diff options
author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-10-29 18:58:28 +0300 |
---|---|---|
committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-10-29 18:58:28 +0300 |
commit | 8d0b026ac70cbb52afbf0d61b88925c5d1d33d94 (patch) | |
tree | 760a015e6ada293e16dd9e5eedef0e7a2817bef0 /app | |
parent | 5f35cbdd109db2505c0597994dbc8c139014b40b (diff) | |
parent | 5be0a9fe4d7be65b4d3d98897372a46213216bd4 (diff) |
Merge branch 'security-64519-nested-graphql-query-can-cause-denial-of-service' into 'master'
Nested GraphQL query with circular relationship can cause Denial of Service
See merge request gitlab/gitlabhq!3360
Diffstat (limited to 'app')
-rw-r--r-- | app/graphql/gitlab_schema.rb | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/app/graphql/gitlab_schema.rb b/app/graphql/gitlab_schema.rb index 4c8612c8f2e..1899278ff3c 100644 --- a/app/graphql/gitlab_schema.rb +++ b/app/graphql/gitlab_schema.rb @@ -18,15 +18,15 @@ class GitlabSchema < GraphQL::Schema use Gitlab::Graphql::GenericTracing query_analyzer Gitlab::Graphql::QueryAnalyzers::LoggerAnalyzer.new - - query(Types::QueryType) - - default_max_page_size 100 + query_analyzer Gitlab::Graphql::QueryAnalyzers::RecursionAnalyzer.new max_complexity DEFAULT_MAX_COMPLEXITY max_depth DEFAULT_MAX_DEPTH - mutation(Types::MutationType) + query Types::QueryType + mutation Types::MutationType + + default_max_page_size 100 class << self def multiplex(queries, **kwargs) |