Initial field and query complexity limits58405-basic-limiting-complexity-of-graphql-queries

It makes all Types::BaseField default to a complexity of 1. Queries themselves now have limited complexity, scaled to the type of user: no user, authenticated user, or an admin user.
author: Brett Walker <bwalker@gitlab.com> 2019-03-27 15:02:25 -0500
committer: Brett Walker <bwalker@gitlab.com> 2019-04-04 08:39:30 -0500
commit: f458c561070d754cd546b07caf60dfa7ffb06293 (patch)
tree: ef4c65fb5b6767030c0c8b88223f415eabfe88be /spec/requests/api/graphql/gitlab_schema_spec.rb
parent: 815901e322b60d28983f52a7ce5e98555285bef8 (diff)
download: gitlab-ce-f458c561070d754cd546b07caf60dfa7ffb06293.tar.gz
1 files changed, 16 insertions, 0 deletions
diff --git a/spec/requests/api/graphql/gitlab_schema_spec.rb b/spec/requests/api/graphql/gitlab_schema_spec.rb
new file mode 100644
index 00000000000..708a000532b
--- /dev/null
+++ b/spec/requests/api/graphql/gitlab_schema_spec.rb
@@ -0,0 +1,16 @@
+require 'spec_helper'
+
+describe 'GitlabSchema configurations' do
+  include GraphqlHelpers
+
+  let(:project) { create(:project, :repository) }
+  let!(:query)  { graphql_query_for('project', 'fullPath' => project.full_path) }
+
+  it 'shows an error if complexity it too high' do
+    allow(GitlabSchema).to receive(:max_query_complexity).and_return 1
+
+    post_graphql(query, current_user: nil)
+
+    expect(graphql_errors.first['message']).to include('which exceeds max complexity of 1')
+  end
+end
author	Brett Walker <bwalker@gitlab.com>	2019-03-27 15:02:25 -0500
committer	Brett Walker <bwalker@gitlab.com>	2019-04-04 08:39:30 -0500
commit	f458c561070d754cd546b07caf60dfa7ffb06293 (patch)
tree	ef4c65fb5b6767030c0c8b88223f415eabfe88be /spec/requests/api/graphql/gitlab_schema_spec.rb
parent	815901e322b60d28983f52a7ce5e98555285bef8 (diff)
download	gitlab-ce-f458c561070d754cd546b07caf60dfa7ffb06293.tar.gz