diff options
author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-10-24 21:54:10 +0300 |
---|---|---|
committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-10-24 21:54:10 +0300 |
commit | 64c028b6f886ada11ac695875fdbe48ac98e1d96 (patch) | |
tree | c78df828be3bee3475c4e114c8f4c671ba5ca105 /app | |
parent | 97dfa40ae21b9155e942fabf7a1d2457176d0f48 (diff) | |
parent | 6a836620037c9392dfe4c20306f6522d3e043dfd (diff) |
Merge branch 'security-64519-circular-graphql-queries-12-2' into '12-2-stable'
Nested GraphQL query with circular relationship can cause Denial of Service
See merge request gitlab/gitlabhq!3385
Diffstat (limited to 'app')
-rw-r--r-- | app/graphql/gitlab_schema.rb | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/app/graphql/gitlab_schema.rb b/app/graphql/gitlab_schema.rb index 7edd14e48f7..c49c4d937c6 100644 --- a/app/graphql/gitlab_schema.rb +++ b/app/graphql/gitlab_schema.rb @@ -18,15 +18,15 @@ class GitlabSchema < GraphQL::Schema use Gitlab::Graphql::GenericTracing query_analyzer Gitlab::Graphql::QueryAnalyzers::LoggerAnalyzer.new - - query(Types::QueryType) - - default_max_page_size 100 + query_analyzer Gitlab::Graphql::QueryAnalyzers::RecursionAnalyzer.new max_complexity DEFAULT_MAX_COMPLEXITY max_depth DEFAULT_MAX_DEPTH - mutation(Types::MutationType) + query Types::QueryType + mutation Types::MutationType + + default_max_page_size 100 class << self def multiplex(queries, **kwargs) |