Package graphql.introspection
Class GoodFaithIntrospection
- java.lang.Object
-
- graphql.introspection.GoodFaithIntrospection
-
@PublicApi public class GoodFaithIntrospection extends java.lang.Object
ThisInstrumentation
ensure that a submitted introspection query is done in good faith.There are attack vectors where a crafted introspection query can cause the engine to spend too much time producing introspection data. This is especially true on large schemas with lots of types and fields.
Schemas form a cyclic graph and hence it's possible to send in introspection queries that can reference those cycles and in large schemas this can be expensive and perhaps a "denial of service".
This instrumentation only allows one __schema field or one __type field to be present, and it does not allow the `__Type` fields to form a cycle, i.e., that can only be present once. This allows the standard and common introspection queries to work so tooling such as graphiql can work.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
GoodFaithIntrospection.BadFaithIntrospectionError
-
Field Summary
Fields Modifier and Type Field Description private static java.util.Map<FieldCoordinates,java.lang.Integer>
ALLOWED_FIELD_INSTANCES
private static java.util.concurrent.atomic.AtomicBoolean
ENABLED_STATE
static java.lang.String
GOOD_FAITH_INTROSPECTION_DISABLED
Placing a boolean value under this key in the per requestGraphQLContext
will enable or disable Good Faith Introspection on that request.
-
Constructor Summary
Constructors Constructor Description GoodFaithIntrospection()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static java.util.Optional<ExecutionResult>
checkIntrospection(ExecutionContext executionContext)
static boolean
enabledJvmWide(boolean flag)
This allows you to disable good faith introspection, which is on by default.static boolean
isEnabledJvmWide()
private static boolean
isIntrospectionEnabled(GraphQLContext graphQlContext)
-
-
-
Field Detail
-
GOOD_FAITH_INTROSPECTION_DISABLED
public static final java.lang.String GOOD_FAITH_INTROSPECTION_DISABLED
Placing a boolean value under this key in the per requestGraphQLContext
will enable or disable Good Faith Introspection on that request.- See Also:
- Constant Field Values
-
ENABLED_STATE
private static final java.util.concurrent.atomic.AtomicBoolean ENABLED_STATE
-
ALLOWED_FIELD_INSTANCES
private static final java.util.Map<FieldCoordinates,java.lang.Integer> ALLOWED_FIELD_INSTANCES
-
-
Method Detail
-
isEnabledJvmWide
public static boolean isEnabledJvmWide()
- Returns:
- true if good faith introspection is enabled
-
enabledJvmWide
public static boolean enabledJvmWide(boolean flag)
This allows you to disable good faith introspection, which is on by default.- Parameters:
flag
- the desired state- Returns:
- the previous state
-
checkIntrospection
public static java.util.Optional<ExecutionResult> checkIntrospection(ExecutionContext executionContext)
-
isIntrospectionEnabled
private static boolean isIntrospectionEnabled(GraphQLContext graphQlContext)
-
-