graphql-relay-walker 0.0.4 → 0.0.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/graphql-relay-walker.gemspec +1 -1
- data/lib/graphql/relay/walker/query_builder.rb +23 -2
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6de0c51ff60413dd168b78817b850da65acd9031
|
4
|
+
data.tar.gz: d8d21b0df733e6b3e156b938b1ecf4a22c0133bb
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1f1d459b0349f433f5162f0db0a03e5cff04981ee99ab8fe434fbf139794bf983e42894ed3616cd2b9ec8e1af4b43af4d2286ed5367a1b862e6f15d1e4b407f6
|
7
|
+
data.tar.gz: d8a7f386dc179ce4af896d571f6aeb414180ce5e2e61f734755a06e638a7bf95d08a672dfeda29e86f0998ec2a1ca1baaf4f7a475b7b4a11952cf72854508659
|
@@ -1,6 +1,6 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
s.name = "graphql-relay-walker"
|
3
|
-
s.version = "0.0.
|
3
|
+
s.version = "0.0.5"
|
4
4
|
s.licenses = ["MIT"]
|
5
5
|
s.summary = "A tool for traversing your GraphQL schema to proactively detect potential data access vulnerabilities."
|
6
6
|
s.authors = ["Ben Toews"]
|
@@ -76,7 +76,7 @@ module GraphQL::Relay::Walker
|
|
76
76
|
# created AST was invalid for having no selections.
|
77
77
|
def inline_fragment_ast(type, with_children: true)
|
78
78
|
make(GraphQL::Language::Nodes::InlineFragment) do |if_ast|
|
79
|
-
if_ast.type = type.name
|
79
|
+
if_ast.type = make_type_name_node(type.name)
|
80
80
|
|
81
81
|
if with_children
|
82
82
|
type.all_fields.each do |field|
|
@@ -106,7 +106,7 @@ module GraphQL::Relay::Walker
|
|
106
106
|
|
107
107
|
# Bail unless we have the required arguments.
|
108
108
|
return unless field.arguments.reject do |_, arg|
|
109
|
-
arg.type
|
109
|
+
valid_input?(arg.type, nil)
|
110
110
|
end.all? do |name, _|
|
111
111
|
arguments.key?(name)
|
112
112
|
end
|
@@ -243,5 +243,26 @@ module GraphQL::Relay::Walker
|
|
243
243
|
def random_alias
|
244
244
|
6.times.map { (SecureRandom.random_number(26) + 97).chr }.join
|
245
245
|
end
|
246
|
+
|
247
|
+
if GraphQL::VERSION >= "1.1.0"
|
248
|
+
def valid_input?(type, input)
|
249
|
+
allow_all = GraphQL::Schema::Warden.new(schema, ->(_) { false })
|
250
|
+
type.valid_input?(input, allow_all)
|
251
|
+
end
|
252
|
+
else
|
253
|
+
def valid_input?(type, input)
|
254
|
+
type.valid_input?(input)
|
255
|
+
end
|
256
|
+
end
|
257
|
+
|
258
|
+
if GraphQL::VERSION >= "1.0.0"
|
259
|
+
def make_type_name_node(type_name)
|
260
|
+
GraphQL::Language::Nodes::TypeName.new(name: type_name)
|
261
|
+
end
|
262
|
+
else
|
263
|
+
def make_type_name_node(type_name)
|
264
|
+
type_name
|
265
|
+
end
|
266
|
+
end
|
246
267
|
end
|
247
268
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: graphql-relay-walker
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ben Toews
|
@@ -102,7 +102,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
102
102
|
version: '0'
|
103
103
|
requirements: []
|
104
104
|
rubyforge_project:
|
105
|
-
rubygems_version: 2.
|
105
|
+
rubygems_version: 2.5.1
|
106
106
|
signing_key:
|
107
107
|
specification_version: 4
|
108
108
|
summary: A tool for traversing your GraphQL schema to proactively detect potential
|