Package graphql.parser

Class ParserOptions

java.lang.Object
graphql.parser.ParserOptions
@PublicApi public class ParserOptions extends Object
Options that control how the Parser behaves.

  • Nested Class Summary

    Nested Classes
    Modifier and Type
    Class
    Description
    static class 
    ParserOptions.Builder
     

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final int
    MAX_QUERY_CHARACTERS
    A graphql hacking vector is to send nonsensical queries with large tokens that contain a repeated characters that burn lots of parsing CPU time and burn memory representing a document that won't ever execute.
    static final int
    MAX_QUERY_TOKENS
    A graphql hacking vector is to send nonsensical queries with lots of tokens that burn lots of parsing CPU time and burn memory representing a document that won't ever execute.
    static final int
    MAX_RULE_DEPTH
    A graphql hacking vector is to send nonsensical queries that have lots of grammar rule depth to them which can cause stack overflow exceptions during the query parsing.
    static final int
    MAX_WHITESPACE_TOKENS
    Another graphql hacking vector is to send large amounts of whitespace in operations that burn lots of parsing CPU time and burn memory representing a document.

  • Method Summary

    Modifier and Type
    Method
    Description
    static ParserOptions
    getDefaultOperationParserOptions()
    By default, for operation parsing, the Parser will not capture ignored characters, and it will not capture line comments into AST elements .
    static ParserOptions
    getDefaultParserOptions()
    By default, the Parser will not capture ignored characters.
    static ParserOptions
    getDefaultSdlParserOptions()
    By default, for SDL parsing, the Parser will not capture ignored characters, but it will capture line comments into AST elements.
    int
    getMaxCharacters()
    A graphql hacking vector is to send nonsensical queries that contain a repeated characters that burn lots of parsing CPU time and burn memory representing a document that won't ever execute.
    int
    getMaxRuleDepth()
    A graphql hacking vector is to send nonsensical queries that have lots of rule depth to them which can cause stack overflow exceptions during the query parsing.
    int
    getMaxTokens()
    A graphql hacking vector is to send nonsensical queries that burn lots of parsing CPU time and burns memory representing a document that won't ever execute.
    int
    getMaxWhitespaceTokens()
    A graphql hacking vector is to send larges amounts of whitespace that burn lots of parsing CPU time and burn memory representing a document.
    ParsingListener
    getParsingListener()
     
    boolean
    isCaptureIgnoredChars()
    Significant memory savings can be made if we do NOT capture ignored characters, especially in SDL parsing.
    boolean
    isCaptureLineComments()
    Single-line Comments do not have any semantic meaning in GraphQL source documents, as such you may wish to ignore them.
    boolean
    isCaptureSourceLocation()
    Memory savings can be made if we do NOT set SourceLocations on AST nodes, especially in SDL parsing.
    boolean
    isReaderTrackData()
    Controls whether the underlying MultiSourceReader should track previously read data or not.
    boolean
    isRedactTokenParserErrorMessages()
    Option to redact offending tokens in parser error messages.
    static ParserOptions.Builder
    newParserOptions()
     
    static void
    setDefaultOperationParserOptions(ParserOptions options)
    By default, the Parser will not capture ignored characters or line comments.
    static void
    setDefaultParserOptions(ParserOptions options)
    By default, the Parser will not capture ignored characters.
    static void
    setDefaultSdlParserOptions(ParserOptions options)
    By default, for SDL parsing, the Parser will not capture ignored characters, but it will capture line comments into AST elements .
    ParserOptions
    transform(Consumer<ParserOptions.Builder> builderConsumer)
     

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • MAX_QUERY_CHARACTERS

      public static final int MAX_QUERY_CHARACTERS
      A graphql hacking vector is to send nonsensical queries with large tokens that contain a repeated characters that burn lots of parsing CPU time and burn memory representing a document that won't ever execute. To prevent this for most users, graphql-java sets this value to 1MB. ANTLR parsing time is linear to the number of characters presented. The more you allow the longer it takes.

      If you want to allow more, then setDefaultParserOptions(ParserOptions) allows you to change this JVM wide.

      See Also:

    • MAX_QUERY_TOKENS

      public static final int MAX_QUERY_TOKENS
      A graphql hacking vector is to send nonsensical queries with lots of tokens that burn lots of parsing CPU time and burn memory representing a document that won't ever execute. To prevent this for most users, graphql-java sets this value to 15000. ANTLR parsing time is linear to the number of tokens presented. The more you allow the longer it takes.

      If you want to allow more, then setDefaultParserOptions(ParserOptions) allows you to change this JVM wide.

      See Also:

    • MAX_WHITESPACE_TOKENS

      public static final int MAX_WHITESPACE_TOKENS
      Another graphql hacking vector is to send large amounts of whitespace in operations that burn lots of parsing CPU time and burn memory representing a document. Whitespace token processing in ANTLR is 2 orders of magnitude faster than grammar token processing however it still takes some time to happen.

      If you want to allow more, then setDefaultParserOptions(ParserOptions) allows you to change this JVM wide.

      See Also:

    • MAX_RULE_DEPTH

      public static final int MAX_RULE_DEPTH
      A graphql hacking vector is to send nonsensical queries that have lots of grammar rule depth to them which can cause stack overflow exceptions during the query parsing. To prevent this for most users, graphql-java sets this value to 500 grammar rules deep.

      If you want to allow more, then setDefaultParserOptions(ParserOptions) allows you to change this JVM wide.

