graphql-relay-walker 0.0.2 → 0.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: fea740ed6a86f1decc0f7ae7b45e47700d6a3044
-  data.tar.gz: 48376d689c94bc25f00c14364fc7eab80830187f
+  metadata.gz: a59fafdca23458e2d2d7c5a057904ef2a2382878
+  data.tar.gz: 8091a0d978843a5e39acf8337a4e6cb30d83491c
 SHA512:
-  metadata.gz: 0469065f8d67ce7ce96517e8e63b20a582d5aadb49ac6ee9b752e4b576f4e8f7db97f8a32f114b2f2b66297f934bad70e762d972425ba05b8d22403a04058772
-  data.tar.gz: 03ac02451d15f05153203fd9b041bb5942ffd227b7c5dc242ebbb400f8cf25e006daa1084540eb5d754b5d637d38c44f40f97d8b8bfe41a421fa5646eadaec2c
+  metadata.gz: eb354a762a31dc48448c18a05a6af5830fb4c6e3c5c20cafbfb5bd3aa2918ffe34c1fb58f9ff5f49f49b667066764c91e12b86566a23cf5f931d180f0b2ab406
+  data.tar.gz: 45ad5fb722b107c74f9825417bb25790c2137ef972871cdae6ba76401ee67ae562e0645da4beefaee78eb0d5c28cea328f81a4ded9438b9dedbe9b6aaf8e70fb

data/README.md

@@ -1,4 +1,4 @@
-# GraphQL Relay Walker
+# GraphQL Relay Walker [![Build Status](https://travis-ci.org/github/graphql-relay-walker.svg?branch=master)](https://travis-ci.org/github/graphql-relay-walker)  [![Gem Version](https://badge.fury.io/rb/graphql-relay-walker.svg)](http://badge.fury.io/rb/graphql-relay-walker)
 
 ![](https://cloud.githubusercontent.com/assets/1144197/19287829/9ce479b8-8fc0-11e6-975c-8d686e3e0783.jpg)
 
@@ -8,8 +8,8 @@
 
 You can install this library as a Ruby Gem:
 
-```bash
-gem install graphql-relay-walker
+```
+$ gem install graphql-relay-walker
 ```
 
 ## Usage
@@ -60,3 +60,55 @@ SWAPI::Client.walk(from_id: skywalker_gid) do |frame|
   frame.result
 end
 ```
+
+## Development
+
+1. Clone repository and install dependencies
+
+  ```
+  $ git clone https://github.com/github/graphql-relay-walker
+  $ cd graphql-relay-walker
+  $ bundle install
+  ```
+
+2. Run tests
+
+  ```
+  $ bundle exec rake
+  ```
+
+## Compatibility & Versioning
+
+This project is designed to work with MRI Ruby 2.2.2 or greater. It may work on other versions of Ruby.
+
+All releases adhere to strict [semantic versioning](http://semver.org). For Example, major.minor.patch-pre (aka. stick.carrot.oops-peek).
+
+## Contributions & Feedback
+
+We love community contributions! If you're planning to send us a pull request, please make sure read our [Contributing Guidelines](https://github.com/github/graphql-relay-walker/blob/master/CONTRIBUTING.md) first.
+
+Found a bug or have a question? Open up [an issue](https://github.com/github/graphql-relay-walker/issues/new).
+
+## License
+
+The MIT License (MIT)
+
+Copyright (C) 2016 GitHub, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/graphql-relay-walker.gemspec

