graphql-relay-walker 0.0.9 → 0.0.10

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 896d2d911c957131bf995af6b4f3ff7492b5843f
-  data.tar.gz: 28d64374d66aee62b98d2093ea53f261b0eedec5
+  metadata.gz: f313210bb570cb222d880fe8366826dac2a67dfa
+  data.tar.gz: 526a75f19efffb79fa3daba6cf232bc4ce198e17
 SHA512:
-  metadata.gz: 2fc2d1536fb4af5c663ee5433092475d9d938b762916edacf50447a41a8d0eaac130cd57661235ae1a2fd21ce0025efb6819710ade5585333253647c69757d69
-  data.tar.gz: 2f22277a8fa6b4e1d00db3d328412db8358ebd0cf107e09ad25b95a692faee6c7f29abcb41d627e1ee6cf3b13c60cde0c809ed054fc2b0e8fdb1d3eaec9e4d77
+  metadata.gz: d22c84ebd382d999c204f193350899d8c41c96f20c5f001e21470710c098c0183dc7b2113629de97d06eb3d27c603ded7b00aa615a756ec095025e56bd55346e
+  data.tar.gz: 8e3f30ceeb5280e995eb6dc618148dada50b0a17d5a0d73220e6b220df805fb5258d3f710d650325f584d14bf1fdd6678b224f18f8e74162f1341db9695e54f4

data/graphql-relay-walker.gemspec

@@ -1,17 +1,17 @@
 Gem::Specification.new do |s|
-  s.name        = "graphql-relay-walker"
-  s.version     = "0.0.9"
-  s.licenses    = ["MIT"]
-  s.summary     = "A tool for traversing your GraphQL schema to proactively detect potential data access vulnerabilities."
-  s.authors     = ["Ben Toews"]
-  s.email       = "opensource+graphql-relay-walker@github.com"
-  s.files       = %w(LICENSE.md README.md CONTRIBUTING.md CODE_OF_CONDUCT.md graphql-relay-walker.gemspec)
-  s.files       += Dir.glob("lib/**/*.rb")
-  s.homepage    = "https://github.com/github/graphql-relay-walker"
+  s.name        = 'graphql-relay-walker'
+  s.version     = '0.0.10'
+  s.licenses    = ['MIT']
+  s.summary     = 'A tool for traversing your GraphQL schema to proactively detect potential data access vulnerabilities.'
+  s.authors     = ['Ben Toews']
+  s.email       = 'opensource+graphql-relay-walker@github.com'
+  s.files       = %w[LICENSE.md README.md CONTRIBUTING.md CODE_OF_CONDUCT.md graphql-relay-walker.gemspec]
+  s.files += Dir.glob('lib/**/*.rb')
+  s.homepage = 'https://github.com/github/graphql-relay-walker'
 
-  s.add_dependency "graphql", ">= 0.19"
+  s.add_dependency 'graphql', '>= 0.19'
 
-  s.add_development_dependency "rake",           "~> 11.3"
-  s.add_development_dependency "rspec",          "~> 3.5"
-  s.add_development_dependency "graphql-client", "~> 0.2"
+  s.add_development_dependency 'graphql-client', '~> 0.2'
+  s.add_development_dependency 'rake',           '~> 11.3'
+  s.add_development_dependency 'rspec',          '~> 3.5'
 end

data/lib/graphql/relay/walker.rb

@@ -1,4 +1,4 @@
-require "graphql"
+require 'graphql'
 
 module GraphQL::Relay
   module Walker
@@ -8,8 +8,8 @@ module GraphQL::Relay
     # schema - The GraphQL::Schema to build a query for.
     #
     # Returns a String query.
-    def self.query_string(schema)
-      QueryBuilder.new(schema).query_string
+    def self.query_string(schema, except: nil, only: nil)
+      QueryBuilder.new(schema, except: except, only: only).query_string
     end
 
     # Start traversing a graph, starting from the given relay node ID.
@@ -26,10 +26,9 @@ module GraphQL::Relay
       queue.add_gid(from_id)
       queue.each_frame(&blk)
     end
-
   end
 end
 
-require "graphql/relay/walker/queue"
-require "graphql/relay/walker/frame"
-require "graphql/relay/walker/query_builder"
+require 'graphql/relay/walker/queue'
+require 'graphql/relay/walker/frame'
+require 'graphql/relay/walker/query_builder'

data/lib/graphql/relay/walker/client_ext.rb

@@ -8,19 +8,19 @@ module GraphQL::Relay::Walker
     # &blk     - A block to call with each Walker::Frame that is visited.
     #
     # Returns nothing.
-    def walk(from_id:, variables: {}, context: {})
-      query_string = GraphQL::Relay::Walker.query_string(schema)
+    def walk(from_id:, except: nil, only: nil, variables: {}, context: {})
+      query_string = GraphQL::Relay::Walker.query_string(schema, except: except, only: only)
       walker_query = parse(query_string)
 
