Add GraphQl HTTP method manipulation KB Entry

WEB_SERVICE/WEB/_MEDIUM/HTTP_METHOD_MANIPULATION/description.md

@@ -0,0 +1,22 @@
+HTTP method manipulation involves exploiting inconsistencies in how GraphQL servers handle HTTP methods. In GraphQL, mutations are typically executed using the POST method to prevent sensitive operations from being exposed in the URL. However, if the server incorrectly allows mutations to be executed using GET requests, sensitive data could be exposed in URLs, leading to security vulnerabilities.
+
+If a proxy is used to route requests, the risk increases, as proxies may log these URLs, inadvertently storing sensitive information, such as API keys or user data, which could later be compromised if logs are accessed.
+
+The security implications of HTTP method manipulation in GraphQL include:
+
+- **Sensitive Data Exposure**: When sensitive information (e.g., mutation parameters) is included in a URL, it may be exposed to logs or other unintended parties.
+- **Proxy Risks**: If a proxy logs the URLs of requests, sensitive data embedded in GET requests may be stored and accessed later by unauthorized individuals.
+- **Improper Access Control**: Allowing mutations via GET requests might lead to insecure operations being performed without proper safeguards.
+
+To check if a GraphQL API is vulnerable to this, you can attempt to execute a mutation using a GET request:
+
+```python
+import requests
+
+response = requests.get("https://your-graphql-endpoint.com/graphql", 
+    params={
+        'query': 'mutation { MutationName(input: { yourField: "value" }) { resultField } }'
+    })
+```
+
+If the mutation is allowed via GET, it indicates a potential vulnerability that needs to be addressed.

WEB_SERVICE/WEB/_MEDIUM/HTTP_METHOD_MANIPULATION/meta.json

@@ -0,0 +1,35 @@
+
+{
+  "title": "HTTP Method Manipulation in GraphQL",
+  "short_description": "HTTP method manipulation allows GraphQL mutations to be executed using GET requests, leading to potential exposure of sensitive data.",
+  "risk_rating": "medium",
+  "references": {
+  },
+  "privacy_issue": true,
+  "security_issue": true,
+  "categories": {
+    "CWE_TOP_25": [
+      "CWE_400"
+    ],
+    "PCI_STANDARDS": [
+      "REQ_6_2",
+      "REQ_6_4",
+      "REQ_11_3"
+    ],
+    "OWASP_MASVS_L2": [
+      "MSTG_PLATFORM_2"
+    ],
+    "OWASP_ASVS_L3": [
+      "V13_4_1"
+    ],
+    "SOC2_CONTROLS": [
+      "CC_2_1",
+      "CC_4_1",
+      "CC_7_1",
+      "CC_7_2",
+      "CC_7_4",
+      "CC_7_5",
+      "CC_9_1"
+    ]
+  }
+}

WEB_SERVICE/WEB/_MEDIUM/HTTP_METHOD_MANIPULATION/recommendation.md

@@ -0,0 +1,22 @@
+To mitigate the risks associated with **HTTP Method Manipulation** in GraphQL, follow these security practices:
+
+1. **Enforce POST-only Mutations**: Ensure that mutations can only be executed via the POST method. Reject any mutation requests made using GET to prevent sensitive information from being passed in URLs.
+
+2. **Disable GET for Mutations**: Update server configurations to explicitly disallow mutations over GET requests. This ensures that no data-altering operations can be performed via a URL.
+
+3. **Use Secure Proxies**: If a proxy is used to route requests, ensure it does not log sensitive URLs, or implement logging sanitization to remove sensitive information from the logs.
+
+4. **Monitor and Test Regularly**: Continuously test GraphQL endpoints for method manipulation vulnerabilities. Ensure that mutation requests can only be executed via the appropriate HTTP method.
+
+```python
+# Enforce POST-only mutations in a Flask-based GraphQL app
+
+from flask import request, jsonify
+from flask_graphql import GraphQLView
+
+@app.route('/graphql', methods=['POST'])
+def graphql():
+    if request.method != 'POST':
+        return jsonify({"error": "Only POST requests allowed for mutations"}), 405
+
+    return GraphQLView.as_view('graphql')()