#graphql

graphql_depth_limit

A small lib for graphql depth limit analysis on graphql queries

2 releases

0.1.2 Apr 30, 2020
0.1.1 Feb 3, 2020
0.1.0 Feb 3, 2020

#196 in #graphql

Download history 13/week @ 2024-08-10 20/week @ 2024-08-17 1/week @ 2024-08-24 17/week @ 2024-08-31 14/week @ 2024-09-07 43/week @ 2024-09-14 56/week @ 2024-09-21 25/week @ 2024-09-28 47/week @ 2024-10-05 57/week @ 2024-10-12 38/week @ 2024-10-19 28/week @ 2024-10-26 9/week @ 2024-11-02 47/week @ 2024-11-16 25/week @ 2024-11-23

92 downloads per month

MIT/Apache

13KB
205 lines

graphql_depth_limit

Crate

A graphql depth limit validation in Rust inspired by graphql_depth_limit

Add this to your Cargo.toml:

[dependencies]
graphql_depth_limit = "0.1.1"

and this to your crate root (if you're using Rust 2015):

extern crate graphql_depth_limit;

Here's a simple example for verification of a graphql query:

use graphql_depth_limit::QueryDepthAnalyzer;

fn main() {
    let query = r#"
                query {
                  a {
                    b {
                      c
                    }
                  }
                }
            "#;
    let depth = match QueryDepthAnalyzer::new(query, vec![], |_a, _b| true) {
        Ok(validator) => validator.verify(5),
        Err(val) => Err(DepthLimitError::Parse(val))
    };
    asssert_eq!(depth.ok()?, 3);
}

lib.rs:

Utilites for graphql query depth analysis

graphql_depth_limit provide utilities for easy identification of possible malicious queries (high depth).

Quick Start

example

use graphql_depth_limit::QueryDepthAnalyzer;

let query = r#"
    query {
        hello {
            world
        }
    }
"#;
let analyzer = QueryDepthAnalyzer::new(query, vec![], |_a, _b| true).unwrap();
let verify_result = analyzer.verify(5);

Dependencies

~1MB
~25K SLoC