       GraphQL::Relay::Walker.walk(from_id: from_id) do |frame|
         response = query(
           walker_query,
-          variables: variables.merge({"id" => frame.gid}),
+          variables: variables.merge('id' => frame.gid),
           context: context
         )
 
         frame.context[:response] = response
-        frame.result = (response.respond_to?(:data) && response.data) ? response.data.to_h : {}
+        frame.result = response.respond_to?(:data) && response.data ? response.data.to_h : {}
         frame.enqueue_found_gids
 
         yield(frame) if block_given?
@@ -30,8 +30,8 @@ module GraphQL::Relay::Walker
 end
 
 begin
-  require "graphql/relay/walker"
-  require "graphql/client"
+  require 'graphql/relay/walker'
+  require 'graphql/client'
   GraphQL::Client.send(:include, GraphQL::Relay::Walker::ClientExt)
 rescue LoadError
 end

data/lib/graphql/relay/walker/frame.rb

@@ -36,11 +36,11 @@ module GraphQL::Relay::Walker
     # The GIDs from this frame's results.
     #
     # Returns an Array of GID Strings.
-    def found_gids(data=result)
+    def found_gids(data = result)
       [].tap do |ids|
         case data
         when Hash
-          ids.concat(Array(data["id"]))
+          ids.concat(Array(data['id']))
           ids.concat(found_gids(data.values))
         when Array
           data.each { |datum| ids.concat(found_gids(datum)) }

data/lib/graphql/relay/walker/query_builder.rb

@@ -1,9 +1,9 @@
 module GraphQL::Relay::Walker
   class QueryBuilder
-    DEFAULT_ARGUMENTS = {"first" => 5}
-    BASE_QUERY = "query($id: ID!) { node(id: $id) { id } }"
+    DEFAULT_ARGUMENTS = { 'first' => 5 }.freeze
+    BASE_QUERY = 'query($id: ID!) { node(id: $id) { id } }'.freeze
 
-    attr_reader :schema, :connection_arguments, :ast
+    attr_reader :schema, :connection_arguments, :ast, :except, :only
 
     # Initialize a new QueryBuilder.
     #
@@ -12,8 +12,10 @@ module GraphQL::Relay::Walker
     #                         (optional).
     #
     # Returns nothing.
-    def initialize(schema, connection_arguments: DEFAULT_ARGUMENTS)
+    def initialize(schema, except: nil, only: nil, connection_arguments: DEFAULT_ARGUMENTS)
       @schema = schema
+      @except = except
+      @only   = only
       @connection_arguments = connection_arguments
       @ast = build_query
     end
@@ -37,13 +39,25 @@ module GraphQL::Relay::Walker
         selections = d_ast.definitions.first.selections.first.selections
 
         node_types.each do |type|
-          selections << inline_fragment_ast(type)
+          selections << inline_fragment_ast(type) if include?(type)
         end
 
         selections.compact!
       end
     end
 
+    # Private: Depending on the `except` or `include` filters,
+    # should this item be included a AST of the given type.
+    #
+    # type           - The GraphQL item to identify to make the fragment
+    #
+    # Returns a Boolean.
+    def include?(type)
+      return !@except.call(type, {}) if @except
+      return @only.call(type, {}) if @only
+      true
+    end
+
     # Private: Make a AST of the given type.
     #
     # klass             - The GraphQL::Language::Nodes::AbstractNode subclass
@@ -80,13 +94,14 @@ module GraphQL::Relay::Walker
 
         if with_children
           type.all_fields.each do |field|
-            if node_field?(field)
+            field_type = field.type.unwrap
+            if node_field?(field) && include?(field_type)
               if_ast.selections << node_field_ast(field)
-            elsif connection_field?(field)
+            elsif connection_field?(field) && include?(field_type)
               if_ast.selections << connection_field_ast(field)
             end
           end
-        elsif id = type.get_field("id")
+        elsif id = type.get_field('id')
           if_ast.selections << field_ast(id)
         end
       end
@@ -101,7 +116,7 @@ module GraphQL::Relay::Walker
     #
     # Returns a GraphQL::Language::Nodes::Field instance or nil if the created
     # AST was invalid for having no selections or missing required arguments.
-    def field_ast(field, arguments={}, &blk)
+    def field_ast(field, arguments = {}, &blk)
       type = field.type.unwrap
 
       # Bail unless we have the required arguments.
@@ -113,12 +128,12 @@ module GraphQL::Relay::Walker
 
       make(GraphQL::Language::Nodes::Field, needs_selections: !type.kind.scalar?) do |f_ast|
         f_ast.name = field.name
-        f_ast.alias = random_alias unless field.name == "id"
+        f_ast.alias = random_alias unless field.name == 'id'
         f_ast.arguments = arguments.map do |name, value|
           GraphQL::Language::Nodes::Argument.new(name: name, value: value)
         end
 
