New option to disable GraphQL schema token limit validation#1384
Conversation
… may be exceeded. Since these token limits are included as a precaution, a single setting may suffice.
|
@yholkamp thanks for creating a PR. Can you please add the same option to Gradle and SBT plugins? Thank you! |
a9e0e32 to
85737bd
Compare
…ion to SBT, Maven and Gradle plugins. This removes the previous tokenLimit as there will be a number of separate settings to configure.
85737bd to
7ecffa2
Compare
|
Apologies for the multiple pushes, the linter didn't quite agree with me. @kobylynskyi thanks for your reply, after closer inspection of the GraphQL library, my initial approach seems to be too much of a shortcut. There are 4 distinct limits that can be configured on the parser and these require different values to be useful. The library imposes these to avoid scenarios where its used to process GraphQL queries on a server, which is very different from the purpose here. In order to make the plugin easy to use for the typical user, I've adjusted my changes to add a setting that skips this validation, while allowing it to be enabled when that's considered to be relevant. I'm hoping you'll agree with that approach. |
kobylynskyi
left a comment
There was a problem hiding this comment.
@yholkamp thanks for the changes! Agree with your approach to disable the validation completely as too many users of this plugin really want this feature to be disabled.
|
@yholkamp thanks for working on this! Will be included in 5.9.0 release |
Description
Related to #1265: This PR adds a way to configure the maximum number of GraphQL grammar tokens the parser will process before throwing a 'denial of service' prevention warning. While Gradle users can easily override this, with Maven this does not appear to be feasible.
Changes were made to: