Set execution depth limit for GQL #1430

oskogstad · 2024-11-10T18:14:37Z

We have the possibility for "infinite" recursion in our parties query (sub-parties)

  parties {
    subParties {
      subParties {
        subParties {
          subParties {
            ...
          }
        }
      }
    }
  }

Capping the global query depth level at 10.
(Max depth on dialogById seems to be 7)

query q {
  dialogById(dialogId: "c8147d41-936e-4124-8119-ea1add40c4b4") {
    dialog {
      transmissions {
        content {
          title {
            mediaType
            value {
              value
            }
          }
        }
      }
    }
  }
}

The text was updated successfully, but these errors were encountered:

## Description  We have the possibility for "infinite" recursion in our parties query (sub-parties) ``` parties { subParties { subParties { subParties { subParties { ... } } } } } ``` Capping the global query depth level at 10. (Max depth on dialogById seems to be 7) ``` query q { dialogById(dialogId: "c8147d41-936e-4124-8119-ea1add40c4b4") { dialog { transmissions { content { title { mediaType value { value } } } } } } } ``` ## Related Issue(s) - #1430

🤖 I have created a release *beep* *boop* --- ## [1.32.0](v1.31.0...v1.32.0) (2024-11-12) ### Features * **graphql:** Set max execution depth to 10 ([#1431](#1431)) ([8845e49](8845e49)), closes [#1430](#1430) * **performance:** create a k6 purge script to run after creating dialogs ([#1435](#1435)) ([9555d78](9555d78)) * **performance:** Expands search for serviceowners, improved tracing and logging ([#1439](#1439)) ([b1d6eaf](b1d6eaf)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).

LeifHelstad · 2024-11-22T14:28:30Z

Initiell test:
Generer et IDPortenToken med den som ligger i felles postman pid=05085301731
Kjører med denne en GET parties, noe som returnerer en "authorizedParties" med tre party på samme nivå, ingen sub parties. Initell test er kun for å bekrefte at rett kall er utført på riktig måte. Neste steg er å finne en testdata pid som har sub-parties.

LeifHelstad · 2024-11-22T14:34:37Z

Tester med en gammel kjenning fra arbeidsflate test Aktor Kjær 26818999827
Her gir GET parties 4 partiens hvorav 2 har hvert sitt subParty. Rekusrivt to nivåer av paryt er testet.
Det er capping på 10 som skal testes, hvor finner man pid-er med +10 sub-party nivåer?

LeifHelstad · 2024-11-26T13:25:37Z

Setter test-status til NA på denne. Det er innført en hard capping på 10 nivåer som skal testes. Men etter det jeg forstår går det ikke å lage testdata med mer enn 7 nivåer uten at de tas av andre regler først. Ikke mulig å teste.

oskogstad moved this to Code Review og PR in ⚠️ Dialogporten / Arbeidsflate - GAMMEL - se https://github.com/orgs/Altinn/projects/146 ⚠️ Nov 10, 2024

oskogstad added this to ⚠️ Dialogporten / Arbeidsflate - GAMMEL - se https://github.com/orgs/Altinn/projects/146 ⚠️ Nov 10, 2024

oskogstad self-assigned this Nov 10, 2024

oskogstad mentioned this issue Nov 10, 2024

feat(graphql): Set max execution depth to 10 #1431

Merged

4 tasks

oskogstad changed the title ~~Set query depth limit for GQL~~ Set execution depth limit for GQL Nov 10, 2024

dialogporten-bot mentioned this issue Nov 11, 2024

chore(main): release 1.32.0 #1436

Merged

oskogstad closed this as completed in #1436 Nov 12, 2024

github-project-automation bot moved this from Code Review og PR to Done in ⚠️ Dialogporten / Arbeidsflate - GAMMEL - se https://github.com/orgs/Altinn/projects/146 ⚠️ Nov 12, 2024

elsand added this to Dialogporten / Arbeidsflate - NY Jan 9, 2025

elsand moved this to Done in Dialogporten / Arbeidsflate - NY Jan 9, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Set execution depth limit for GQL #1430

Set execution depth limit for GQL #1430

oskogstad commented Nov 10, 2024

LeifHelstad commented Nov 22, 2024

LeifHelstad commented Nov 22, 2024

LeifHelstad commented Nov 26, 2024

Set execution depth limit for GQL #1430

Set execution depth limit for GQL #1430

Comments

oskogstad commented Nov 10, 2024

LeifHelstad commented Nov 22, 2024

LeifHelstad commented Nov 22, 2024

LeifHelstad commented Nov 26, 2024