-        blk.call(f_ast, type) if blk
+        yield(f_ast, type) if blk
       end
     end
 
@@ -132,10 +147,10 @@ module GraphQL::Relay::Walker
         selections = f_ast.selections
 
         if type.kind.object?
-           selections << field_ast(type.get_field("id"))
+          selections << field_ast(type.get_field('id'))
         else
           possible_node_types(type).each do |if_type|
-             selections << inline_fragment_ast(if_type, with_children: false)
+            selections << inline_fragment_ast(if_type, with_children: false)
           end
         end
       end
@@ -148,7 +163,7 @@ module GraphQL::Relay::Walker
     # Returns a GraphQL::Language::Nodes::Field instance.
     def edges_field_ast(field)
       field_ast(field) do |f_ast, type|
-        f_ast.selections << node_field_ast(type.get_field("node"))
+        f_ast.selections << node_field_ast(type.get_field('node'))
       end
     end
 
@@ -160,7 +175,7 @@ module GraphQL::Relay::Walker
     # AST was invalid for missing required arguments.
     def connection_field_ast(field)
       field_ast(field, connection_arguments) do |f_ast, type|
-        f_ast.selections << edges_field_ast(type.get_field("edges"))
+        f_ast.selections << edges_field_ast(type.get_field('edges'))
       end
     end
 
@@ -191,9 +206,9 @@ module GraphQL::Relay::Walker
     def connection_field?(field)
       type = field.type.unwrap
 
-      if edges_field = type.get_field("edges")
+      if edges_field = type.get_field('edges')
         edges = edges_field.type.unwrap
-        if node_field = edges.get_field("node")
+        if node_field = edges.get_field('node')
           return node_field?(node_field)
         end
       end
@@ -234,7 +249,7 @@ module GraphQL::Relay::Walker
     #
     # Returns a GraphQL::InterfaceType instance.
     def node_interface
-      schema.types["Node"]
+      schema.types['Node']
     end
 
     # Make a random alias for a field.
@@ -244,16 +259,16 @@ module GraphQL::Relay::Walker
       12.times.map { (SecureRandom.random_number(26) + 97).chr }.join
     end
 
-    if GraphQL::VERSION >= "1.5.6"
+    if GraphQL::VERSION >= '1.5.6'
       def valid_input?(type, input)
         type.valid_isolated_input?(input)
       end
-    elsif GraphQL::VERSION >= "1.4.0"
+    elsif GraphQL::VERSION >= '1.4.0'
       def valid_input?(type, input)
         allow_all = GraphQL::Schema::Warden.new(->(_) { false }, schema: schema, context: nil)
         type.valid_input?(input, allow_all)
       end
-    elsif GraphQL::VERSION >= "1.1.0"
+    elsif GraphQL::VERSION >= '1.1.0'
       def valid_input?(type, input)
         allow_all = GraphQL::Schema::Warden.new(schema, ->(_) { false })
         type.valid_input?(input, allow_all)
@@ -264,7 +279,7 @@ module GraphQL::Relay::Walker
       end
     end
 
-    if GraphQL::VERSION >= "1.0.0"
+    if GraphQL::VERSION >= '1.0.0'
       def make_type_name_node(type_name)
         GraphQL::Language::Nodes::TypeName.new(name: type_name)
       end

data/lib/graphql/relay/walker/queue.rb

@@ -42,7 +42,7 @@ module GraphQL::Relay::Walker
     # parent - The frame where this GID was discovered (optional).
     #
     # Returns true if a frame was added, false otherwise.
-    def add_gid(gid, parent=nil)
+    def add_gid(gid, parent = nil)
       frame = Frame.new(self, gid, parent)
       add(frame)
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: graphql-relay-walker
 version: !ruby/object:Gem::Version
-  version: 0.0.9
+  version: 0.0.10
 platform: ruby
 authors:
 - Ben Toews
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-02-27 00:00:00.000000000 Z
+date: 2018-03-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: graphql
@@ -25,47 +25,47 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0.19'
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: graphql-client
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '11.3'
+        version: '0.2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '11.3'
+        version: '0.2'
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.5'
+        version: '11.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.5'
+        version: '11.3'
 - !ruby/object:Gem::Dependency
-  name: graphql-client
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.2'
+        version: '3.5'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.2'
+        version: '3.5'
 description: 
 email: opensource+graphql-relay-walker@github.com
 executables: []
@@ -102,7 +102,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.13
+rubygems_version: 2.6.12
 signing_key: 
 specification_version: 4
 summary: A tool for traversing your GraphQL schema to proactively detect potential