From 98591fc53259c6d0ca130315fa9d1687a3ebc80b Mon Sep 17 00:00:00 2001 From: Thisaru Guruge Date: Wed, 31 Jul 2024 18:48:47 +0530 Subject: [PATCH] Validate the Max Query Complexity Value (#1977) --- ballerina/engine.bal | 3 +++ ballerina/tests/06_configurations_test.bal | 24 +++++++++++++++++----- ballerina/tests/service.bal | 2 +- docs/spec/spec.md | 2 +- 4 files changed, 24 insertions(+), 7 deletions(-) diff --git a/ballerina/engine.bal b/ballerina/engine.bal index 3de483900..c5bfc9757 100644 --- a/ballerina/engine.bal +++ b/ballerina/engine.bal @@ -38,6 +38,9 @@ isolated class Engine { if maxQueryDepth is int && maxQueryDepth < 1 { return error Error("Max query depth value must be a positive integer"); } + if queryComplexityConfig is QueryComplexityConfig && queryComplexityConfig.maxComplexity < 0 { + return error Error("Max complexity value must be greater than zero"); + } self.maxQueryDepth = maxQueryDepth; self.schema = check createSchema(schemaString); self.interceptors = interceptors; diff --git a/ballerina/tests/06_configurations_test.bal b/ballerina/tests/06_configurations_test.bal index 62552b55d..c05342b85 100644 --- a/ballerina/tests/06_configurations_test.bal +++ b/ballerina/tests/06_configurations_test.bal @@ -90,11 +90,13 @@ function dataProviderGraphiQLPath() returns (string[][]) { @test:Config { groups: ["listener", "configs"] } -function testInvalidMaxQueryDepth() returns error? { - Engine|Error engine = new ("", 0, testService, [], true, true); - test:assertTrue(engine is Error); - Error err = engine; - test:assertEquals(err.message(), "Max query depth value must be a positive integer"); +isolated function testInvalidMaxQueryDepth() returns error? { + lock { + Engine|Error engine = new ("", 0, testService, [], true, true); + test:assertTrue(engine is Error); + Error err = engine; + test:assertEquals(err.message(), "Max query depth value must be a positive integer"); + } } @test:Config { @@ -126,3 +128,15 @@ function dataProviderGraphiqlPathLog() returns map<[(int|http:Listener), Listene "4": [9093, {secureSocket}, "https://localhost:9093", "wss://localhost:9093"] }; } + +@test:Config { + groups: ["configs", "validation", "query_complexity"] +} +isolated function testInvalidMaxQueryComplexity() returns error? { + lock { + Engine|Error engine = new ("", 10, testService, [], true, true, queryComplexityConfig = {maxComplexity: -1}); + test:assertTrue(engine is Error); + Error err = engine; + test:assertEquals(err.message(), "Max complexity value must be greater than zero"); + } +} diff --git a/ballerina/tests/service.bal b/ballerina/tests/service.bal index f353d8972..9a32f67f4 100644 --- a/ballerina/tests/service.bal +++ b/ballerina/tests/service.bal @@ -14,7 +14,7 @@ // specific language governing permissions and limitations // under the License. -Service testService = service object { +final isolated Service testService = isolated service object { isolated resource function get greet() returns string { return "Hello"; } diff --git a/docs/spec/spec.md b/docs/spec/spec.md index b1c94e729..c490914b4 100644 --- a/docs/spec/spec.md +++ b/docs/spec/spec.md @@ -4163,7 +4163,7 @@ Due to [a limitation](https://github.com/ballerina-platform/ballerina-lang/issue The introspection queries will have the `defaultFieldComplexity` per each field. This cannot be overridden. -> **Note:** When the maximum query complexity value is set to a lower value, tools such as GraphiQL may fail to generate the schema from the service due the introspection query complexity exceeding the maximum query complexity value. The complexity value of the introspection query from the GrapihQL client is 23 (assuming the default field complexity value is 1). In such cases, the testings can be done by either increasing the threshold value or using the `warnOnly` mode. +> **Note:** When the maximum query complexity value is set to a lower value, tools such as GraphiQL may fail to generate the schema from the service due the introspection query complexity exceeding the maximum query complexity value. The complexity value of the introspection query from the GraphiQL client is 23 (assuming the default field complexity value is 1). In such cases, the testings can be done by either increasing the threshold value or using the `warnOnly` mode. ##### 10.9.1.3 Response for Invalid Document with Exceeding Max Query Complexity