{"id":13564345,"url":"https://github.com/RobinCPel/graphql-postman","last_synced_at":"2025-04-03T21:30:39.733Z","repository":{"id":217500003,"uuid":"397615446","full_name":"RobinCPel/graphql-postman","owner":"RobinCPel","description":"Converts a GraphQL schema to a Postman Collection v2.1.","archived":false,"fork":false,"pushed_at":"2021-08-18T13:48:15.000Z","size":12,"stargazers_count":7,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-11-04T17:47:25.229Z","etag":null,"topics":["api-fuzzing","docker","fuzz","fuzz-testing","fuzzing","gitlab","gitlab-api-fuzzing","gitlab-ci","go","golang","gql","graphql","graphql-introspection","postman"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/RobinCPel.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2021-08-18T13:43:47.000Z","updated_at":"2024-04-11T08:15:12.000Z","dependencies_parsed_at":"2024-01-16T21:53:46.932Z","dependency_job_id":"78d12675-4efb-4e63-836c-398a7d3ccb86","html_url":"https://github.com/RobinCPel/graphql-postman","commit_stats":null,"previous_names":["robincpel/graphql-postman"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RobinCPel%2Fgraphql-postman","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RobinCPel%2Fgraphql-postman/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RobinCPel%2Fgraphql-postman/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RobinCPel%2Fgraphql-postman/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/RobinCPel","download_url":"https://codeload.github.com/RobinCPel/graphql-postman/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247082917,"owners_count":20880743,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api-fuzzing","docker","fuzz","fuzz-testing","fuzzing","gitlab","gitlab-api-fuzzing","gitlab-ci","go","golang","gql","graphql","graphql-introspection","postman"],"created_at":"2024-08-01T13:01:30.041Z","updated_at":"2025-04-03T21:30:39.149Z","avatar_url":"https://github.com/RobinCPel.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# ✉️ GraphQL Postman\n\nConverts a GraphQL schema to a Postman Collection v2.1 which can be used in GitLab CI for API Fuzzing Tests.\n\n## 🖊 Postman Collection Format v2.1\n\nhttps://schema.postman.com/json/collection/v2.1.0/docs/index.html\n\n## 🚀 How to run\n\n1. Have [go](https://golang.org/) installed\n2. Have [make](https://www.gnu.org/software/make/) installed\n3. Build with `make build`\n4. Run with `ENDPOINT=\"http://GRAPHQL_ENDPOINT\" make run`\n\nNote: step three and four can be combined with the command: `ENDPOINT=\"http://GRAPHQL_ENDPOINT\" make full`.\n\n## 🚩 Flags\n\n| Name                    | Description                         | Flag        | Default                                | Required |\n|-------------------------|-------------------------------------|-------------|----------------------------------------|----------|\n| GraphQL Endpoint        | GraphQL endpoint to connect to.     | `-endpoint` | -                                      | yes      |\n| Output File             | The file to write the result to.    | `-output`   | `api.postman_collection.json`          | no       |\n| Postman Collection ID   | The Postman Collection ID to use.   | `-id`       | `00000000-0000-0000-0000-000000000000` | no       |\n| Postman Collection Name | The Postman Collection name to use. | `-name`     | `GraphQL Postman`                      | no       |\n\n## 🐳 Docker\nThe image of this project is available on docker hub: \u003chttps://hub.docker.com/r/robincp/graphql-postman\u003e\n\n## ⚠️ Known issues\n\n- Does not support lists with more than two dimensions\n- Assumes a schema has queries *and* mutations, no subscriptions\n- No support for interfaces, objects, and unions\n\n## 🚨 Important note\nThis software was written to make automated GitLab API Fuzzing testing possible for our GraphQL API. The features this project contains, are limited to what our GraphQL API consists out of. Therefore, the known issues will not be fixed unless they become relevant for us (or if a very nice person comes around and opens a merge/pull request with the features 😉).\n\n## ⚙️ How to use it for GitLab API fuzzing\n\n1. Add a CI job that runs before the GitLab Fuzzing job \n2. Make the new job use the graphql-postman docker image\n3. Add this line to the script: `/go/src/bin/graphql-postman -endpoint \"${FUZZAPI_TARGET_URL}/gql\"`\n4. Expose the artifact, by default called `api.postman_collection.json`\n\n### 📑 Example\n\n```yaml\ninclude:\n  - template: Security/API-Fuzzing.gitlab-ci.yml\n\nstages:\n  - test\n  - build\n  - etc.\n  - prepare-fuzz\n  - fuzz\n\nvariables:\n  FUZZAPI_PROFILE: Long-100\n  FUZZAPI_POSTMAN_COLLECTION: ./api.postman_collection.json\n  FUZZAPI_TARGET_URL: http://example.com\n\n...\n\nprepare-fuzz:\n  stage: prepare-fuzz\n  image:\n    name: gitlab.example.org/pace/graphql-postman:master\n  before_script: []\n  script:\n    - /go/src/bin/graphql-postman -endpoint \"${FUZZAPI_TARGET_URL}/gql\"\n  after_script: []\n  artifacts:\n    expire_in: 1 week\n    name: \"$CI_COMMIT_REF_NAME_postman_collection\"\n    expose_as: \"postman_collection\"\n    paths:\n      - api.postman_collection.json\n\napifuzzer_fuzz:\n  needs:\n    - job: prepare-fuzz\n      artifacts: true\n```\n\n### 🔨 Building the docker image yourself\n\nYou can also build the docker image yourself and push it to your GitLab Docker Image repo with CI, [how?](https://docs.gitlab.com/ee/ci/docker/using_kaniko.html#building-a-docker-image-with-kaniko) \n\n## 🧠 GraphQL Introspection Query\n\n```graphql\nquery IntrospectionQuery {\n  __schema {\n    queryType {\n      name\n    }\n    mutationType {\n      name\n    }\n    types {\n      name\n      fields(includeDeprecated: false) {\n        name\n        args {\n          name\n          type {\n            ...TypeRef\n          }\n        }\n        type {\n          ...TypeRef\n        }\n      }\n      inputFields {\n        name\n        type {\n          ...TypeRef\n        }\n      }\n      enumValues(includeDeprecated: false) {\n        name\n      }\n      possibleTypes {\n        ...TypeRef\n      }\n    }\n  }\n}\n\nfragment TypeRef on __Type {\n  kind\n  name\n  ofType {\n    kind\n    name\n    ofType {\n      kind\n      name\n      ofType {\n        kind\n        name\n        ofType {\n          kind\n          name\n          ofType {\n            kind\n            name\n            ofType {\n              kind\n              name\n              ofType {\n                kind\n                name\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FRobinCPel%2Fgraphql-postman","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FRobinCPel%2Fgraphql-postman","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FRobinCPel%2Fgraphql-postman/lists"}