pastes
no matter if you specify "burn" true or false, it always returns "false" (although I'm not sure what difference there should be)
the title you specify is ignored
Audit log is mostly empty

Authorization Bypass :: GraphQL JWT Token Forge

Not sure how this works / how I am supposed to forge a token
I can see how I can get a token via the login mutation, but I can't understand what "forge it for the 'me' query operation" means in this context

Version 1.3.1 isn't available from Docker Hub

Hello,

The Docker Hub image hasn't been updated in 6 months. Is it possible to push the newest version to Docker Hub?

Thank you for making such a great tool!

"paste" and "pastes" as defined in the schema should probably be named getPaste and getPastes for consistency

As the application issues the query with getPastes as Operation Name:

solutions#misc-weakpass missing

credentials can be retrieved by looking at the code but the solution section is missing. Probably some change from a previous version :)

Building on M1 Mac running arm64 Linux in VM

I run Kali in a VM on an M1 Mac. Unfortunately, the default configuration for DVGA fails to build due to issues with gevent on arm64. However, it can be done successfully by updating the Dockerfile (I also updated it to use Python 3.9 instead of 3.7 or 3.10, since 3.10 is not yet supported - although it will build with Python 3.7).

The two lines changed are the first, specifying the Python version, and the RUN apk add line, which specifies the dependencies. Detailed explanation below of these changes.

FROM python:3.9-alpine

LABEL description="Damn Vulnerable GraphQL Application"
LABEL github="https://github.com/dolevf/Damn-Vulnerable-GraphQL-Application"
LABEL maintainers="Dolev Farhi & Connor McKinnon & Nick Aleks"

ARG TARGET_FOLDER=/opt/dvga
WORKDIR $TARGET_FOLDER/

RUN apk add --virtual build-deps file make curl gcc musl-dev libffi-dev g++

RUN adduser -D dvga
RUN chown dvga. $TARGET_FOLDER/
USER dvga

RUN python -m venv venv
RUN source venv/bin/activate
RUN pip3 install --upgrade pip --no-warn-script-location --disable-pip-version-check

ADD --chown=dvga:dvga core /opt/dvga/core
ADD --chown=dvga:dvga db /opt/dvga/db
ADD --chown=dvga:dvga static /opt/dvga/static
ADD --chown=dvga:dvga templates /opt/dvga/templates

COPY --chown=dvga:dvga app.py /opt/dvga
COPY --chown=dvga:dvga config.py /opt/dvga
COPY --chown=dvga:dvga setup.py /opt/dvga/
COPY --chown=dvga:dvga version.py /opt/dvga/
COPY --chown=dvga:dvga requirements.txt /opt/dvga/

RUN pip3 install -r requirements.txt --user --no-warn-script-location
RUN python setup.py

EXPOSE 5013/tcp
CMD ["python", "app.py"]

The reason this is necessary is that although gevent recently began to support arm64 binary wheels, they are only supported on manylinux2014-compatible systems - which Alpine is not. (Per: https://www.gevent.org/install.html) As specified in the gevent install docs, when a binary wheel is not available, pip will fall back on building from source. However this is where the problem is.

The default package list does not provide all the dependencies to build gevent, presumably because it depends on the binary wheel. Which is not available for arm64.

The gevent install from source docs https://www.gevent.org/development/installing_from_source.html include the dependencies, specifically referencing building on Alpine. Using the apk add line for Alpine from there, it builds successfully.

Failing to build docker image

Initial lines :

Building wheels for collected packages: cffi, greenlet
#9 7.309         Building wheel for cffi (setup.py): started
#9 7.309         Building wheel for cffi (setup.py): finished with status 'error'
#9 7.309         error: subprocess-exited-with-error
#9 7.309
#9 7.309         × python setup.py bdist_wheel did not run successfully.
#9 7.309         │ exit code: 1
#9 7.309         ╰─> [48 lines of output]
#9 7.309             unable to execute 'gcc': No such file or directory
#9 7.309             unable to execute 'gcc': No such file or directory

Here's the full log :

