⛏️ Write test to detect Rate limit bypass on GraphQL APIs

[Ankita28g]

💭 Introduction:
https://0xn3va.gitbook.io/cheat-sheets/web-application/graphql-vulnerabilities#bypass-of-rate-limits

📚 Reading
You can find a detailed documentation of test editor rules here
Find 100+ examples of YAML tests here

✅ Task summary:

• Ask to be assigned to the issue.
• Wait to be assigned. We will try to assign in less than 2 hours.
• Fork the tests-library repository, create a new branch and commit the yaml file which will be called in your test.
• Signup for Akto
• Check in the Attempt tab, if the payload changes, then task is done.
• Submit the PR here.

✌🏻 Hints:
You can build the yaml template by referring this link

🙋🏼‍♂️ Questions:
If you have questions, need any help, or just want to hang out, make sure to join us on our Discord server.

[rashmibharambe]

@Ankita28g - could you please assign this to me.
I can work on this.

[avneesh-akto]

I've assigned it to you, @rashmibharambe . Happy hacking! Feel free to join our Discord if you need assistance.

[rashmibharambe]

I've assigned it to you, @rashmibharambe . Happy hacking! Feel free to join our Discord if you need assistance.

@avneesh-akto - I have raised PR, also tested on tests editor before raising PR.
akto-api-security/tests-library#31

[shivam-rawat-akto]

@rashmibharambe Thanks for trying out Akto,
In your test, you have concatenated the request multiple times, which will not work in actual graphql request,
In one request you can send one "query" or "mutation",

such as "mutation { query1, query2, query3 .... } "

multiple mutations needs to be wrapped inside single mutation query,
thats why your test won't work.
you can check it yourself in graphql playground available online.