Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rust introspection: disable max depth rule #5978

Merged
merged 3 commits into from
Sep 10, 2024
Merged

Rust introspection: disable max depth rule #5978

merged 3 commits into from
Sep 10, 2024

Conversation

SimonSapin
Copy link
Contributor

This targets the 1.54.0 branch.

This protection against introspection queries generating huge responses was added recently in graphql-js graphql/graphql-js#4118 and ported to rust apollographql/apollo-rs#904, but is not yet present in the graphql-js version used by router-bridge.

This disables it for now from Rust introspection, in order to match the current state of JS introspection.

Adding this rule (in both implementations) can be revisited separately. In particular: the depth limit is hard-coded to 3. Is that the right number? Should it be configurable? Is the rule checking the right set of fields?

@SimonSapin
Rust intropsection: disable max depth rule
82847f6 
This protection against introspection queries generating huge responses
was added recently in graphql-js graphql/graphql-js#4118
and ported to rust apollographql/apollo-rs#904,
but is not yet present in the graphql-js version used by router-bridge.

This disables it for now from Rust introspection, in order to match
the current state of JS introspection.

Adding this rule (in both implementations) can be revisited separately.
In particular: the depth limit is hard-coded to 3. Is that the right number?
Should it be configurable? Is the rule checking the right set of fields?
@SimonSapin SimonSapin requested review from a team as code owners September 9, 2024 16:52
@router-perf
Copy link

router-perf bot commented Sep 9, 2024

CI performance tests

  • connectors-const - Connectors stress test that runs with a constant number of users
  • const - Basic stress test that runs with a constant number of users
  • demand-control-instrumented - A copy of the step test, but with demand control monitoring and metrics enabled
  • demand-control-uninstrumented - A copy of the step test, but with demand control monitoring enabled
  • enhanced-signature - Enhanced signature enabled
  • events - Stress test for events with a lot of users and deduplication ENABLED
  • events_big_cap_high_rate - Stress test for events with a lot of users, deduplication enabled and high rate event with a big queue capacity
  • events_big_cap_high_rate_callback - Stress test for events with a lot of users, deduplication enabled and high rate event with a big queue capacity using callback mode
  • events_callback - Stress test for events with a lot of users and deduplication ENABLED in callback mode
  • events_without_dedup - Stress test for events with a lot of users and deduplication DISABLED
  • events_without_dedup_callback - Stress test for events with a lot of users and deduplication DISABLED using callback mode
  • extended-reference-mode - Extended reference mode enabled
  • large-request - Stress test with a 1 MB request payload
  • no-tracing - Basic stress test, no tracing
  • reload - Reload test over a long period of time at a constant rate of users
  • step-jemalloc-tuning - Clone of the basic stress test for jemalloc tuning
  • step-local-metrics - Field stats that are generated from the router rather than FTV1
  • step-with-prometheus - A copy of the step test with the Prometheus metrics exporter enabled
  • step - Basic stress test that steps up the number of users over time
  • xlarge-request - Stress test with 10 MB request payload
  • xxlarge-request - Stress test with 100 MB request payload

@Geal Geal changed the title Rust intropsection: disable max depth rule Rust introspection: disable max depth rule Sep 10, 2024
@SimonSapin
Copy link
Contributor Author

Added a cherry-pick of #5962 to try and fix CI

@SimonSapin SimonSapin enabled auto-merge (rebase) September 10, 2024 12:34
@SimonSapin SimonSapin merged commit ef08e12 into 1.54.0 Sep 10, 2024
12 checks passed
@SimonSapin SimonSapin deleted the simon/disable-introspection-max-depth branch September 10, 2024 13:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abernix abernix abernix left review comments

@o0Ignition0o o0Ignition0o o0Ignition0o approved these changes

@Geal Geal Geal approved these changes

Assignees

@SimonSapin SimonSapin

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@SimonSapin @Geal @abernix @o0Ignition0o @bnjjj