➜  Damn-Vulnerable-GraphQL-Application git:(master) docker build -t dvga .
[+] Building 8.7s (9/18)
 => [internal] load build definition from Dockerfile                                                                                                                                                                                                                     0.0s
 => => transferring dockerfile: 37B                                                                                                                                                                                                                                      0.0s
 => [internal] load .dockerignore                                                                                                                                                                                                                                        0.0s
 => => transferring context: 2B                                                                                                                                                                                                                                          0.0s
 => [internal] load metadata for docker.io/library/python:3.7-alpine                                                                                                                                                                                                     1.2s
 => [internal] load build context                                                                                                                                                                                                                                        0.0s
 => => transferring context: 5.93kB                                                                                                                                                                                                                                      0.0s
 => [ 1/14] FROM docker.io/library/python:3.7-alpine@sha256:3ae3ec49391c911264d53f7588a20a6bd267a9b5511cae9b20b35b9746684dec                                                                                                                                             0.0s
 => CACHED [ 2/14] WORKDIR /opt/dvga/                                                                                                                                                                                                                                    0.0s
 => CACHED [ 3/14] RUN apk add --update curl                                                                                                                                                                                                                             0.0s
 => CACHED [ 4/14] COPY requirements.txt /opt/dvga/                                                                                                                                                                                                                      0.0s
 => ERROR [ 5/14] RUN pip install -r requirements.txt                                                                                                                                                                                                                    7.4s
------
 > [ 5/14] RUN pip install -r requirements.txt:
#9 1.032 Collecting aniso8601==7.0.0
#9 1.098   Downloading aniso8601-7.0.0-py2.py3-none-any.whl (42 kB)
#9 1.114      ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 42.0/42.0 KB 2.3 MB/s eta 0:00:00
#9 1.144 Collecting certifi==2020.12.5
#9 1.161   Downloading certifi-2020.12.5-py2.py3-none-any.whl (147 kB)
#9 1.232      ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 147.5/147.5 KB 2.0 MB/s eta 0:00:00
#9 1.250 Collecting chardet==4.0.0
#9 1.264   Downloading chardet-4.0.0-py2.py3-none-any.whl (178 kB)
#9 1.302      ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 178.7/178.7 KB 5.3 MB/s eta 0:00:00
#9 1.328 Collecting click==7.1.2
#9 1.341   Downloading click-7.1.2-py2.py3-none-any.whl (82 kB)
#9 1.359      ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 82.8/82.8 KB 4.4 MB/s eta 0:00:00
#9 1.383 Collecting Flask==1.1.2
#9 1.405   Downloading Flask-1.1.2-py2.py3-none-any.whl (94 kB)
#9 1.419      ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 94.6/94.6 KB 6.6 MB/s eta 0:00:00
#9 1.441 Collecting Flask-Cors==3.0.10
#9 1.454   Downloading Flask_Cors-3.0.10-py2.py3-none-any.whl (14 kB)
#9 1.478 Collecting Flask-GraphQL==2.0.1
#9 1.494   Downloading Flask-GraphQL-2.0.1.tar.gz (6.1 kB)
#9 1.498   Preparing metadata (setup.py): started
#9 1.676   Preparing metadata (setup.py): finished with status 'done'
#9 1.695 Collecting Flask-GraphQL-Auth==1.3.2
#9 1.708   Downloading Flask-GraphQL-Auth-1.3.2.tar.gz (6.2 kB)
#9 1.713   Preparing metadata (setup.py): started
#9 1.809   Preparing metadata (setup.py): finished with status 'done'
#9 1.828 Collecting Flask-Sockets==0.2.1
#9 1.841   Downloading Flask_Sockets-0.2.1-py2.py3-none-any.whl (3.8 kB)
#9 1.867 Collecting Flask-SQLAlchemy==2.4.4
