Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Limit the number of aliases within a GraphQL API request #17288

Closed
jeremystretch opened this issue Aug 28, 2024 · 0 comments
Closed

Limit the number of aliases within a GraphQL API request #17288

jeremystretch opened this issue Aug 28, 2024 · 0 comments
Assignees
@jeremystretch
Labels
complexity: low Requires minimal effort to implement status: accepted This issue has been accepted for implementation type: feature Introduction of new functionality to the application
Milestone
v4.1

Comments

@jeremystretch
Copy link
Member

NetBox version

v4.0.9

Feature type

New functionality

Proposed functionality

Employ Strawberry's MaxAliasesLimiter to limit the number of aliases defined within a single request.

Use case

Mitigates potential GraphQL API attacks which leverage computationally expensive queries.

Database changes

No response

External dependencies

No response
@jeremystretch jeremystretch added type: feature Introduction of new functionality to the application status: backlog Awaiting selection for work complexity: low Requires minimal effort to implement labels Aug 28, 2024
@jeremystretch jeremystretch self-assigned this Aug 30, 2024
@jeremystretch jeremystretch added this to the v4.1 milestone Aug 30, 2024
@jeremystretch jeremystretch added status: accepted This issue has been accepted for implementation and removed status: backlog Awaiting selection for work labels Aug 30, 2024
jeremystretch added a commit that referenced this issue Aug 30, 2024
@jeremystretch
Closes #17288: Limit the number of aliases within a GraphQL API reque…
f44fb80 
…st to 10
@jeremystretch jeremystretch mentioned this issue Aug 30, 2024
Merged
jeremystretch added a commit that referenced this issue Sep 2, 2024
@jeremystretch
Closes #17288: Limit the number of aliases within a GraphQL API reque…
56f110c 
…sts to 10 (#17329)

* Closes #17288: Limit the number of aliases within a GraphQL API request to 10

* Introduce GRAPHQL_MAX_ALIASES config parameter
@jeremystretch jeremystretch mentioned this issue Sep 3, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jeremystretch jeremystretch

Labels
complexity: low Requires minimal effort to implement status: accepted This issue has been accepted for implementation type: feature Introduction of new functionality to the application
Projects
None yet
Milestone
v4.1
Development

No branches or pull requests
1 participant
@jeremystretch