Large schema file causes ParseCancelledException on start-up
AlasdairMacleanGlobal opened this issue · 2 comments
AlasdairMacleanGlobal commented
Description
After upgrading to version 12.0.0 of graphql-java-tools (and graphql-spring-boot-starter) large schema files fail to parse with an error:
Failed to instantiate [graphql.kickstart.tools.SchemaParser]: Factory method 'schemaParser' threw exception; nested exception is graphql.parser.ParseCancelledException: Invalid Syntax : More than 15000 parse tokens have been presented. To prevent Denial Of Service attacks, parsing has been cancelled. offending token '}' at line 4397 column 25
Expected behavior
Large schema files should be parsed without error.
Actual behavior
ParseCancelledException (see above)
Steps to reproduce the bug
git clone https://github.com/graphql-java-kickstart/samples.git
git checkout 49d2ee77610cd5fec22973f70e86aed42c66108a
cd samples
- Edit gradle.properties:
LIB_GRAPHQL_SERVLET_VER=12.0.0
LIB_GRAPHQL_SPRING_BOOT_VER=12.0.0
LIB_GRAPHQL_TOOLS_VER=12.0.0
...
- Create a large graphqls file with at least 15000 tokens (actually 15000 lines x 4 tokens):
for i in {1..15000}; do echo "interface Example$i { }" >> tools-spring-boot/src/main/resources/large.graphqls; done
- Start Spring Boot service:
./gradlew :tools-spring-boot:bootRun
- Error occurs on start-up while parsing schema
Notes:
graphql-java
has aSchemaParser
which setsmaxTokens
to INTEGER_MAX when called with a nullParseOptions
: https://github.com/graphql-java/graphql-java/blob/master/src/main/java/graphql/schema/idl/SchemaParser.java#L116graphql-java-kickstart
usesgraphql.parser.Parser
(rather thanSchemaParser
) to parse the schemas: https://github.com/graphql-java-kickstart/graphql-java-tools/blob/master/src/main/kotlin/graphql/kickstart/tools/SchemaParserBuilder.kt#L172 and callsparser.parseDocument
without passingParseOptions
, which then defaults tomaxTokens=15000
oryan-block commented
@AlasdairMacleanGlobal can you verify that this #610 solves your issue?
AlasdairMacleanGlobal commented
Looks good, thanks!