add circular fragment

README.md

@@ -20,6 +20,7 @@ GraphQL Cop allows you to reproduce the findings by providing cURL commands upon
 - Introspection (Info Leak)
 - Directives Overloading (DoS)
 - Circular Query using Introspection (DoS)
+- Circular Fragment (DoS)
 
 ## Usage
 

graphql-cop.py

@@ -17,6 +17,7 @@
 from lib.tests.dos_directive_overloading import directive_overloading
 from lib.tests.info_trace_mode import trace_mode
 from lib.tests.dos_circular_introspection import circular_query_introspection
+from lib.tests.dos_circular_fragment import circular_fragment
 from lib.utils import is_graphql, draw_art
 
 
@@ -68,7 +69,7 @@
 tests = [field_suggestions, introspection, detect_graphiql, 
          get_method_support, alias_overloading, batch_query,
          field_duplication, trace_mode, directive_overloading,
-         circular_query_introspection]
+         circular_query_introspection, circular_fragment]
 
 json_output = []
 

lib/tests/dos_circular_fragment.py

@@ -0,0 +1,42 @@
+"""Circular Fragment tests."""
+from lib.utils import graph_query, curlify
+
+
+def circular_fragment(url, proxy, headers):
+  """Check for circular fragment."""
+  res = {
+    'result':False,
+    'title':'Circular Fragment',
+    'description':'Circular Fragment allowed in Query',
+    'impact':'Denial of Service',
+    'severity':'HIGH',
+    'curl_verify':''
+  }
+
+  q = '''
+    query {
+        __schema { 
+          ...A
+        }
+    }
+
+    fragment A on __Schema {
+        __typename
+        ...B
+    }
+
+    fragment B on __Schema {
+        ...A
+    }
+'''
+  gql_response = graph_query(url, proxies=proxy, headers=headers, payload=q)
+  res['curl_verify'] = curlify(gql_response)
+
+  try:
+    print(gql_response.json())
+    if not 'errors' in gql_response.json():
+      res['result'] = True
+  except:
+    pass
+
+  return res