#graphql #depth #limit #query #analysis #validation #verify

graphql_depth_limit

A small lib for graphql depth limit analysis on graphql queries

2 releases

0.1.2 Apr 30, 2020
0.1.1 Feb 3, 2020
0.1.0 Feb 3, 2020

#895 in HTTP server

MIT/Apache

13KB
205 lines

graphql_depth_limit

Crate

A graphql depth limit validation in Rust inspired by graphql_depth_limit

Add this to your Cargo.toml:

[dependencies]
graphql_depth_limit = "0.1.1"

and this to your crate root (if you're using Rust 2015):

extern crate graphql_depth_limit;

Here's a simple example for verification of a graphql query:

use graphql_depth_limit::QueryDepthAnalyzer;

fn main() {
    let query = r#"
                query {
                  a {
                    b {
                      c
                    }
                  }
                }
            "#;
    let depth = match QueryDepthAnalyzer::new(query, vec![], |_a, _b| true) {
        Ok(validator) => validator.verify(5),
        Err(val) => Err(DepthLimitError::Parse(val))
    };
    asssert_eq!(depth.ok()?, 3);
}

lib.rs:

Utilites for graphql query depth analysis

graphql_depth_limit provide utilities for easy identification of possible malicious queries (high depth).

Quick Start

example

use graphql_depth_limit::QueryDepthAnalyzer;

let query = r#"
    query {
        hello {
            world
        }
    }
"#;
let analyzer = QueryDepthAnalyzer::new(query, vec![], |_a, _b| true).unwrap();
let verify_result = analyzer.verify(5);

Dependencies

~1.5MB
~27K SLoC