Package graphql.parser

Class ParserOptions

  • @PublicApi
public class ParserOptions
extends java.lang.Object
    Options that control how the Parser behaves.

    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description
      static class  ParserOptions.Builder  

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static int MAX_QUERY_CHARACTERS
      A graphql hacking vector is to send nonsensical queries with large tokens that contain a repeated characters that burn lots of parsing CPU time and burn memory representing a document that won't ever execute.
      static int MAX_QUERY_TOKENS
      A graphql hacking vector is to send nonsensical queries with lots of tokens that burn lots of parsing CPU time and burn memory representing a document that won't ever execute.
      static int MAX_RULE_DEPTH
      A graphql hacking vector is to send nonsensical queries that have lots of grammar rule depth to them which can cause stack overflow exceptions during the query parsing.
      static int MAX_WHITESPACE_TOKENS
      Another graphql hacking vector is to send large amounts of whitespace in operations that burn lots of parsing CPU time and burn memory representing a document.

    • Field Detail

      • MAX_QUERY_CHARACTERS

        public static final int MAX_QUERY_CHARACTERS
        A graphql hacking vector is to send nonsensical queries with large tokens that contain a repeated characters that burn lots of parsing CPU time and burn memory representing a document that won't ever execute. To prevent this for most users, graphql-java sets this value to 1MB. ANTLR parsing time is linear to the number of characters presented. The more you allow the longer it takes.

        If you want to allow more, then setDefaultParserOptions(ParserOptions) allows you to change this JVM wide.

        See Also:
        Constant Field Values

      • MAX_QUERY_TOKENS

        public static final int MAX_QUERY_TOKENS
        A graphql hacking vector is to send nonsensical queries with lots of tokens that burn lots of parsing CPU time and burn memory representing a document that won't ever execute. To prevent this for most users, graphql-java sets this value to 15000. ANTLR parsing time is linear to the number of tokens presented. The more you allow the longer it takes.

        If you want to allow more, then setDefaultParserOptions(ParserOptions) allows you to change this JVM wide.

        See Also:
        Constant Field Values

      • MAX_WHITESPACE_TOKENS

        public static final int MAX_WHITESPACE_TOKENS
        Another graphql hacking vector is to send large amounts of whitespace in operations that burn lots of parsing CPU time and burn memory representing a document. Whitespace token processing in ANTLR is 2 orders of magnitude faster than grammar token processing however it still takes some time to happen.

        If you want to allow more, then setDefaultParserOptions(ParserOptions) allows you to change this JVM wide.

        See Also:
        Constant Field Values

      • MAX_RULE_DEPTH

        public static final int MAX_RULE_DEPTH
        A graphql hacking vector is to send nonsensical queries that have lots of grammar rule depth to them which can cause stack overflow exceptions during the query parsing. To prevent this for most users, graphql-java sets this value to 500 grammar rules deep.

        If you want to allow more, then setDefaultParserOptions(ParserOptions) allows you to change this JVM wide.

        See Also:
        Constant Field Values

    • Method Detail

      • getDefaultParserOptions

        public static ParserOptions getDefaultParserOptions()
        By default, the Parser will not capture ignored characters. A static holds this default value in a JVM wide basis options object. Significant memory savings can be made if we do NOT capture ignored characters, especially in SDL parsing.
        Returns:
        the static default JVM value
        See Also:
        IgnoredChar, SourceLocation

      • setDefaultParserOptions

        public static void setDefaultParserOptions​(ParserOptions options)
        By default, the Parser will not capture ignored characters. A static holds this default value in a JVM wide basis options object. Significant memory savings can be made if we do NOT capture ignored characters, especially in SDL parsing. So we have set this to false by default. This static can be set to true to allow the behavior of version 16.x or before.
        Parameters:
        options - - the new default JVM parser options
        See Also:
        IgnoredChar, SourceLocation

      • getDefaultOperationParserOptions

        public static ParserOptions getDefaultOperationParserOptions()
        By default, for operation parsing, the Parser will not capture ignored characters, and it will not capture line comments into AST elements . A static holds this default value for operation parsing in a JVM wide basis options object.
        Returns:
        the static default JVM value for operation parsing
        See Also:
        IgnoredChar, SourceLocation

