@PublicApi public class GoodFaithIntrospection extends java.lang.Object
Instrumentation ensure that a submitted introspection query is done in
good faith.
There are attack vectors where a crafted introspection query can cause the engine to spend too much time producing introspection data. This is especially true on large schemas with lots of types and fields.
Schemas form a cyclic graph and hence it's possible to send in introspection queries that can reference those cycles and in large schemas this can be expensive and perhaps a "denial of service".
This instrumentation only allows one __schema field or one __type field to be present, and it does not allow the `__Type` fields to form a cycle, i.e., that can only be present once. This allows the standard and common introspection queries to work so tooling such as graphiql can work.
| Modifier and Type | Class and Description |
|---|---|
static class |
GoodFaithIntrospection.BadFaithIntrospectionError |
| Modifier and Type | Field and Description |
|---|---|
static java.lang.String |
GOOD_FAITH_INTROSPECTION_DISABLED
Placing a boolean value under this key in the per request
GraphQLContext will enable
or disable Good Faith Introspection on that request. |
| Constructor and Description |
|---|
GoodFaithIntrospection() |
| Modifier and Type | Method and Description |
|---|---|
static java.util.Optional<ExecutionResult> |
checkIntrospection(ExecutionContext executionContext) |
static boolean |
enabledJvmWide(boolean flag)
This allows you to disable good faith introspection, which is on by default.
|
static boolean |
isEnabledJvmWide() |
public static final java.lang.String GOOD_FAITH_INTROSPECTION_DISABLED
GraphQLContext will enable
or disable Good Faith Introspection on that request.public static boolean isEnabledJvmWide()
public static boolean enabledJvmWide(boolean flag)
flag - the desired statepublic static java.util.Optional<ExecutionResult> checkIntrospection(ExecutionContext executionContext)