#9 1.880   Downloading Flask_SQLAlchemy-2.4.4-py2.py3-none-any.whl (17 kB)
#9 1.996 Collecting gevent==21.12.0
#9 2.014   Downloading gevent-21.12.0.tar.gz (6.2 MB)
#9 3.155      ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 6.2/6.2 MB 5.5 MB/s eta 0:00:00
#9 3.703   Installing build dependencies: started
#9 7.294   Installing build dependencies: finished with status 'error'
#9 7.309   error: subprocess-exited-with-error
#9 7.309
#9 7.309   × pip subprocess to install build dependencies did not run successfully.
#9 7.309   │ exit code: 1
#9 7.309   ╰─> [267 lines of output]
#9 7.309       Collecting setuptools>=40.8.0
#9 7.309         Downloading setuptools-62.0.0-py3-none-any.whl (1.1 MB)
#9 7.309            ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 1.1/1.1 MB 5.3 MB/s eta 0:00:00
#9 7.309       Collecting wheel
#9 7.309         Downloading wheel-0.37.1-py2.py3-none-any.whl (35 kB)
#9 7.309       Collecting Cython>=3.0a9
#9 7.309         Downloading Cython-3.0.0a10-py2.py3-none-any.whl (1.1 MB)
#9 7.309            ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 1.1/1.1 MB 7.6 MB/s eta 0:00:00
#9 7.309       Collecting cffi>=1.12.3
#9 7.309         Downloading cffi-1.15.0.tar.gz (484 kB)
#9 7.309            ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 484.1/484.1 KB 6.6 MB/s eta 0:00:00
#9 7.309         Preparing metadata (setup.py): started
#9 7.309         Preparing metadata (setup.py): finished with status 'done'
#9 7.309       Collecting greenlet<2.0,>=0.4.17
#9 7.309         Downloading greenlet-1.1.2.tar.gz (91 kB)
#9 7.309            ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 91.2/91.2 KB 7.6 MB/s eta 0:00:00
#9 7.309         Preparing metadata (setup.py): started
#9 7.309         Preparing metadata (setup.py): finished with status 'done'
#9 7.309       Collecting pycparser
#9 7.309         Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB)
#9 7.309            ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 13.6 MB/s eta 0:00:00
#9 7.309       Building wheels for collected packages: cffi, greenlet
#9 7.309         Building wheel for cffi (setup.py): started
#9 7.309         Building wheel for cffi (setup.py): finished with status 'error'
#9 7.309         error: subprocess-exited-with-error
#9 7.309
#9 7.309         × python setup.py bdist_wheel did not run successfully.
#9 7.309         │ exit code: 1
#9 7.309         ╰─> [48 lines of output]
#9 7.309             unable to execute 'gcc': No such file or directory
#9 7.309             unable to execute 'gcc': No such file or directory
#9 7.309
#9 7.309                 No working compiler found, or bogus compiler options passed to
#9 7.309                 the compiler from Python's standard "distutils" module.  See
#9 7.309                 the error messages above.  Likely, the problem is not related
#9 7.309                 to CFFI but generic to the setup.py of any Python package that
#9 7.309                 tries to compile C code.  (Hints: on OS/X 10.8, for errors about
#9 7.309                 -mno-fused-madd see http://stackoverflow.com/questions/22313407/
#9 7.309                 Otherwise, see https://wiki.python.org/moin/CompLangPython or
#9 7.309                 the IRC channel #python on irc.libera.chat.)
#9 7.309
#9 7.309                 Trying to continue anyway.  If you are trying to install CFFI from
#9 7.309                 a build done in a different context, you can ignore this warning.
#9 7.309
#9 7.309             running bdist_wheel
#9 7.309             running build
#9 7.309             running build_py
#9 7.309             creating build
#9 7.309             creating build/lib.linux-aarch64-3.7
#9 7.309             creating build/lib.linux-aarch64-3.7/cffi
#9 7.309             copying cffi/vengine_gen.py -> build/lib.linux-aarch64-3.7/cffi
#9 7.309             copying cffi/backend_ctypes.py -> build/lib.linux-aarch64-3.7/cffi
#9 7.309             copying cffi/api.py -> build/lib.linux-aarch64-3.7/cffi
#9 7.309             copying cffi/lock.py -> build/lib.linux-aarch64-3.7/cffi
#9 7.309             copying cffi/ffiplatform.py -> build/lib.linux-aarch64-3.7/cffi
#9 7.309             copying cffi/__init__.py -> build/lib.linux-aarch64-3.7/cffi
#9 7.309             copying cffi/pkgconfig.py -> build/lib.linux-aarch64-3.7/cffi
#9 7.309             copying cffi/cparser.py -> build/lib.linux-aarch64-3.7/cffi
#9 7.309             copying cffi/cffi_opcode.py -> build/lib.linux-aarch64-3.7/cffi
#9 7.309             copying cffi/error.py -> build/lib.linux-aarch64-3.7/cffi
#9 7.309             copying cffi/setuptools_ext.py -> build/lib.linux-aarch64-3.7/cffi
#9 7.309             copying cffi/vengine_cpy.py -> build/lib.linux-aarch64-3.7/cffi
#9 7.309             copying cffi/verifier.py -> build/lib.linux-aarch64-3.7/cffi
#9 7.309             copying cffi/model.py -> build/lib.linux-aarch64-3.7/cffi
#9 7.309             copying cffi/commontypes.py -> build/lib.linux-aarch64-3.7/cffi
#9 7.309             copying cffi/recompiler.py -> build/lib.linux-aarch64-3.7/cffi
#9 7.309             copying cffi/_cffi_include.h -> build/lib.linux-aarch64-3.7/cffi
