GraphQL++

Model/Model.cs

@@ -89,10 +89,10 @@ Contenu de la BDD non relationnelle (Employés)
     /* 
      Classes et Query GraphQL (clients)
      */
-    public record Client(int Id, string Name, int Country);
+    public record Client(int Id, string Name, int Country, int Bank);
     public record Country(int Id, string Name);
 
-    public record Bank(int RIB, string Name);
+    public record Bank(int id, string RIB, string Name);
 
     public class ClientDetails
     {
@@ -121,6 +121,7 @@ public interface IClientService
         public List<ClientDetails> GetClients();
         public List<ClientDetails> GetClient(int empId);
         public List<ClientDetails> GetClientsByCountry(int Country);
+        public List<ClientDetails> GetClientsByBank(int BankId);
     }
 
     public class ClientService : IClientService
@@ -129,11 +130,11 @@ public ClientService(){}
 
         private List<Client> Clients = new List<Client>
         {
-            new Client(1, "NovaSynergy Solutions", 1),
-            new Client(2, "EcoVerde Innovations", 1),
-            new Client(3, "AstraTech Dynamics", 2),
-            new Client(4, "Luminara Creation", 2),
-            new Client(5, "ZenithWave Enterprises", 3),
+            new Client(1, "NovaSynergy Solutions", 1,1),
+            new Client(2, "EcoVerde Innovations", 1,1),
+            new Client(3, "AstraTech Dynamics", 2,1),
+            new Client(4, "Luminara Creation", 2,1),
+            new Client(5, "ZenithWave Enterprises", 3,1),
         };
 
         private List<Country> Countrys = new List<Country>
@@ -143,6 +144,12 @@ public ClientService(){}
             new Country(3, "China"),
         };
 
+        private List<Bank> Banks = new List<Bank>
+        {
+            new Bank(1, "FR1610096000703816856838K74" ,"BdF"),
+
+        };
+
         public List<ClientDetails> GetClients()
         {
             return Clients.Select(emp => new ClientDetails
@@ -163,13 +170,25 @@ public List<ClientDetails> GetClient(int empId)
             }).ToList();
         }
 
-        public List<ClientDetails> GetClientsByCountry(int Country)
+
+        public List<ClientDetails> GetClientsByCountry(int CountryId)
         {
-            return Clients.Where(emp => emp.Country == Country).Select(emp => new ClientDetails
+            return Clients.Where(emp => emp.Country == CountryId).Select(emp => new ClientDetails
             {
                 Id = emp.Id,
                 Name = emp.Name,
-                Country = Countrys.First(d => d.Id == Country).Name,
+                Country = Countrys.First(d => d.Id == CountryId).Name,
+            }).ToList();
+        }
+
+
+        public List<ClientDetails> GetClientsByBank(int BankId)
+        {
+            return Clients.Where(emp => emp.Bank == BankId).Select(emp => new ClientDetails
+            {
+                Id = emp.Id,
+                Name = emp.Name,
+                Bank = Banks.First(b => b.id == BankId).RIB,
             }).ToList();
         }
     }
@@ -178,8 +197,34 @@ public class ClientQuery : ObjectGraphType
     {
         public ClientQuery(IClientService ClientService)
         {
+            /*
             Field<ListGraphType<ClientDetailsType>>(Name = "Clients", resolve: x => ClientService.GetClients());
-            Field<ListGraphType<ClientDetailsType>>(Name = "Client", arguments: new QueryArguments(new QueryArgument<IntGraphType> { Name = "id" }), resolve: x => ClientService.GetClient(x.GetArgument<int>("id")));
+
+            Field<ListGraphType<ClientDetailsType>>(Name = "Client", arguments: new QueryArguments(new QueryArgument<IntGraphType> { Name = "Id" }), resolve: x => ClientService.GetClient(x.GetArgument<int>("Id")));
+            */
+
+            Field<ListGraphType<ClientDetailsType>>(
+                "Clients",
+                resolve: context => ClientService.GetClients()
+            );
+
+            Field<ListGraphType<ClientDetailsType>>(
+                "Client",
+                arguments: new QueryArguments(new QueryArgument<IntGraphType> { Name = "Id" }),
+                resolve: context => ClientService.GetClient(context.GetArgument<int>("Id"))
+            );
+
+            Field<ListGraphType<ClientDetailsType>>(
+                "ClientsByCountry",
+                arguments: new QueryArguments(new QueryArgument<IntGraphType> { Name = "CountryId" }),
+                resolve: context => ClientService.GetClientsByCountry(context.GetArgument<int>("CountryId"))
+            );
+
+            Field<ListGraphType<ClientDetailsType>>(
+                "ClientsByBank",
+                arguments: new QueryArguments(new QueryArgument<IntGraphType> { Name = "Bank" }),
+                resolve: context => ClientService.GetClientsByBank(context.GetArgument<int>("Bank"))
+            );
         }
     }
 

README.md

@@ -27,6 +27,7 @@
 | CWE-91 | XML Injection | Hard | 0-500$ |
 | CWE-98 | Remote File Inclusion | Hard | 1.000-10.000$ |
 | CWE-184 | Incomplete List of Disallowed Inputs | Medium | 500-2.000$ |
+| CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor | Hard | 1.000-20.000$ | 
 | CWE-213 | Exposure of Sensitive Information Due to Incompatible Policies | Easy | 500-2.000$ |
 | CWE-284 | Improper Access Control | Medium | 1.000-5.000$ |
 | CWE-287 | Improper Authentication | Medium | 500-5.000$ |
@@ -40,8 +41,8 @@
 | CWE-611 | Improper Restriction of XML External Entity Reference | Hard | 1.000-10.000$ |
 | CWE-787 | Out-of-bounds Write | Easy | 500-5000$ |
 | CWE-798 | Use of Hard-coded Credentials | Very Easy | 1.000-10.000$ |
-| CWE-829 | Local File Inclusion | Easy | 500-2.000$|
-| CWE-918 | Server-Side Request Forgery (SSRF) | Medium | 1.000$-10.000$|
+| CWE-829 | Local File Inclusion | Easy | 500-2.000$ |
+| CWE-918 | Server-Side Request Forgery (SSRF) | Medium | 1.000$-10.000$ |
 | CWE-1270 | Generation of Incorrect Security Tokens | Medium | 1.000-20.000$ |