From 48240859fe0c30c6aa3e91f1573371a50b4c27ba Mon Sep 17 00:00:00 2001 From: Steve Boyd Date: Thu, 16 Mar 2023 09:34:07 +1300 Subject: [PATCH] [CVE-2023-28104] Revert schema rebuild --- src/Schema/Storage/AbstractTypeRegistry.php | 29 +-------------------- tests/Schema/IntegrationTest.php | 2 -- 2 files changed, 1 insertion(+), 30 deletions(-) diff --git a/src/Schema/Storage/AbstractTypeRegistry.php b/src/Schema/Storage/AbstractTypeRegistry.php index 9c21d6a9..6fe312a1 100644 --- a/src/Schema/Storage/AbstractTypeRegistry.php +++ b/src/Schema/Storage/AbstractTypeRegistry.php @@ -9,10 +9,6 @@ use GraphQL\Type\Definition\ListOfType; use Exception; use SilverStripe\Core\Injector\Injector; -use SilverStripe\GraphQL\Schema\SchemaBuilder; -use SilverStripe\GraphQL\Schema\Exception\EmptySchemaException; -use SilverStripe\Control\Controller; -use SilverStripe\GraphQL\Controller as GraphQLController; abstract class AbstractTypeRegistry { @@ -25,30 +21,7 @@ abstract class AbstractTypeRegistry */ public static function get(string $typename) { - try { - return static::fromCache($typename); - } catch (Exception $e) { - if (!Controller::has_curr() || - !(Controller::curr() instanceof GraphQLController) || - !Controller::curr()->autobuildEnabled() - ) { - throw $e; - } - // Try to rebuild the whole schema as fallback. - // This is to solve mysterious edge cases where schema files do not exist when they should. - // These edge cases are more likely on multi-server environments - $dirParts = explode(DIRECTORY_SEPARATOR, static::getSourceDirectory()); - $key = $dirParts[count($dirParts) - 1]; - $builder = SchemaBuilder::singleton(); - $schema = $builder->boot($key); - try { - $builder->build($schema, true); - } catch (EmptySchemaException $e) { - // noop - } - // Attempt to return again now the schema has been rebuilt. - return static::fromCache($typename); - } + return static::fromCache($typename); } abstract protected static function getSourceDirectory(): string; diff --git a/tests/Schema/IntegrationTest.php b/tests/Schema/IntegrationTest.php index f42d1522..c8dc2491 100644 --- a/tests/Schema/IntegrationTest.php +++ b/tests/Schema/IntegrationTest.php @@ -1217,8 +1217,6 @@ private function createSchema(TestSchemaBuilder $factory): Schema // Register as the default SchemaBuilder so that any calls to // SchemaBuidler::singleton() get this TestSchemaBuilder - // This is important for the call in AbstractTypeRegisty::get() because - // otherwise a duplicate .graphql-generated folder will be created Injector::inst()->registerService($factory, SchemaBuilder::class); return $schema;