Skip to content

Latest commit

 

History

History
82 lines (60 loc) · 6.17 KB

attack-tree.md

File metadata and controls

82 lines (60 loc) · 6.17 KB

Attack Tree Analysis for apollographql/apollo-android

Objective: To exfiltrate sensitive data, manipulate application state, or cause denial-of-service by exploiting vulnerabilities or misconfigurations within the apollo-android library or its interaction with the GraphQL server.

Attack Tree Visualization

[[Attacker's Goal: Exfiltrate Data, Manipulate State, or Cause DoS via Apollo-Android]] / |
/ |
[1. Client-Side] ===> [2. Intercept/Manipulate] [[3. Exploit Server-Side Interactions]] / \ / | \ ===> / |
/ \ / | \ / |
[Cache] [Input] ===> [2.1 MITM [2.2 Replay [2.3 Session [[3.1 Overly [[3.2 Insecure [[3.3 Exploit Poisoning] Validation] Attacks] Attacks] Hijacking] Permissive]] Directives]] Server-Side Schema]] Vulnerabilities]]

Attack Tree Path: Critical Node: [[Attacker's Goal]]

  • Description: The ultimate objective of the attacker. All attack paths converge here.
  • Attack Vectors: All sub-nodes.

Attack Tree Path: Critical Node: [[3. Exploit Server-Side Interactions]]

  • Description: This represents the successful exploitation of any vulnerability on the server-side that can be triggered through the GraphQL API via apollo-android.
  • Attack Vectors:
    • 3.1 Overly Permissive Schema
    • 3.2 Insecure Directives
    • 3.3 Exploit Server-Side Vulnerabilities

Attack Tree Path: Critical Node: [[3.1 Overly Permissive Schema]]

  • Description: The GraphQL schema exposes sensitive data or mutations without proper authorization checks, allowing unauthorized access or modification.
  • Attack Vectors:
    • An attacker uses apollo-android to query fields or execute mutations that should be restricted based on user roles or permissions, but the schema doesn't enforce these restrictions.
    • Introspection queries are used to discover sensitive fields or mutations that are not properly protected.

Attack Tree Path: Critical Node: [[3.2 Insecure Directives]]

  • Description: Custom directives on the server-side are implemented insecurely, allowing attackers to inject malicious code or manipulate server-side logic.
  • Attack Vectors:
    • A directive that modifies database queries based on user input without proper sanitization, leading to SQL injection.
    • A directive that executes system commands based on user input without proper validation, leading to remote code execution (RCE).
    • A directive that performs server-side requests based on user input without proper validation, leading to server-side request forgery (SSRF).

Attack Tree Path: Critical Node: [[3.3 Exploit Server-Side Vulnerabilities]]

  • Description: This is a general category representing any vulnerability in the server-side code or its dependencies that can be triggered through a GraphQL request made by apollo-android.
  • Attack Vectors:
    • Exploiting a known vulnerability in a library used by the GraphQL server (e.g., a vulnerable version of a JSON parsing library).
    • Triggering a server-side request forgery (SSRF) vulnerability through a crafted GraphQL query.
    • Causing a denial-of-service (DoS) by sending a computationally expensive query that overwhelms the server.
    • Exploiting a vulnerability in the database access layer (e.g., SQL injection, NoSQL injection).

Attack Tree Path: Critical Node: [2.3 Session Hijacking]

  • Description: An attacker gains control of a valid user session, allowing them to impersonate the user and perform actions on their behalf.
  • Attack Vectors:
    • Intercepting a session token (e.g., JWT) during transmission due to a lack of HTTPS or a successful MITM attack.
    • Stealing a session token from insecure storage on the device.
    • Exploiting a cross-site scripting (XSS) vulnerability to steal the token from the browser's local storage (if the token is accessible to JavaScript).

Attack Tree Path: High-Risk Path: ===> [2. Intercept/Manipulate Network Traffic] -> [2.1 MITM Attacks]

  • Description: An attacker intercepts the communication between the apollo-android client and the GraphQL server, modifying requests or responses.
  • Attack Vectors:
    • Exploiting a lack of certificate pinning to intercept HTTPS traffic.
    • Using a compromised Wi-Fi network to perform a man-in-the-middle attack.
    • Installing a malicious root certificate on the user's device.

Attack Tree Path: High-Risk Path: [1. Client-Side Vulnerabilities] -> [1.3 Input Validation Issues]

  • Description: Application is vulnerable to attacks based on a lack of proper input validation.
  • Attack Vectors:
    • An attacker provides a malicious value for a custom scalar that is not properly validated.
    • An attacker provides a malicious value for directive that is not properly validated.

Attack Tree Path: High-Risk Path: [1. Client-Side Vulnerabilities] -> [1.1 Cache Poisoning]

  • Description: Application is vulnerable to attacks based on a lack of proper cache validation.
  • Attack Vectors:
    • An attacker crafts a malicious GraphQL response that, when cached, will overwrite a legitimate response for a different query.