#9 7.309             copying cffi/parse_c_type.h -> build/lib.linux-aarch64-3.7/cffi
#9 7.309             copying cffi/_embedding.h -> build/lib.linux-aarch64-3.7/cffi
#9 7.309             copying cffi/_cffi_errors.h -> build/lib.linux-aarch64-3.7/cffi
#9 7.309             running build_ext
#9 7.309             building '_cffi_backend' extension
#9 7.309             creating build/temp.linux-aarch64-3.7
#9 7.309             creating build/temp.linux-aarch64-3.7/c
#9 7.309             gcc -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -DTHREAD_STACK_SIZE=0x100000 -fPIC -I/usr/include/ffi -I/usr/include/libffi -I/usr/local/include/python3.7m -c c/_cffi_backend.c -o build/temp.linux-aarch64-3.7/c/_cffi_backend.o
#9 7.309             unable to execute 'gcc': No such file or directory
#9 7.309             error: command 'gcc' failed with exit status 1
#9 7.309             [end of output]
#9 7.309
#9 7.309         note: This error originates from a subprocess, and is likely not a problem with pip.
#9 7.309         ERROR: Failed building wheel for cffi
#9 7.309         Running setup.py clean for cffi
#9 7.309         Building wheel for greenlet (setup.py): started
#9 7.309         Building wheel for greenlet (setup.py): finished with status 'error'
#9 7.309         error: subprocess-exited-with-error
#9 7.309
#9 7.309         × python setup.py bdist_wheel did not run successfully.
#9 7.309         │ exit code: 1
#9 7.309         ╰─> [77 lines of output]
#9 7.309             running bdist_wheel
#9 7.309             running build
#9 7.309             running build_py
#9 7.309             creating build
#9 7.309             creating build/lib.linux-aarch64-3.7
#9 7.309             creating build/lib.linux-aarch64-3.7/greenlet
#9 7.309             copying src/greenlet/__init__.py -> build/lib.linux-aarch64-3.7/greenlet
#9 7.309             creating build/lib.linux-aarch64-3.7/greenlet/tests
#9 7.309             copying src/greenlet/tests/test_tracing.py -> build/lib.linux-aarch64-3.7/greenlet/tests
#9 7.309             copying src/greenlet/tests/test_leaks.py -> build/lib.linux-aarch64-3.7/greenlet/tests
#9 7.309             copying src/greenlet/tests/test_stack_saved.py -> build/lib.linux-aarch64-3.7/greenlet/tests
#9 7.309             copying src/greenlet/tests/test_cpp.py -> build/lib.linux-aarch64-3.7/greenlet/tests
#9 7.309             copying src/greenlet/tests/test_generator_nested.py -> build/lib.linux-aarch64-3.7/greenlet/tests
#9 7.309             copying src/greenlet/tests/test_version.py -> build/lib.linux-aarch64-3.7/greenlet/tests
#9 7.309             copying src/greenlet/tests/test_generator.py -> build/lib.linux-aarch64-3.7/greenlet/tests
#9 7.309             copying src/greenlet/tests/test_throw.py -> build/lib.linux-aarch64-3.7/greenlet/tests
#9 7.309             copying src/greenlet/tests/__init__.py -> build/lib.linux-aarch64-3.7/greenlet/tests
#9 7.309             copying src/greenlet/tests/test_contextvars.py -> build/lib.linux-aarch64-3.7/greenlet/tests
#9 7.309             copying src/greenlet/tests/test_weakref.py -> build/lib.linux-aarch64-3.7/greenlet/tests
#9 7.309             copying src/greenlet/tests/test_greenlet.py -> build/lib.linux-aarch64-3.7/greenlet/tests
#9 7.309             copying src/greenlet/tests/test_gc.py -> build/lib.linux-aarch64-3.7/greenlet/tests
#9 7.309             copying src/greenlet/tests/test_extension_interface.py -> build/lib.linux-aarch64-3.7/greenlet/tests
#9 7.309             running egg_info
#9 7.309             writing src/greenlet.egg-info/PKG-INFO
#9 7.309             writing dependency_links to src/greenlet.egg-info/dependency_links.txt
#9 7.309             writing requirements to src/greenlet.egg-info/requires.txt
#9 7.309             writing top-level names to src/greenlet.egg-info/top_level.txt
#9 7.309             reading manifest file 'src/greenlet.egg-info/SOURCES.txt'
#9 7.309             reading manifest template 'MANIFEST.in'
#9 7.309             no previously-included directories found matching 'docs/_build'
#9 7.309             warning: no files found matching '*.py' under directory 'appveyor'
#9 7.309             warning: no previously-included files matching '*.pyc' found anywhere in distribution
#9 7.309             warning: no previously-included files matching '*.pyd' found anywhere in distribution
#9 7.309             warning: no previously-included files matching '*.so' found anywhere in distribution
#9 7.309             warning: no previously-included files matching '.coverage' found anywhere in distribution
#9 7.309             adding license file 'LICENSE'
#9 7.309             adding license file 'LICENSE.PSF'
#9 7.309             adding license file 'AUTHORS'
#9 7.309             writing manifest file 'src/greenlet.egg-info/SOURCES.txt'
#9 7.309             copying src/greenlet/greenlet.c -> build/lib.linux-aarch64-3.7/greenlet
#9 7.309             copying src/greenlet/greenlet.h -> build/lib.linux-aarch64-3.7/greenlet
#9 7.309             copying src/greenlet/slp_platformselect.h -> build/lib.linux-aarch64-3.7/greenlet
