kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Merge branch '60123-graphql-complexity-limit-too-low-for-schema-load' into 'master'

Browse source 
GraphQL complexity limit too low for Schema load / IntrospectionQuery

Closes #60123

See merge request gitlab-org/gitlab-ce!27063
This commit is contained in:
Douglas Barbosa Alexandre 2019-04-08 18:47:20 +00:00
commit b28d6d8ab8
3 changed files with 109 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
app/graphql/gitlab_schema.rb
View file

@ -1,12 +1,11 @@
# frozen_string_literal: true # frozen_string_literal: true
class GitlabSchema < GraphQL::Schema class GitlabSchema < GraphQL::Schema
# Took our current most complicated query in use, issues.graphql, # Currently an IntrospectionQuery has a complexity of 179.
# with a complexity of 19, and added a 20 point buffer to it.
# These values will evolve over time. # These values will evolve over time.
DEFAULT_MAX_COMPLEXITY = 40 DEFAULT_MAX_COMPLEXITY = 200
AUTHENTICATED_COMPLEXITY = 50 AUTHENTICATED_COMPLEXITY = 250
ADMIN_COMPLEXITY = 60 ADMIN_COMPLEXITY = 300
use BatchLoader::GraphQL use BatchLoader::GraphQL
use Gitlab::Graphql::Authorize use Gitlab::Graphql::Authorize

92
spec/fixtures/api/graphql/introspection.graphql vendored Normal file
View file

@ -0,0 +1,92 @@
# pulled from GraphiQL query
query IntrospectionQuery {
__schema {
queryType { name }
mutationType { name }
subscriptionType { name }
types {
...FullType
}
directives {
name
description
locations
args {
...InputValue
}
}
}
}
fragment FullType on __Type {
kind
name
description
fields(includeDeprecated: true) {
name
description
args {
...InputValue
}
type {
...TypeRef
}
isDeprecated
deprecationReason
}
inputFields {
...InputValue
}
interfaces {
...TypeRef
}
enumValues(includeDeprecated: true) {
name
description
isDeprecated
deprecationReason
}
possibleTypes {
...TypeRef
}
}
fragment InputValue on __InputValue {
name
description
type { ...TypeRef }
defaultValue
}
fragment TypeRef on __Type {
kind
name
ofType {
kind
name
ofType {
kind
name
ofType {
kind
name
ofType {
kind
name
ofType {
kind
name
ofType {
kind
name
ofType {
kind
name
}
}
}
}
}
}
}
}

16
spec/requests/api/graphql/gitlab_schema_spec.rb
View file

@ -3,14 +3,24 @@ require 'spec_helper'
describe 'GitlabSchema configurations' do describe 'GitlabSchema configurations' do
include GraphqlHelpers include GraphqlHelpers
let(:project) { create(:project, :repository) } it 'shows an error if complexity is too high' do
let!(:query) { graphql_query_for('project', 'fullPath' => project.full_path) } project = create(:project, :repository)
query = graphql_query_for('project', { 'fullPath' => project.full_path }, "id\nname\ndescription")
it 'shows an error if complexity it too high' do
allow(GitlabSchema).to receive(:max_query_complexity).and_return 1 allow(GitlabSchema).to receive(:max_query_complexity).and_return 1
post_graphql(query, current_user: nil) post_graphql(query, current_user: nil)
expect(graphql_errors.first['message']).to include('which exceeds max complexity of 1') expect(graphql_errors.first['message']).to include('which exceeds max complexity of 1')
end end
context 'when IntrospectionQuery' do
it 'is not too complex' do
query = File.read(Rails.root.join('spec/fixtures/api/graphql/introspection.graphql'))
post_graphql(query, current_user: nil)
expect(graphql_errors).to be_nil
end
end
end end