Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Getting error in DotNet GraphQL application trying to use Create Schedule Item

Glenn | Last updated: Jul 31, 2020 11:24AM UTC

I am create a DotNet version 3.1 console app that is having problems creating a Scheduled Item. When I run the request using Postman it works fine. This is what I use in Postman: mutation CreateScheduleItem($input: CreateScheduleItemInput!) { create_schedule_item(input: $input) { schedule_item { id } } } Variable: {"input":{"site_id":"12","schedule":{"initial_run_time":"2020-08-01T10:45:00- 04:00","rrule":"FREQ=MONTHLY;INTERVAL=1;BYDAY=5TH"},"scan_configuration_ids":["963bd8e7- f323-4fab-aae8-ce2a95a8f587"]}} When I send the same request in the console application, I get this error: "Field 'id' of variable 'input' has coerced Null value for NonNull type 'ID!'" This is what I am apssing to GraphQL: Query: "mutation UpdateScheduleItem($input: UpdateScheduleItemInput!) {update_schedule_item(input: $input) {schedule_item { id site {id name } schedule { initial_run_time rrule } scan_configurations { id } has_run_more_than_once}}}" Variables: { input = { site_id = "12" }, schedule = { rrule = "FREQ=MONTHLY;INTERVAL=1", initial_run_time = {8/1/2020 7:13:51 AM} } } I understand that I do not have the scan_configuration_ids in the one from DotNet, but the same one without it works fine in Postman. I just can't figure out how to add the scan_configuration to the anonymous Json, yet. That's another question. What am I doing wrong?

Uthman, PortSwigger Agent | Last updated: Jul 31, 2020 12:16PM UTC

It looks like your second mutation is incorrect. The input should look something like your first example: {site_id: "46", schedule: {rrule: "", initial_run_time: ""} Are you creating a custom GraphQL client? What are you trying to do?

Glenn | Last updated: Jul 31, 2020 06:33PM UTC

OK, I'll try the Json. Some of variable sections that work us the "=" sign, some do not. I'll let you know on Monday morning.

Glenn | Last updated: Aug 03, 2020 01:42PM UTC

I still get the same error. This is the function I am using to make the GraphQL cALL: private static async Task<dynamic> ScheduleRun(string siteid, string runwhen) { // This is what the variable should look when requesting a scheduled scan for site 12 on the 5th Thursday of the month at 10:45 AM // {"input": // { // "site_id":"12", // "schedule":{ // "initial_run_time":"2020-07-30T10:45:00-04:00","rrule":"FREQ=MONTHLY;INTERVAL=1;BYDAY=5TH" // }, // "scan_configuration_ids":["963bd8e7-f323-4fab-aae8-ce2a95a8f587"] // // } // } var graphQLClient = new GraphQL.Client.GraphQLClient(GraphQlServerUrl); graphQLClient.DefaultRequestHeaders.Add("Authorization", ApiKey); //ID id = new ScheduleRun(Int32.Parse(scanId)); SCEDInput sched = null; string runTime = ""; if (runwhen.ToLower() == "daily") { runTime = "FREQ=DAILY;INTERVAL=1"; } else if (runwhen.ToLower() == "weekly") { runTime = "FREQ=WEEKLY;INTERVAL=1"; } else if (runwhen.ToLower() == "monthly") { runTime = "FREQ=MONTHLY;INTERVAL=1"; } string MPRBasic = "963bd8e7-f323-4fab-aae8-ce2a95a8f587"; //var def2 = new { input = new { site_id = siteid }, schedule = new { rrule = runTime, initial_run_time = DateTime.Now.AddDays(1) }, scan_configuration_ids = new[] { "963bd8e7-f323-4fab-aae8-ce2a95a8f587" } }; //var def2 = new { input = new { site_id = siteid }, schedule = new { rrule = runTime, initial_run_time = DateTime.Now.AddDays(1) } }; sched = new SCEDInput(siteid,runTime,DateTime.UtcNow); //string noquotes = Newtonsoft.Json.JsonConvert.SerializeObject(sched); var requestdata = JsonConvert.SerializeObject(sched); GraphQLRequest scheduleRunRequest = new GraphQLRequest { Query = GraphQLStatements["ScheduleRun"], Variables = Newtonsoft.Json.JsonConvert.DeserializeObject<SCEDInput>(requestdata) }; var graphQLResponse = await graphQLClient.PostAsync(scheduleRunRequest); var scheduleRunResponce = graphQLResponse.Data; if (graphQLResponse.Data != null) { scheduleRunResponce = graphQLResponse.Data; } else { string errorText = graphQLResponse.Errors[0].Message; Console.WriteLine($"Error: on call to Scehdule RUn Request: {errorText}"); } // var scheduleRunResponce = graphQLResponse.Data; return scheduleRunResponce; } When I look at the Variables field before I send it doesn't look sends it has the data but instead has it labeled as input: {GraphQLClient.SCEDInputItems}. Any ideas on how it get the string value of the Json deserialized to what a proper json value? Thanks.

Uthman, PortSwigger Agent | Last updated: Aug 03, 2020 02:10PM UTC

Which GraphQL library are you using? Have you considered modelling your code based on an existing project on GitHub? - https://github.com/Shopify/graphql_java_gen - https://github.com/graphql-dotnet/graphql-client

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.