Skip to content

[783] Add GraphQL Query Whitelist for Security#853

Open
Goodnessukaigwe wants to merge 2 commits into
SoroScan:mainfrom
Goodnessukaigwe:fix/783-add-graphql-query-whitelist-for-security
Open

[783] Add GraphQL Query Whitelist for Security#853
Goodnessukaigwe wants to merge 2 commits into
SoroScan:mainfrom
Goodnessukaigwe:fix/783-add-graphql-query-whitelist-for-security

Conversation

@Goodnessukaigwe

Copy link
Copy Markdown
Contributor

Summary

  • Adds trusted GraphQL query hashing and whitelist storage (GraphQLWhitelistedQuery)
  • Enforces whitelist in production via GRAPHQL_QUERY_WHITELIST_ENABLED (defaults off in DEBUG)
  • Logs rejected query hashes to GraphQLRejectedQueryLog and application logs
  • Adds staff admin endpoint POST/GET /api/ingest/admin/graphql-whitelist/ to register queries

Closes #783

Test plan

  • pytest soroscan/ingest/tests/test_graphql_whitelist.py
  • Known queries accepted, unknown rejected, hash generation, logging, admin registration

Made with Cursor

Goodnessukaigwe and others added 2 commits June 30, 2026 05:15
Hash and store approved queries, reject unknown queries with logging, and expose a staff admin endpoint to register new queries.

Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
@drips-wave

drips-wave Bot commented Jun 30, 2026

Copy link
Copy Markdown

@Goodnessukaigwe Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add GraphQL Query Whitelist for Security

1 participant