#9 7.309             creating build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/setup_switch_x64_masm.cmd -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_aarch64_gcc.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_alpha_unix.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_amd64_unix.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_arm32_gcc.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_arm32_ios.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_csky_gcc.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_m68k_gcc.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_mips_unix.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_ppc64_aix.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_ppc64_linux.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_ppc_aix.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_ppc_linux.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_ppc_macosx.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_ppc_unix.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_riscv_unix.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_s390_unix.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_sparc_sun_gcc.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_x32_unix.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_x64_masm.asm -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_x64_masm.obj -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_x64_msvc.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_x86_msvc.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_x86_unix.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/tests/_test_extension.c -> build/lib.linux-aarch64-3.7/greenlet/tests
#9 7.309             copying src/greenlet/tests/_test_extension_cpp.cpp -> build/lib.linux-aarch64-3.7/greenlet/tests
#9 7.309             running build_ext
#9 7.309             building 'greenlet._greenlet' extension
#9 7.309             creating build/temp.linux-aarch64-3.7
#9 7.309             creating build/temp.linux-aarch64-3.7/src
#9 7.309             creating build/temp.linux-aarch64-3.7/src/greenlet
#9 7.309             gcc -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -DTHREAD_STACK_SIZE=0x100000 -fPIC -I/usr/local/include/python3.7m -c src/greenlet/greenlet.c -o build/temp.linux-aarch64-3.7/src/greenlet/greenlet.o
#9 7.309             unable to execute 'gcc': No such file or directory
#9 7.309             error: command 'gcc' failed with exit status 1
#9 7.309             [end of output]
#9 7.309
#9 7.309         note: This error originates from a subprocess, and is likely not a problem with pip.
#9 7.309         ERROR: Failed building wheel for greenlet
#9 7.309         Running setup.py clean for greenlet
#9 7.309       Failed to build cffi greenlet
#9 7.309       Installing collected packages: wheel, setuptools, pycparser, greenlet, Cython, cffi
#9 7.309         Running setup.py install for greenlet: started
#9 7.309         Running setup.py install for greenlet: finished with status 'error'
#9 7.309         error: subprocess-exited-with-error
#9 7.309
#9 7.309         × Running setup.py install for greenlet did not run successfully.
#9 7.309         │ exit code: 1
#9 7.309         ╰─> [77 lines of output]
#9 7.309             running install
#9 7.309             running build
#9 7.309             running build_py
#9 7.309             creating build
#9 7.309             creating build/lib.linux-aarch64-3.7
#9 7.309             creating build/lib.linux-aarch64-3.7/greenlet
#9 7.309             copying src/greenlet/__init__.py -> build/lib.linux-aarch64-3.7/greenlet
#9 7.309             creating build/lib.linux-aarch64-3.7/greenlet/tests
#9 7.309             copying src/greenlet/tests/test_tracing.py -> build/lib.linux-aarch64-3.7/greenlet/tests
#9 7.309             copying src/greenlet/tests/test_leaks.py -> build/lib.linux-aarch64-3.7/greenlet/tests
#9 7.309             copying src/greenlet/tests/test_stack_saved.py -> build/lib.linux-aarch64-3.7/greenlet/tests
#9 7.309             copying src/greenlet/tests/test_cpp.py -> build/lib.linux-aarch64-3.7/greenlet/tests
#9 7.309             copying src/greenlet/tests/test_generator_nested.py -> build/lib.linux-aarch64-3.7/greenlet/tests
#9 7.309             copying src/greenlet/tests/test_version.py -> build/lib.linux-aarch64-3.7/greenlet/tests
#9 7.309             copying src/greenlet/tests/test_generator.py -> build/lib.linux-aarch64-3.7/greenlet/tests
#9 7.309             copying src/greenlet/tests/test_throw.py -> build/lib.linux-aarch64-3.7/greenlet/tests
#9 7.309             copying src/greenlet/tests/__init__.py -> build/lib.linux-aarch64-3.7/greenlet/tests
#9 7.309             copying src/greenlet/tests/test_contextvars.py -> build/lib.linux-aarch64-3.7/greenlet/tests
#9 7.309             copying src/greenlet/tests/test_weakref.py -> build/lib.linux-aarch64-3.7/greenlet/tests
#9 7.309             copying src/greenlet/tests/test_greenlet.py -> build/lib.linux-aarch64-3.7/greenlet/tests
#9 7.309             copying src/greenlet/tests/test_gc.py -> build/lib.linux-aarch64-3.7/greenlet/tests
#9 7.309             copying src/greenlet/tests/test_extension_interface.py -> build/lib.linux-aarch64-3.7/greenlet/tests
