Merge branch 'security-64519-circular-graphql-queries-12-2' into '12-2-stable'

Nested GraphQL query with circular relationship can cause Denial of Service See merge request gitlab/gitlabhq!3385
author: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2019-10-24 21:54:10 +0300
committer: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2019-10-24 21:54:10 +0300
commit: 64c028b6f886ada11ac695875fdbe48ac98e1d96 (patch)
tree: c78df828be3bee3475c4e114c8f4c671ba5ca105 /app
parent: 97dfa40ae21b9155e942fabf7a1d2457176d0f48 (diff)
parent: 6a836620037c9392dfe4c20306f6522d3e043dfd (diff)
1 files changed, 5 insertions, 5 deletions
diff --git a/app/graphql/gitlab_schema.rb b/app/graphql/gitlab_schema.rb
index 7edd14e48f7..c49c4d937c6 100644
--- a/app/graphql/gitlab_schema.rb
+++ b/app/graphql/gitlab_schema.rb
@@ -18,15 +18,15 @@ class GitlabSchema < GraphQL::Schema
   use Gitlab::Graphql::GenericTracing
 
   query_analyzer Gitlab::Graphql::QueryAnalyzers::LoggerAnalyzer.new
-
-  query(Types::QueryType)
-
-  default_max_page_size 100
+  query_analyzer Gitlab::Graphql::QueryAnalyzers::RecursionAnalyzer.new
 
   max_complexity DEFAULT_MAX_COMPLEXITY
   max_depth DEFAULT_MAX_DEPTH
 
-  mutation(Types::MutationType)
+  query Types::QueryType
+  mutation Types::MutationType
+
+  default_max_page_size 100
 
   class << self
     def multiplex(queries, **kwargs)
author	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2019-10-24 21:54:10 +0300
committer	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2019-10-24 21:54:10 +0300
commit	64c028b6f886ada11ac695875fdbe48ac98e1d96 (patch)
tree	c78df828be3bee3475c4e114c8f4c671ba5ca105 /app
parent	97dfa40ae21b9155e942fabf7a1d2457176d0f48 (diff)
parent	6a836620037c9392dfe4c20306f6522d3e043dfd (diff)