      • setDefaultOperationParserOptions

        public static void setDefaultOperationParserOptions​(ParserOptions options)
        By default, the Parser will not capture ignored characters or line comments. A static holds this default value in a JVM wide basis options object for operation parsing. This static can be set to true to allow the behavior of version 16.x or before.
        Parameters:
        options - - the new default JVM parser options for operation parsing
        See Also:
        IgnoredChar, SourceLocation

      • getDefaultSdlParserOptions

        public static ParserOptions getDefaultSdlParserOptions()
        By default, for SDL parsing, the Parser will not capture ignored characters, but it will capture line comments into AST elements. The SDL default options allow unlimited tokens and whitespace, since a DOS attack vector is not commonly available via schema SDL parsing. A static holds this default value for SDL parsing in a JVM wide basis options object.
        Returns:
        the static default JVM value for SDL parsing
        See Also:
        IgnoredChar, SourceLocation, SchemaParser

      • setDefaultSdlParserOptions

        public static void setDefaultSdlParserOptions​(ParserOptions options)
        By default, for SDL parsing, the Parser will not capture ignored characters, but it will capture line comments into AST elements . A static holds this default value for operation parsing in a JVM wide basis options object. This static can be set to true to allow the behavior of version 16.x or before.
        Parameters:
        options - - the new default JVM parser options for operation parsing
        See Also:
        IgnoredChar, SourceLocation

      • isCaptureIgnoredChars

        public boolean isCaptureIgnoredChars()
        Significant memory savings can be made if we do NOT capture ignored characters, especially in SDL parsing. So we have set this to false by default.
        Returns:
        true if ignored chars should be captured as AST nodes

      • isCaptureSourceLocation

        public boolean isCaptureSourceLocation()
        Memory savings can be made if we do NOT set SourceLocations on AST nodes, especially in SDL parsing.
        Returns:
        true if SourceLocations should be captured as AST nodes
        See Also:
        SourceLocation

      • isCaptureLineComments

        public boolean isCaptureLineComments()
        Single-line Comments do not have any semantic meaning in GraphQL source documents, as such you may wish to ignore them.

        This option does not ignore documentation Descriptions.

        Returns:
        true if Comments should be captured as AST nodes
        See Also:
        SourceLocation

      • isReaderTrackData

        public boolean isReaderTrackData()
        Controls whether the underlying MultiSourceReader should track previously read data or not.
        Returns:
        true if MultiSourceReader should track data in memory.

      • getMaxCharacters

        public int getMaxCharacters()
        A graphql hacking vector is to send nonsensical queries that contain a repeated characters that burn lots of parsing CPU time and burn memory representing a document that won't ever execute. To prevent this for most users, graphql-java sets this value to 1MB.
        Returns:
        the maximum number of characters the parser will accept, after which an exception will be thrown.

      • getMaxTokens

        public int getMaxTokens()
        A graphql hacking vector is to send nonsensical queries that burn lots of parsing CPU time and burns memory representing a document that won't ever execute. To prevent this you can set a maximum number of parse tokens that will be accepted before an exception is thrown and the parsing is stopped.
        Returns:
        the maximum number of raw tokens the parser will accept, after which an exception will be thrown.

      • getMaxWhitespaceTokens

        public int getMaxWhitespaceTokens()
        A graphql hacking vector is to send larges amounts of whitespace that burn lots of parsing CPU time and burn memory representing a document. To prevent this you can set a maximum number of whitespace parse tokens that will be accepted before an exception is thrown and the parsing is stopped.
        Returns:
        the maximum number of raw whitespace tokens the parser will accept, after which an exception will be thrown.

      • getMaxRuleDepth

        public int getMaxRuleDepth()
        A graphql hacking vector is to send nonsensical queries that have lots of rule depth to them which can cause stack overflow exceptions during the query parsing. To prevent this you can set a value that is the maximum depth allowed before an exception is thrown and the parsing is stopped.
        Returns:
        the maximum token depth the parser will accept, after which an exception will be thrown.