proposal:embed graphql-parser as a secure graphql parser for multiple languages

Question

proposal:embed graphql-parser as a secure graphql parser for multiple languages

devkral opened this issue 2 years ago · 3 comments

Currently the reference implementation and python graphql-core have a stack problem (this project most probably too, but easily fixable via the generator hack, see graphql-core issue) and the evaluation of graphql strings is slow (performance bottleneck which could be used for a ddos):

You can specify highly nested graphs and the parser crashes before any security software can evaluate the tree.

See issue:

So my idea is to fix the projects properly by replacing their parsers with a high performance graphql string parser. And this could be something like this project.

Are you interested in this idea?

Given that I have no rust knowledge yet I would need some guidance should we start the project. Also it would require some coordination between the three projects (not sure how this can be handled).

Answer 1 · 2024-07-11T22:30:25.000Z

I think we would take PRs to expose and test the crate via other languages (using something like Neon for JS for example) but it is not a priority for us.

Answer 2 · 2024-12-03T22:40:00.000Z

I'm going to close this as it is not actionable, but we would love PRs that add support for other langs!

Answer 3 · 2024-12-06T07:44:25.000Z

actually there is one approach. But I have no time, so far future. Just close it.