Graphqler

🔍Implemented detections!

User-facing changes

- Add introspection detection
- Add field suggestions detection
- Add HTML/XSS/SQLi/File/SSRF detections
- Add OS command injection detections
- Add deny-list bypass detections
- Add easier stats parsing
- Add detection logging for easier access
- Add `SKIP_NODES` option to the configuration to skip any nodes that might be causing issues on the API (IE. slow endpoints)


Detections example

---

Developer changes

- Moved `materializer` of each detection into `detection` classes
- Stats parsing now parses vulnerabilities as well
- Added general abstract `detection` class to be extended on
- Fix duplicate logging by checking logger handlers before initialization
- Fix materializer check for soft dependencies

Objects bucket refactor
- Can now keep track of all scalars seen
- Keeps track of all fields of objects seen


General
- Improved error handling & object bucket printing
- Checking max-depth on inputs for materializer
- Bug fix on max-depth of materializer in inputs not being used
- Bug fix stats not correctly giving back proper error codes
- Remove noise in `fuzzer.log` during normal usage (still available in DEBUG mode)

- SQLI testing
- Batch query/mutation testing
- Bug fixes on error handling

What's Changed
- Add support for args in fields
- Fix bugs in logging during retries
- Add re-trier functionality on NON_NULL fields of objects
- Add INTERFACE support

- Refactor a lot of materializer code
- Add UNION type support
- Add DEBUG support

Features
- IDOR checking
- Packaged GraphQLer as a pip package
- Bug fixes
- Improved logging for compiler and found objects
- Support for a TOML config file
- Use `--mode` to combine `--compile`, `--fuzz`, `--run`
- Add `--version` flag
- Add container to run GraphQLer in docker
- Add proxy support
- Add custom headers