From 54cef3ddcdd3c5e106f8347ccd8afd9bbb8bdb44 Mon Sep 17 00:00:00 2001 From: TSH96 Date: Sat, 7 Aug 2021 16:47:14 +0800 Subject: [PATCH 1/2] Bypass complexity limit on __Schema queries. --- complexity/complexity.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/complexity/complexity.go b/complexity/complexity.go index 1877aae5fbd..e3ecf7612d5 100644 --- a/complexity/complexity.go +++ b/complexity/complexity.go @@ -26,6 +26,11 @@ func (cw complexityWalker) selectionSetComplexity(selectionSet ast.SelectionSet) switch s := selection.(type) { case *ast.Field: fieldDefinition := cw.schema.Types[s.Definition.Type.Name()] + + if fieldDefinition.Name == "__Schema" { + continue + } + var childComplexity int switch fieldDefinition.Kind { case ast.Object, ast.Interface, ast.Union: From 5adb73bbba5375f07cd21d1fe498c6a252b6f933 Mon Sep 17 00:00:00 2001 From: TSH96 Date: Sat, 7 Aug 2021 17:04:30 +0800 Subject: [PATCH 2/2] add bypass __schema field test case --- graphql/handler/extension/complexity_test.go | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/graphql/handler/extension/complexity_test.go b/graphql/handler/extension/complexity_test.go index b5c9bf99f28..e533403e1a5 100644 --- a/graphql/handler/extension/complexity_test.go +++ b/graphql/handler/extension/complexity_test.go @@ -95,6 +95,16 @@ func TestFixedComplexity(t *testing.T) { require.Equal(t, 2, stats.ComplexityLimit) require.Equal(t, 4, stats.Complexity) }) + + t.Run("bypass __schema field", func(t *testing.T) { + h.SetCalculatedComplexity(4) + resp := doRequest(h, "POST", "/graphql", `{ "operationName":"IntrospectionQuery", "query":"query IntrospectionQuery { __schema { queryType { name } mutationType { name }}}"}`) + require.Equal(t, http.StatusOK, resp.Code, resp.Body.String()) + require.Equal(t, `{"data":{"name":"test"}}`, resp.Body.String()) + + require.Equal(t, 2, stats.ComplexityLimit) + require.Equal(t, 0, stats.Complexity) + }) } func doRequest(handler http.Handler, method string, target string, body string) *httptest.ResponseRecorder {