@@ -1,8 +1,8 @@
 Gem::Specification.new do |s|
   s.name        = "graphql-relay-walker"
-  s.version     = "0.0.2"
+  s.version     = "0.0.3"
   s.licenses    = ["MIT"]
-  s.summary     = "Traverse a Relay GraphQL graph"
+  s.summary     = "A tool for traversing your GraphQL schema to proactively detect potential data access vulnerabilities."
   s.authors     = ["Ben Toews"]
   s.email       = "opensource+graphql-relay-walker@github.com"
   s.files       = %w(LICENSE.md README.md CONTRIBUTING.md CODE_OF_CONDUCT.md graphql-relay-walker.gemspec)
@@ -10,4 +10,8 @@ Gem::Specification.new do |s|
   s.homepage    = "https://github.com/github/graphql-relay-walker"
 
   s.add_dependency "graphql", "~> 0.19"
+
+  s.add_development_dependency "rake",           "~> 11.3"
+  s.add_development_dependency "rspec",          "~> 3.5"
+  s.add_development_dependency "graphql-client", "~> 0.2"
 end

data/lib/graphql/relay/walker.rb

@@ -1,3 +1,5 @@
+require "graphql"
+
 module GraphQL::Relay
   module Walker
     # Build a query that starts with a relay node and grabs the IDs of all its
@@ -13,7 +15,7 @@ module GraphQL::Relay
     # Start traversing a graph, starting from the given relay node ID.
     #
     # from_id: - The `ID!` id to start walking from.
-    # &blk     - A block to call with each Walker::Queue::Frame that is visited.
+    # &blk     - A block to call with each Walker::Frame that is visited.
     #            This block is responsible for executing a query for the frame's
     #            GID, storing the results in the frame, and enqueuing further
     #            node IDs to visit.
@@ -29,4 +31,5 @@ module GraphQL::Relay
 end
 
 require "graphql/relay/walker/queue"
+require "graphql/relay/walker/frame"
 require "graphql/relay/walker/query_builder"

data/lib/graphql/relay/walker/client_ext.rb

@@ -3,18 +3,26 @@ module GraphQL::Relay::Walker
     # Walk this client's graph from the given GID.
     #
     # from_id: - The String GID to start walking from.
-    # &blk     - A block to call with each Walker::Queue::Frame that is visited.
+    # variables: - A Hash of variables to be passed to GraphQL::Client.
+    # context: - A Hash containing context to be passed to GraphQL::Client.
+    # &blk     - A block to call with each Walker::Frame that is visited.
     #
     # Returns nothing.
-    def walk(from_id:)
+    def walk(from_id:, variables: {}, context: {})
       query_string = GraphQL::Relay::Walker.query_string(schema)
       walker_query = parse(query_string)
 
       GraphQL::Relay::Walker.walk(from_id: from_id) do |frame|
-        response = query(walker_query, variables: {"id" => frame.gid})
+        response = query(
+          walker_query,
+          variables: variables.merge({"id" => frame.gid}),
+          context: context
+        )
+
         frame.context[:response] = response
-        frame.result = response.data.to_h
+        frame.result = (response.respond_to?(:data) && response.data) ? response.data.to_h : {}
         frame.enqueue_found_gids
+
         yield(frame) if block_given?
       end
     end

data/lib/graphql/relay/walker/frame.rb

@@ -0,0 +1,51 @@
+module GraphQL::Relay::Walker
+  class Frame
+    attr_reader :queue, :gid, :parent, :context
+    attr_accessor :result
+
+    # Initialize a new Frame.
+    #
+    # queue  - The Queue that this frame belongs to.
+    # gid    - The String GID.
+    # parent - The Frame where this GID was discovered.
+    #
+    # Returns nothing.
+    def initialize(queue, gid, parent)
+      @queue   = queue
+      @gid     = gid
+      @parent  = parent
+      @context = {}
+    end
+
+    # Add each found GID to the queue.
+    #
+    # Returns nothing.
+    def enqueue_found_gids
+      found_gids.each { |gid| queue.add(child(gid)) }
+    end
+
+    # Make a new frame with the given GID and this frame as its parent.
+    #
+    # gid - The String GID to create the frame with.
+    #
+    # Returns a Frame instance.
+    def child(gid)
+      Frame.new(queue, gid, self)
+    end
+
+    # The GIDs from this frame's results.
+    #
+    # Returns an Array of GID Strings.
+    def found_gids(data=result)
+      [].tap do |ids|
+        case data
+        when Hash
+          ids.concat(Array(data["id"]))
+          ids.concat(found_gids(data.values))
+        when Array
+          data.each { |datum| ids.concat(found_gids(datum)) }
+        end
+      end
+    end
+  end
+end

data/lib/graphql/relay/walker/queue.rb

@@ -1,6 +1,7 @@
 module GraphQL::Relay::Walker
   class Queue
     attr_accessor :max_size, :random_idx
+    attr_reader   :queue, :seen
 
