GraphQL handler blows up if request contains newline breaks

[jmartisk]

Describe the bug

When an incoming GraphQL query contains newline characters, the JSON parser that parses it blows up.

Expected behavior

Request with newlines is parsed, the newlines ignored

Actual behavior

The request processing blows up on something like

javax.json.stream.JsonParsingException: Unexpected char 10 at (line no=1, column no=19, offset=18)

where the "char 10" is a newline character

[quarkus-bot]

/cc @phillip-kruger

[hantsy]

Reproducer https://github.com/hantsy/quarkus-sandbox/blob/master/graphql-client/src/main/java/com/example/demo/JvmClient.java#L32 and related backend project https://github.com/hantsy/quarkus-sandbox/blob/master/graphql

Exception details:

2021-06-03 17:48:36,405 ERROR [io.qua.ver.htt.run.QuarkusErrorHandler] (vert.x-eventloop-thread-1) HTTP Request to /graphql failed, error id: fd62b5f7-9f93-41d6-99bf-79ce393af794-12: j
avax.json.stream.JsonParsingException: Unexpected char 10 at (line no=1, column no=19, offset=18)
        at org.glassfish.json.JsonTokenizer.unexpectedChar(JsonTokenizer.java:577)
        at org.glassfish.json.JsonTokenizer.readString(JsonTokenizer.java:165)
        at org.glassfish.json.JsonTokenizer.nextToken(JsonTokenizer.java:355)
        at org.glassfish.json.JsonParserImpl$ObjectContext.getNextEvent(JsonParserImpl.java:457)
        at org.glassfish.json.JsonParserImpl.next(JsonParserImpl.java:352)
        at org.glassfish.json.JsonParserImpl.getObject(JsonParserImpl.java:316)
        at org.glassfish.json.JsonParserImpl.getObject(JsonParserImpl.java:149)
        at org.glassfish.json.JsonReaderImpl.readObject(JsonReaderImpl.java:88)
        at io.quarkus.smallrye.graphql.runtime.SmallRyeGraphQLExecutionHandler.getJsonObjectFromBody(SmallRyeGraphQLExecutionHandler.java:161)
        at io.quarkus.smallrye.graphql.runtime.SmallRyeGraphQLExecutionHandler.handlePost(SmallRyeGraphQLExecutionHandler.java:80)
        at io.quarkus.smallrye.graphql.runtime.SmallRyeGraphQLExecutionHandler.doHandle(SmallRyeGraphQLExecutionHandler.java:62)
        at io.quarkus.smallrye.graphql.runtime.SmallRyeGraphQLAbstractHandler.handleWithIdentity(SmallRyeGraphQLAbstractHandler.java:68)
        at io.quarkus.smallrye.graphql.runtime.SmallRyeGraphQLAbstractHandler.handle(SmallRyeGraphQLAbstractHandler.java:50)
        at io.quarkus.smallrye.graphql.runtime.SmallRyeGraphQLAbstractHandler.handle(SmallRyeGraphQLAbstractHandler.java:24)
        at io.vertx.ext.web.impl.BlockingHandlerDecorator.lambda$handle$0(BlockingHandlerDecorator.java:48)
        at io.vertx.core.impl.ContextImpl.lambda$null$0(ContextImpl.java:160)
        at io.vertx.core.impl.AbstractContext.dispatch(AbstractContext.java:96)
        at io.vertx.core.impl.ContextImpl.lambda$executeBlocking$1(ContextImpl.java:158)
        at org.jboss.threads.ContextHandler$1.runWith(ContextHandler.java:18)
        at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2442)
        at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1476)
        at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
        at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
        at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
        at java.base/java.lang.Thread.run(Thread.java:831)

[jmartisk]

Ok, so the problem here is that the observed behavior is correct from the PoV of the JSON specification, which does not allow line breaks inside strings.
It works correctly even if you send a query containing line breaks, but they must not be inside a JSON string. Instead of a line break, there must be \n.

Works:

{ "query": 
        "{people {name gender}}"                                                                             
}

Does not work:

{ "query": 
        "{people { 
		name 
		gender
	  	}
	}"                                                                             
}

Unfortunately when using a Java text block, the line breaks are included in the resulting string.
So if we want to seamlessly support text blocks, even though it it is against the JSON specification, we could potentially run the incoming JSON through something that strips away the line breaks, and probably also tab characters. Stripping them from just JSON strings would be a bit more difficult, I think we could remove them from the whole JSON document, because IIUC line breaks in JSON don't play any role.
If the user needs to use a real line break or tab inside a GraphQL variable or something, they will simply use properly escaped \n or \t, that will not be stripped away.
I'll come up with a PR for this and let's see