graphql-relay-walker 0.0.4 → 0.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/graphql-relay-walker.gemspec +1 -1
- data/lib/graphql/relay/walker/query_builder.rb +23 -2
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6de0c51ff60413dd168b78817b850da65acd9031
|
|
4
|
+
data.tar.gz: d8d21b0df733e6b3e156b938b1ecf4a22c0133bb
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1f1d459b0349f433f5162f0db0a03e5cff04981ee99ab8fe434fbf139794bf983e42894ed3616cd2b9ec8e1af4b43af4d2286ed5367a1b862e6f15d1e4b407f6
|
|
7
|
+
data.tar.gz: d8a7f386dc179ce4af896d571f6aeb414180ce5e2e61f734755a06e638a7bf95d08a672dfeda29e86f0998ec2a1ca1baaf4f7a475b7b4a11952cf72854508659
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
s.name = "graphql-relay-walker"
|
|
3
|
-
s.version = "0.0.
|
|
3
|
+
s.version = "0.0.5"
|
|
4
4
|
s.licenses = ["MIT"]
|
|
5
5
|
s.summary = "A tool for traversing your GraphQL schema to proactively detect potential data access vulnerabilities."
|
|
6
6
|
s.authors = ["Ben Toews"]
|
|
@@ -76,7 +76,7 @@ module GraphQL::Relay::Walker
|
|
|
76
76
|
# created AST was invalid for having no selections.
|
|
77
77
|
def inline_fragment_ast(type, with_children: true)
|
|
78
78
|
make(GraphQL::Language::Nodes::InlineFragment) do |if_ast|
|
|
79
|
-
if_ast.type = type.name
|
|
79
|
+
if_ast.type = make_type_name_node(type.name)
|
|
80
80
|
|
|
81
81
|
if with_children
|
|
82
82
|
type.all_fields.each do |field|
|
|
@@ -106,7 +106,7 @@ module GraphQL::Relay::Walker
|
|
|
106
106
|
|
|
107
107
|
# Bail unless we have the required arguments.
|
|
108
108
|
return unless field.arguments.reject do |_, arg|
|
|
109
|
-
arg.type
|
|
109
|
+
valid_input?(arg.type, nil)
|
|
110
110
|
end.all? do |name, _|
|
|
111
111
|
arguments.key?(name)
|
|
112
112
|
end
|
|
@@ -243,5 +243,26 @@ module GraphQL::Relay::Walker
|
|
|
243
243
|
def random_alias
|
|
244
244
|
6.times.map { (SecureRandom.random_number(26) + 97).chr }.join
|
|
245
245
|
end
|
|
246
|
+
|
|
247
|
+
if GraphQL::VERSION >= "1.1.0"
|
|
248
|
+
def valid_input?(type, input)
|
|
249
|
+
allow_all = GraphQL::Schema::Warden.new(schema, ->(_) { false })
|
|
250
|
+
type.valid_input?(input, allow_all)
|
|
251
|
+
end
|
|
252
|
+
else
|
|
253
|
+
def valid_input?(type, input)
|
|
254
|
+
type.valid_input?(input)
|
|
255
|
+
end
|
|
256
|
+
end
|
|
257
|
+
|
|
258
|
+
if GraphQL::VERSION >= "1.0.0"
|
|
259
|
+
def make_type_name_node(type_name)
|
|
260
|
+
GraphQL::Language::Nodes::TypeName.new(name: type_name)
|
|
261
|
+
end
|
|
262
|
+
else
|
|
263
|
+
def make_type_name_node(type_name)
|
|
264
|
+
type_name
|
|
265
|
+
end
|
|
266
|
+
end
|
|
246
267
|
end
|
|
247
268
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: graphql-relay-walker
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ben Toews
|
|
@@ -102,7 +102,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
102
102
|
version: '0'
|
|
103
103
|
requirements: []
|
|
104
104
|
rubyforge_project:
|
|
105
|
-
rubygems_version: 2.
|
|
105
|
+
rubygems_version: 2.5.1
|
|
106
106
|
signing_key:
|
|
107
107
|
specification_version: 4
|
|
108
108
|
summary: A tool for traversing your GraphQL schema to proactively detect potential
|