      See Also:

  • Method Details

    • getDefaultParserOptions

      public static ParserOptions getDefaultParserOptions()
      By default, the Parser will not capture ignored characters. A static holds this default value in a JVM wide basis options object. Significant memory savings can be made if we do NOT capture ignored characters, especially in SDL parsing.
      Returns:
      the static default JVM value
      See Also:

    • setDefaultParserOptions

      public static void setDefaultParserOptions(ParserOptions options)
      By default, the Parser will not capture ignored characters. A static holds this default value in a JVM wide basis options object. Significant memory savings can be made if we do NOT capture ignored characters, especially in SDL parsing. So we have set this to false by default. This static can be set to true to allow the behavior of version 16.x or before.
      Parameters:
      options - - the new default JVM parser options
      See Also:

    • getDefaultOperationParserOptions

      public static ParserOptions getDefaultOperationParserOptions()
      By default, for operation parsing, the Parser will not capture ignored characters, and it will not capture line comments into AST elements . A static holds this default value for operation parsing in a JVM wide basis options object.
      Returns:
      the static default JVM value for operation parsing
      See Also:

    • setDefaultOperationParserOptions

      public static void setDefaultOperationParserOptions(ParserOptions options)
      By default, the Parser will not capture ignored characters or line comments. A static holds this default value in a JVM wide basis options object for operation parsing. This static can be set to true to allow the behavior of version 16.x or before.
      Parameters:
      options - - the new default JVM parser options for operation parsing
      See Also:

    • getDefaultSdlParserOptions

      public static ParserOptions getDefaultSdlParserOptions()
      By default, for SDL parsing, the Parser will not capture ignored characters, but it will capture line comments into AST elements. The SDL default options allow unlimited tokens and whitespace, since a DOS attack vector is not commonly available via schema SDL parsing. A static holds this default value for SDL parsing in a JVM wide basis options object.
      Returns:
      the static default JVM value for SDL parsing
      See Also:

    • setDefaultSdlParserOptions

      public static void setDefaultSdlParserOptions(ParserOptions options)
      By default, for SDL parsing, the Parser will not capture ignored characters, but it will capture line comments into AST elements . A static holds this default value for operation parsing in a JVM wide basis options object. This static can be set to true to allow the behavior of version 16.x or before.
      Parameters:
      options - - the new default JVM parser options for SDL parsing
      See Also:

    • isCaptureIgnoredChars

      public boolean isCaptureIgnoredChars()
      Significant memory savings can be made if we do NOT capture ignored characters, especially in SDL parsing. So we have set this to false by default.
      Returns:
      true if ignored chars should be captured as AST nodes

    • isCaptureSourceLocation

      public boolean isCaptureSourceLocation()
      Memory savings can be made if we do NOT set SourceLocations on AST nodes, especially in SDL parsing.
      Returns:
      true if SourceLocations should be captured as AST nodes
      See Also:

    • isCaptureLineComments

      public boolean isCaptureLineComments()
      Single-line Comments do not have any semantic meaning in GraphQL source documents, as such you may wish to ignore them.

      This option does not ignore documentation Descriptions.

      Returns:
      true if Comments should be captured as AST nodes
      See Also:

    • isReaderTrackData

      public boolean isReaderTrackData()
      Controls whether the underlying MultiSourceReader should track previously read data or not.
      Returns:
      true if MultiSourceReader should track data in memory.

    • getMaxCharacters

      public int getMaxCharacters()
      A graphql hacking vector is to send nonsensical queries that contain a repeated characters that burn lots of parsing CPU time and burn memory representing a document that won't ever execute. To prevent this for most users, graphql-java sets this value to 1MB.
      Returns:
      the maximum number of characters the parser will accept, after which an exception will be thrown.

    • getMaxTokens

      public int getMaxTokens()
      A graphql hacking vector is to send nonsensical queries that burn lots of parsing CPU time and burns memory representing a document that won't ever execute. To prevent this you can set a maximum number of parse tokens that will be accepted before an exception is thrown and the parsing is stopped.
      Returns:
      the maximum number of raw tokens the parser will accept, after which an exception will be thrown.

    • getMaxWhitespaceTokens

      public int getMaxWhitespaceTokens()
      A graphql hacking vector is to send larges amounts of whitespace that burn lots of parsing CPU time and burn memory representing a document. To prevent this you can set a maximum number of whitespace parse tokens that will be accepted before an exception is thrown and the parsing is stopped.
      Returns:
      the maximum number of raw whitespace tokens the parser will accept, after which an exception will be thrown.

    • getMaxRuleDepth

      public int getMaxRuleDepth()
      A graphql hacking vector is to send nonsensical queries that have lots of rule depth to them which can cause stack overflow exceptions during the query parsing. To prevent this you can set a value that is the maximum depth allowed before an exception is thrown and the parsing is stopped.
      Returns:
      the maximum token depth the parser will accept, after which an exception will be thrown.

    • isRedactTokenParserErrorMessages

      public boolean isRedactTokenParserErrorMessages()
      Option to redact offending tokens in parser error messages. By default, the parser will include the offending token in the error message, if possible.
      Returns:
      true if the token parser messages should be redacted

    • getParsingListener

      public ParsingListener getParsingListener()

    • transform

      public ParserOptions transform(Consumer<ParserOptions.Builder> builderConsumer)

    • newParserOptions

      public static ParserOptions.Builder newParserOptions()