Merge branch 'security-64519-circular-graphql-queries-12-4' into '12-4-stable'

Nested GraphQL query with circular relationship can cause Denial of Service See merge request gitlab/gitlabhq!3492
author: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2019-10-24 21:53:10 +0300
committer: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2019-10-24 21:53:10 +0300
commit: a6adb3368418e9c70b164428e7c9c654aaa11047 (patch)
tree: 020873ff16f6ab06d33b33e2331916364440151c /app
parent: bbe8516749088fd3be303b40eb40f0757ecc99d6 (diff)
parent: 77f685a883fec59a74efd3ca0138f31347c74e26 (diff)
1 files changed, 5 insertions, 5 deletions
diff --git a/app/graphql/gitlab_schema.rb b/app/graphql/gitlab_schema.rb
index 4c8612c8f2e..1899278ff3c 100644
--- a/app/graphql/gitlab_schema.rb
+++ b/app/graphql/gitlab_schema.rb
@@ -18,15 +18,15 @@ class GitlabSchema < GraphQL::Schema
   use Gitlab::Graphql::GenericTracing
 
   query_analyzer Gitlab::Graphql::QueryAnalyzers::LoggerAnalyzer.new
-
-  query(Types::QueryType)
-
-  default_max_page_size 100
+  query_analyzer Gitlab::Graphql::QueryAnalyzers::RecursionAnalyzer.new
 
   max_complexity DEFAULT_MAX_COMPLEXITY
   max_depth DEFAULT_MAX_DEPTH
 
-  mutation(Types::MutationType)
+  query Types::QueryType
+  mutation Types::MutationType
+
+  default_max_page_size 100
 
   class << self
     def multiplex(queries, **kwargs)
author	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2019-10-24 21:53:10 +0300
committer	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2019-10-24 21:53:10 +0300
commit	a6adb3368418e9c70b164428e7c9c654aaa11047 (patch)
tree	020873ff16f6ab06d33b33e2331916364440151c /app
parent	bbe8516749088fd3be303b40eb40f0757ecc99d6 (diff)
parent	77f685a883fec59a74efd3ca0138f31347c74e26 (diff)