agoo 2.14.2 → 2.14.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +7 -0
- data/ext/agoo/gqleval.c +5 -1
- data/ext/agoo/gqlintro.c +2 -2
- data/lib/agoo/version.rb +1 -1
- data/test/graphql_test.rb +32 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 843f3aa4a15a6ab57c7ff231930405c9ca55d3a6e33da3169a0677c420195fbe
|
4
|
+
data.tar.gz: 03f6b8760c6f08c0a3f9b5f75c747b77d1d4666b00af20d7db231418dfeb3c69
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: '0684900cea98fbe812e5ae973ccd15dfaa054218340238dedfde382c535340945aea9857b98366fe52b2ff865129b299af541e940112200f2191b3b2247dfd58'
|
7
|
+
data.tar.gz: 95e68a0a7bc5a3eb8cd34b9853e8d89285ef9a1c78765bf970e80cdeb51f7f41f53db4948ca2885e29eef3fa7a6b738e015d01c4cbb25e41b2f50bac1fcb50a9
|
data/CHANGELOG.md
CHANGED
@@ -2,6 +2,13 @@
|
|
2
2
|
|
3
3
|
All changes to the Agoo gem are documented here. Releases follow semantic versioning.
|
4
4
|
|
5
|
+
## [2.14.3] - 2022-05-05
|
6
|
+
|
7
|
+
### Fixed
|
8
|
+
- Agoo now reports an error if the developer make the mistake of
|
9
|
+
building a schema that loops back on itself too many times using
|
10
|
+
fragments.
|
11
|
+
|
5
12
|
## [2.14.2] - 2022-02-22
|
6
13
|
|
7
14
|
### Fixed
|
data/ext/agoo/gqleval.c
CHANGED
@@ -21,6 +21,7 @@
|
|
21
21
|
#include "websocket.h"
|
22
22
|
|
23
23
|
#define MAX_RESOLVE_ARGS 16
|
24
|
+
#define MAX_DEPTH 100
|
24
25
|
|
25
26
|
gqlRef gql_root = NULL;
|
26
27
|
gqlType _gql_root_type = NULL;
|
@@ -273,7 +274,10 @@ gql_eval_sels(agooErr err, gqlDoc doc, gqlRef ref, gqlField field, gqlSel sels,
|
|
273
274
|
gqlSel sel;
|
274
275
|
gqlField sf = NULL;
|
275
276
|
|
276
|
-
|
277
|
+
if (MAX_DEPTH < depth) {
|
278
|
+
return agoo_err_set(err, AGOO_ERR_EVAL, "Maximum resolve depth of %d exceeded.", MAX_DEPTH);
|
279
|
+
}
|
280
|
+
depth++;
|
277
281
|
|
278
282
|
for (sel = sels; NULL != sel; sel = sel->next) {
|
279
283
|
if (NULL != field) {
|
data/ext/agoo/gqlintro.c
CHANGED
@@ -1497,13 +1497,13 @@ gql_intro_eval(agooErr err, gqlDoc doc, gqlSel sel, gqlValue result, int depth)
|
|
1497
1497
|
struct _gqlCobj obj;
|
1498
1498
|
|
1499
1499
|
if (0 == strcmp("__type", sel->name)) {
|
1500
|
-
if (
|
1500
|
+
if (2 < depth) {
|
1501
1501
|
return agoo_err_set(err, AGOO_ERR_EVAL, "__type can only be called from a query root.");
|
1502
1502
|
}
|
1503
1503
|
obj.clas = &root_class;
|
1504
1504
|
obj.ptr = NULL;
|
1505
1505
|
} else if (0 == strcmp("__schema", sel->name)) {
|
1506
|
-
if (
|
1506
|
+
if (2 < depth) {
|
1507
1507
|
return agoo_err_set(err, AGOO_ERR_EVAL, "__scheme can only be called from a query root.");
|
1508
1508
|
}
|
1509
1509
|
obj.clas = &root_class;
|
data/lib/agoo/version.rb
CHANGED
data/test/graphql_test.rb
CHANGED
@@ -458,6 +458,32 @@ fragment basic on Artist {
|
|
458
458
|
post_test(uri, body, 'application/graphql', expect)
|
459
459
|
end
|
460
460
|
|
461
|
+
def test_post_fragment_loop
|
462
|
+
uri = URI('http://localhost:6472/graphql?indent=2')
|
463
|
+
body = %^
|
464
|
+
{
|
465
|
+
artist(name:"Fazerdaze") {
|
466
|
+
...loop
|
467
|
+
}
|
468
|
+
}
|
469
|
+
|
470
|
+
fragment loop on Artist {
|
471
|
+
name
|
472
|
+
...loop
|
473
|
+
}
|
474
|
+
^
|
475
|
+
expect = %^{
|
476
|
+
"errors":[
|
477
|
+
{
|
478
|
+
"message":"Maximum resolve depth of 100 exceeded.",
|
479
|
+
"code":"eval error"
|
480
|
+
}
|
481
|
+
]
|
482
|
+
}
|
483
|
+
^
|
484
|
+
post_test(uri, body, 'application/graphql', expect, 'errors.0.timestamp')
|
485
|
+
end
|
486
|
+
|
461
487
|
def test_post_json_fragment
|
462
488
|
uri = URI('http://localhost:6472/graphql?indent=2')
|
463
489
|
body = %^{
|
@@ -1044,7 +1070,7 @@ mutation {
|
|
1044
1070
|
assert_equal(expect, content)
|
1045
1071
|
end
|
1046
1072
|
|
1047
|
-
def post_test(uri, body, content_type, expect)
|
1073
|
+
def post_test(uri, body, content_type, expect, ignore=nil)
|
1048
1074
|
uri = URI(uri)
|
1049
1075
|
req = Net::HTTP::Post.new(uri)
|
1050
1076
|
req['Accept-Encoding'] = '*'
|
@@ -1055,6 +1081,11 @@ mutation {
|
|
1055
1081
|
}
|
1056
1082
|
content = res.body
|
1057
1083
|
assert_equal('application/json', res['Content-Type'])
|
1084
|
+
unless ignore.nil?
|
1085
|
+
result = Oj.load(content, mode: :strict)
|
1086
|
+
deep_delete(result, ignore.split('.'))
|
1087
|
+
content = Oj.dump(result, indent: 2)
|
1088
|
+
end
|
1058
1089
|
assert_equal(expect, content)
|
1059
1090
|
end
|
1060
1091
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: agoo
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.14.
|
4
|
+
version: 2.14.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Peter Ohler
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-05-05 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: oj
|