#9 7.309             running egg_info
#9 7.309             writing src/greenlet.egg-info/PKG-INFO
#9 7.309             writing dependency_links to src/greenlet.egg-info/dependency_links.txt
#9 7.309             writing requirements to src/greenlet.egg-info/requires.txt
#9 7.309             writing top-level names to src/greenlet.egg-info/top_level.txt
#9 7.309             reading manifest file 'src/greenlet.egg-info/SOURCES.txt'
#9 7.309             reading manifest template 'MANIFEST.in'
#9 7.309             no previously-included directories found matching 'docs/_build'
#9 7.309             warning: no files found matching '*.py' under directory 'appveyor'
#9 7.309             warning: no previously-included files matching '*.pyc' found anywhere in distribution
#9 7.309             warning: no previously-included files matching '*.pyd' found anywhere in distribution
#9 7.309             warning: no previously-included files matching '*.so' found anywhere in distribution
#9 7.309             warning: no previously-included files matching '.coverage' found anywhere in distribution
#9 7.309             adding license file 'LICENSE'
#9 7.309             adding license file 'LICENSE.PSF'
#9 7.309             adding license file 'AUTHORS'
#9 7.309             writing manifest file 'src/greenlet.egg-info/SOURCES.txt'
#9 7.309             copying src/greenlet/greenlet.c -> build/lib.linux-aarch64-3.7/greenlet
#9 7.309             copying src/greenlet/greenlet.h -> build/lib.linux-aarch64-3.7/greenlet
#9 7.309             copying src/greenlet/slp_platformselect.h -> build/lib.linux-aarch64-3.7/greenlet
#9 7.309             creating build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/setup_switch_x64_masm.cmd -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_aarch64_gcc.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_alpha_unix.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_amd64_unix.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_arm32_gcc.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_arm32_ios.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_csky_gcc.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_m68k_gcc.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_mips_unix.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_ppc64_aix.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_ppc64_linux.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_ppc_aix.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_ppc_linux.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_ppc_macosx.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_ppc_unix.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_riscv_unix.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_s390_unix.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_sparc_sun_gcc.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_x32_unix.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_x64_masm.asm -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_x64_masm.obj -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_x64_msvc.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_x86_msvc.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/platform/switch_x86_unix.h -> build/lib.linux-aarch64-3.7/greenlet/platform
#9 7.309             copying src/greenlet/tests/_test_extension.c -> build/lib.linux-aarch64-3.7/greenlet/tests
#9 7.309             copying src/greenlet/tests/_test_extension_cpp.cpp -> build/lib.linux-aarch64-3.7/greenlet/tests
#9 7.309             running build_ext
#9 7.309             building 'greenlet._greenlet' extension
#9 7.309             creating build/temp.linux-aarch64-3.7
#9 7.309             creating build/temp.linux-aarch64-3.7/src
#9 7.309             creating build/temp.linux-aarch64-3.7/src/greenlet
#9 7.309             gcc -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -DTHREAD_STACK_SIZE=0x100000 -fPIC -I/usr/local/include/python3.7m -c src/greenlet/greenlet.c -o build/temp.linux-aarch64-3.7/src/greenlet/greenlet.o
#9 7.309             unable to execute 'gcc': No such file or directory
#9 7.309             error: command 'gcc' failed with exit status 1
#9 7.309             [end of output]
#9 7.309
#9 7.309         note: This error originates from a subprocess, and is likely not a problem with pip.
#9 7.309       error: legacy-install-failure
#9 7.309
#9 7.309       × Encountered error while trying to install package.
#9 7.309       ╰─> greenlet
#9 7.309
#9 7.309       note: This is an issue with the package mentioned above, not pip.
#9 7.309       hint: See above for output from the failure.
#9 7.309       [end of output]
#9 7.309
#9 7.309   note: This error originates from a subprocess, and is likely not a problem with pip.
#9 7.312 error: subprocess-exited-with-error
#9 7.312
#9 7.312 × pip subprocess to install build dependencies did not run successfully.
#9 7.312 │ exit code: 1
#9 7.312 ╰─> See above for output.
#9 7.312
#9 7.312 note: This error originates from a subprocess, and is likely not a problem with pip.
------
executor failed running [/bin/sh -c pip install -r requirements.txt]: exit code: 1