     # Initialize a new Queue.
     #
@@ -21,16 +22,16 @@ module GraphQL::Relay::Walker
     # Add a frame to the queue if its GID hasn't been seen already and the queue
     # hasn't exceeded its max size.
     #
-    # frame - The Queue::Frame to add to the queue.
+    # frame - The Frame to add to the queue.
     #
     # Returns true if the frame was added, false otherwise.
     def add(frame)
       return false if max_size && queue.length >= max_size
-      return false if @seen.include?(frame.gid)
+      return false if seen.include?(frame.gid)
 
-      @seen.add(frame.gid)
-      idx = random_idx ? rand(@queue.length + 1) : @queue.length
-      @queue.insert(idx, frame)
+      seen.add(frame.gid)
+      idx = random_idx ? rand(queue.length + 1) : queue.length
+      queue.insert(idx, frame)
 
       true
     end
@@ -50,58 +51,10 @@ module GraphQL::Relay::Walker
     #
     # Returns nothing.
     def each_frame
-      while frame = @queue.shift
-        yield(frame)
-      end
-    end
-  end
-
-  class Frame
-    attr_reader :queue, :gid, :parent, :context
-    attr_accessor :result
-
-    # Initialize a new Frame.
-    #
-    # queue  - The Queue that this frame belongs to.
-    # gid    - The String GID.
-    # parent - The Frame where this GID was discovered.
-    #
-    # Returns nothing.
-    def initialize(queue, gid, parent)
-      @queue   = queue
-      @gid     = gid
-      @parent  = parent
-      @context = {}
-    end
+      return enum_for(:each_frame) unless block_given?
 
-    # Add each found GID to the queue.
-    #
-    # Returns nothing.
-    def enqueue_found_gids
-      found_gids.each { |gid| queue.add(child(gid)) }
-    end
-
-    # Make a new frame with the given GID and this frame as its parent.
-    #
-    # gid - The String GID to create the frame with.
-    #
-    # Returns a Queue::Frame instance.
-    def child(gid)
-      Frame.new(queue, gid, self)
-    end
-
-    # The GIDs from this frame's results.
-    #
-    # Returns an Array of GID Strings.
-    def found_gids(data=result)
-      [].tap do |ids|
-        case data
-        when Hash
-          ids.concat(Array(data["id"]))
-          ids.concat(found_gids(data.values))
-        when Array
-          data.each { |datum| ids.concat(found_gids(datum)) }
-        end
+      while frame = queue.shift
+        yield(frame)
       end
     end
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: graphql-relay-walker
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.3
 platform: ruby
 authors:
 - Ben Toews
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-10-18 00:00:00.000000000 Z
+date: 2016-11-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: graphql
@@ -24,6 +24,48 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.19'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '11.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '11.3'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+- !ruby/object:Gem::Dependency
+  name: graphql-client
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
 description: 
 email: opensource+graphql-relay-walker@github.com
 executables: []
@@ -37,6 +79,7 @@ files:
 - graphql-relay-walker.gemspec
 - lib/graphql/relay/walker.rb
 - lib/graphql/relay/walker/client_ext.rb
+- lib/graphql/relay/walker/frame.rb
 - lib/graphql/relay/walker/query_builder.rb
 - lib/graphql/relay/walker/queue.rb
 homepage: https://github.com/github/graphql-relay-walker
@@ -59,9 +102,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5.1
+rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
-summary: Traverse a Relay GraphQL graph
+summary: A tool for traversing your GraphQL schema to proactively detect potential
+  data access vulnerabilities.
 test_files: []
-has_rdoc: