[ https://issues.apache.org/jira/browse/SLING-12198?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bertrand Delacretaz reassigned SLING-12198: ------------------------------------------- Assignee: Bertrand Delacretaz > Extending sling.graphql.engine to allow passing custom graphql ParserOptions > while executing GraphQL queries > ------------------------------------------------------------------------------------------------------------ > > Key: SLING-12198 > URL: https://issues.apache.org/jira/browse/SLING-12198 > Project: Sling > Issue Type: Improvement > Components: GraphQL > Affects Versions: GraphQL Core 0.0.24 > Reporter: Andrzej Kubas > Assignee: Bertrand Delacretaz > Priority: Major > Fix For: GraphQL Core 0.0.28 > > > The graphql-java crates default ParserOptions(if not passed with > ExecutionInput#graphQLContext) while executing GraphQL query. > [https://github.com/graphql-java/graphql-java/blob/v20.3/src/main/java/graphql/ParseAndValidate.java#L67] > [https://github.com/graphql-java/graphql-java/blob/v20.3/src/main/java/graphql/parser/ParserOptions.java#L35] > That could lead to 'Denial Of Service' InvalidSyntax error while executing > GraphQL complex queries. > > However, there should be a way to set graphql-java execution up with custom > values of ParserOprions. > [https://github.com/apache/sling-org-apache-sling-graphql-core/blob/org.apache.sling.graphql.core-0.0.24/src/main/java/org/apache/sling/graphql/core/engine/DefaultQueryExecutor.java#L208] > [https://github.com/apache/sling-org-apache-sling-graphql-core/blob/org.apache.sling.graphql.core-0.0.24/src/main/java/org/apache/sling/graphql/core/engine/DefaultQueryExecutor.java#L202] > https://github.com/apache/sling-org-apache-sling-graphql-core/blob/org.apache.sling.graphql.core-0.0.24/src/main/java/org/apache/sling/graphql/core/engine/DefaultQueryExecutor.java#L155 > > That should help to orchestrate custom graphql-java executions for complex > GraphQL queries. -- This message was sent by Atlassian Jira (v8.20.10#820010)