Merge branch '60123-graphql-complexity-limit-too-low-for-schema-load' into 'master'

GraphQL complexity limit too low for Schema load / IntrospectionQuery Closes #60123 See merge request gitlab-org/gitlab-ce!27063
2019-04-08 18:47:20 +00:00 · 2019-04-08 18:47:20 +00:00 · b28d6d8ab8
commit b28d6d8ab8
parent 4101ee0105 e86a2e7eb2
3 changed files with 109 additions and 8 deletions
--- a/app/graphql/gitlab_schema.rb
+++ b/app/graphql/gitlab_schema.rb
@ -1,12 +1,11 @@
 # frozen_string_literal: true

 class GitlabSchema < GraphQL::Schema
-  # Took our current most complicated query in use, issues.graphql,
-  # with a complexity of 19, and added a 20 point buffer to it.
+  # Currently an IntrospectionQuery has a complexity of 179.
  # These values will evolve over time.
-  DEFAULT_MAX_COMPLEXITY   = 40
-  AUTHENTICATED_COMPLEXITY = 50
-  ADMIN_COMPLEXITY         = 60
+  DEFAULT_MAX_COMPLEXITY   = 200
+  AUTHENTICATED_COMPLEXITY = 250
+  ADMIN_COMPLEXITY         = 300

  use BatchLoader::GraphQL
  use Gitlab::Graphql::Authorize
--- a/spec/fixtures/api/graphql/introspection.graphql
+++ b/spec/fixtures/api/graphql/introspection.graphql
@ -0,0 +1,92 @@
+# pulled from GraphiQL query
+query IntrospectionQuery {
+  __schema {
+    queryType { name }
+    mutationType { name }
+    subscriptionType { name }
+    types {
+      ...FullType
+    }
+    directives {
+      name
+      description
+      locations
+      args {
+        ...InputValue
+      }
+    }
+  }
+}
+
+fragment FullType on __Type {
+  kind
+  name
+  description
+  fields(includeDeprecated: true) {
+    name
+    description
+    args {
+      ...InputValue
+    }
+    type {
+      ...TypeRef
+    }
+    isDeprecated
+    deprecationReason
+  }
+  inputFields {
+    ...InputValue
+  }
+  interfaces {
+    ...TypeRef
+  }
+  enumValues(includeDeprecated: true) {
+    name
+    description
+    isDeprecated
+    deprecationReason
+  }
+  possibleTypes {
+    ...TypeRef
+  }
+}
+
+fragment InputValue on __InputValue {
+  name
+  description
+  type { ...TypeRef }
+  defaultValue
+}
+
+fragment TypeRef on __Type {
+  kind
+  name
+  ofType {
+    kind
+    name
+    ofType {
+      kind
+      name
+      ofType {
+        kind
+        name
+        ofType {
+          kind
+          name
+          ofType {
+            kind
+            name
+            ofType {
+              kind
+              name
+              ofType {
+                kind
+                name
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
--- a/spec/requests/api/graphql/gitlab_schema_spec.rb
+++ b/spec/requests/api/graphql/gitlab_schema_spec.rb
@ -3,14 +3,24 @@ require 'spec_helper'
 describe 'GitlabSchema configurations' do
  include GraphqlHelpers

-  let(:project) { create(:project, :repository) }
-  let!(:query)  { graphql_query_for('project', 'fullPath' => project.full_path) }
+  it 'shows an error if complexity is too high' do
+    project = create(:project, :repository)
+    query   = graphql_query_for('project', { 'fullPath' => project.full_path }, "id\nname\ndescription")

-  it 'shows an error if complexity it too high' do
    allow(GitlabSchema).to receive(:max_query_complexity).and_return 1

    post_graphql(query, current_user: nil)

    expect(graphql_errors.first['message']).to include('which exceeds max complexity of 1')
  end
+
+  context 'when IntrospectionQuery' do
+    it 'is not too complex' do
+      query = File.read(Rails.root.join('spec/fixtures/api/graphql/introspection.graphql'))
+
+      post_graphql(query, current_user: nil)
+
+      expect(graphql_errors).to be_nil
+    end
+  end
 end