Aap

Error when downloading or building the docker image

When building the image:

Damn-Vulnerable-GraphQL-Application# docker build -t dvga .

---> Running in ab8d18a1f4c3
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/community/x86_64/APKINDEX.tar.gz
ERROR: https://dl-cdn.alpinelinux.org/alpine/v3.13/main: temporary error (try again later)
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.13/main: No such file or directory
ERROR: https://dl-cdn.alpinelinux.org/alpine/v3.13/community: temporary error (try again later)
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.13/community: No such file or directory
ERROR: unable to select packages:
curl (no such package):
required by: world[curl]
The command '/bin/sh -c apk add --update curl' returned a non-zero code: 1

When downloading the image:

Damn-Vulnerable-GraphQL-Application# docker run -t -p 5000:5000 -e WEB_HOST=0.0.0.0 dvga
Unable to find image 'dvga:latest' locally
docker: Error response from daemon: pull access denied for dvga, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.
See 'docker run --help'.

Can u guys add flags for capture?

Python version 3.10 breaks the application

Hello, the application attempts to import Mapping from collections and fails to run:

ImportError: cannot import name 'Mapping' from 'collections' (/usr/lib64/python3.10/collections/__init__.py)

This is due to a change in Python3.10:

Remove deprecated aliases to [Collections Abstract Base Classes](https://docs.python.org/3/library/collections.abc.html#collections-abstract-base-classes) from the [collections](https://docs.python.org/3/library/collections.html#module-collections) module. (Contributed by Victor Stinner in [bpo-37324](https://bugs.python.org/issue?@action=redirect&bpo=37324).)

The docker container works without any issues. Could we add this constraint about the Python version to the readme file?

Add solution to fragment

Punch a SQL Injection hole in DVGA

Create a SQL Injection scenario in DVGA

resolve_me requires post request

The resolve_me function in /master/core/views.py uses

info.context.json['identity'] = identity

and if the request does not contain a JSON object ie a GET request the thread will fail throwing a NoneType error.

Error when loading the image

Hi buddy !

I have a little problem when running the image. I search more about apk with curl related information but i am still stuck with this error. Any idea with the log's showed in the image?

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.

dolevf / damn-vulnerable-graphql-application Goto Github PK