[
https://issues.apache.org/jira/browse/SLING-12198?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Radu Cotescu closed SLING-12198.
--------------------------------
> Extending sling.graphql.engine to allow passing custom graphql ParserOptions
> while executing GraphQL queries
> ------------------------------------------------------------------------------------------------------------
>
> Key: SLING-12198
> URL: https://issues.apache.org/jira/browse/SLING-12198
> Project: Sling
> Issue Type: Improvement
> Components: GraphQL
> Affects Versions: GraphQL Core 0.0.24
> Reporter: Andrzej Kubas
> Assignee: Bertrand Delacretaz
> Priority: Major
> Fix For: GraphQL Core 0.0.28
>
>
> The graphql-java crates default ParserOptions(if not passed with
> ExecutionInput#graphQLContext) while executing GraphQL query.
> [https://github.com/graphql-java/graphql-java/blob/v20.3/src/main/java/graphql/ParseAndValidate.java#L67]
> [https://github.com/graphql-java/graphql-java/blob/v20.3/src/main/java/graphql/parser/ParserOptions.java#L35]
> That could lead to 'Denial Of Service' InvalidSyntax error while executing
> GraphQL complex queries.
>
> However, there should be a way to set graphql-java execution up with custom
> values of ParserOprions.
> [https://github.com/apache/sling-org-apache-sling-graphql-core/blob/org.apache.sling.graphql.core-0.0.24/src/main/java/org/apache/sling/graphql/core/engine/DefaultQueryExecutor.java#L208]
> [https://github.com/apache/sling-org-apache-sling-graphql-core/blob/org.apache.sling.graphql.core-0.0.24/src/main/java/org/apache/sling/graphql/core/engine/DefaultQueryExecutor.java#L202]
> https://github.com/apache/sling-org-apache-sling-graphql-core/blob/org.apache.sling.graphql.core-0.0.24/src/main/java/org/apache/sling/graphql/core/engine/DefaultQueryExecutor.java#L155
>
> That should help to orchestrate custom graphql-java executions for complex
> GraphQL queries.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
