Burp Suite User Forum

Login to post

Getting error in DotNet GraphQL application trying to use Create Schedule Item

Glenn | Last updated: Jul 31, 2020 11:24AM UTC

I am create a DotNet version 3.1 console app that is having problems creating a Scheduled Item. When I run the request using Postman it works fine. This is what I use in Postman: mutation CreateScheduleItem($input: CreateScheduleItemInput!) { create_schedule_item(input: $input) { schedule_item { id } } } Variable: {"input":{"site_id":"12","schedule":{"initial_run_time":"2020-08-01T10:45:00- 04:00","rrule":"FREQ=MONTHLY;INTERVAL=1;BYDAY=5TH"},"scan_configuration_ids":["963bd8e7- f323-4fab-aae8-ce2a95a8f587"]}} When I send the same request in the console application, I get this error: "Field 'id' of variable 'input' has coerced Null value for NonNull type 'ID!'" This is what I am apssing to GraphQL: Query: "mutation UpdateScheduleItem($input: UpdateScheduleItemInput!) {update_schedule_item(input: $input) {schedule_item { id site {id name } schedule { initial_run_time rrule } scan_configurations { id } has_run_more_than_once}}}" Variables: { input = { site_id = "12" }, schedule = { rrule = "FREQ=MONTHLY;INTERVAL=1", initial_run_time = {8/1/2020 7:13:51 AM} } } I understand that I do not have the scan_configuration_ids in the one from DotNet, but the same one without it works fine in Postman. I just can't figure out how to add the scan_configuration to the anonymous Json, yet. That's another question. What am I doing wrong?

Uthman, PortSwigger Agent | Last updated: Jul 31, 2020 12:16PM UTC

It looks like your second mutation is incorrect. The input should look something like your first example: {site_id: "46", schedule: {rrule: "", initial_run_time: ""} Are you creating a custom GraphQL client? What are you trying to do?

Glenn | Last updated: Jul 31, 2020 06:33PM UTC

OK, I'll try the Json. Some of variable sections that work us the "=" sign, some do not. I'll let you know on Monday morning.

Glenn | Last updated: Aug 03, 2020 01:42PM UTC

I still get the same error. This is the function I am using to make the GraphQL cALL: private static async Task<dynamic> ScheduleRun(string siteid, string runwhen) { // This is what the variable should look when requesting a scheduled scan for site 12 on the 5th Thursday of the month at 10:45 AM // {"input": // { // "site_id":"12", // "schedule":{ // "initial_run_time":"2020-07-30T10:45:00-04:00","rrule":"FREQ=MONTHLY;INTERVAL=1;BYDAY=5TH" // }, // "scan_configuration_ids":["963bd8e7-f323-4fab-aae8-ce2a95a8f587"] // // } // } var graphQLClient = new GraphQL.Client.GraphQLClient(GraphQlServerUrl); graphQLClient.DefaultRequestHeaders.Add("Authorization", ApiKey); //ID id = new ScheduleRun(Int32.Parse(scanId)); SCEDInput sched = null; string runTime = ""; if (runwhen.ToLower() == "daily") { runTime = "FREQ=DAILY;INTERVAL=1"; } else if (runwhen.ToLower() == "weekly") { runTime = "FREQ=WEEKLY;INTERVAL=1"; } else if (runwhen.ToLower() == "monthly") { runTime = "FREQ=MONTHLY;INTERVAL=1"; } string MPRBasic = "963bd8e7-f323-4fab-aae8-ce2a95a8f587"; //var def2 = new { input = new { site_id = siteid }, schedule = new { rrule = runTime, initial_run_time = DateTime.Now.AddDays(1) }, scan_configuration_ids = new[] { "963bd8e7-f323-4fab-aae8-ce2a95a8f587" } }; //var def2 = new { input = new { site_id = siteid }, schedule = new { rrule = runTime, initial_run_time = DateTime.Now.AddDays(1) } }; sched = new SCEDInput(siteid,runTime,DateTime.UtcNow); //string noquotes = Newtonsoft.Json.JsonConvert.SerializeObject(sched); var requestdata = JsonConvert.SerializeObject(sched); GraphQLRequest scheduleRunRequest = new GraphQLRequest { Query = GraphQLStatements["ScheduleRun"], Variables = Newtonsoft.Json.JsonConvert.DeserializeObject<SCEDInput>(requestdata) }; var graphQLResponse = await graphQLClient.PostAsync(scheduleRunRequest); var scheduleRunResponce = graphQLResponse.Data; if (graphQLResponse.Data != null) { scheduleRunResponce = graphQLResponse.Data; } else { string errorText = graphQLResponse.Errors[0].Message; Console.WriteLine($"Error: on call to Scehdule RUn Request: {errorText}"); } // var scheduleRunResponce = graphQLResponse.Data; return scheduleRunResponce; } When I look at the Variables field before I send it doesn't look sends it has the data but instead has it labeled as input: {GraphQLClient.SCEDInputItems}. Any ideas on how it get the string value of the Json deserialized to what a proper json value? Thanks.

Uthman, PortSwigger Agent | Last updated: Aug 03, 2020 02:10PM UTC

Which GraphQL library are you using? Have you considered modelling your code based on an existing project on GitHub? - https://github.com/Shopify/graphql_java_gen - https://github.com/graphql-dotnet/graphql-client

You need to Log in to post a reply. Or register here, for free.