1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
from functools import partial
from graphql.utilities import build_schema
from graphql.validation import NoSchemaIntrospectionCustomRule
from .harness import assert_validation_errors
schema = build_schema(
"""
type Query {
someQuery: SomeType
}
type SomeType {
someField: String
introspectionField: __EnumValue
}
"""
)
assert_errors = partial(
assert_validation_errors, NoSchemaIntrospectionCustomRule, schema=schema
)
assert_valid = partial(assert_errors, errors=[])
def describe_validate_prohibit_introspection_queries():
def ignores_valid_fields_including_typename():
assert_valid(
"""
{
someQuery {
__typename
someField
}
}
"""
)
def ignores_fields_not_in_the_schema():
assert_valid(
"""
{
__introspect
}
"""
)
def reports_error_when_a_field_with_an_introspection_type_is_requested():
assert_errors(
"""
{
__schema {
queryType {
name
}
}
}
""",
[
{
"message": "GraphQL introspection has been disabled,"
" but the requested query contained the field '__schema'.",
"locations": [(3, 15)],
},
{
"message": "GraphQL introspection has been disabled,"
" but the requested query contained the field 'queryType'.",
"locations": [(4, 17)],
},
],
)
def reports_error_when_a_field_with_introspection_type_is_requested_and_aliased():
assert_errors(
"""
{
s: __schema {
queryType {
name
}
}
}
""",
[
{
"message": "GraphQL introspection has been disabled,"
" but the requested query contained the field '__schema'.",
"locations": [(3, 15)],
},
{
"message": "GraphQL introspection has been disabled,"
" but the requested query contained the field 'queryType'.",
"locations": [(4, 17)],
},
],
)
def reports_error_when_using_a_fragment_with_a_field_with_an_introspection_type():
assert_errors(
"""
{
...QueryFragment
}
fragment QueryFragment on Query {
__schema {
queryType {
name
}
}
}
""",
[
{
"message": "GraphQL introspection has been disabled,"
" but the requested query contained the field '__schema'.",
"locations": [(7, 15)],
},
{
"message": "GraphQL introspection has been disabled,"
" but the requested query contained the field 'queryType'.",
"locations": [(8, 17)],
},
],
)
def reports_error_for_non_standard_introspection_fields():
assert_errors(
"""
{
someQuery {
introspectionField
}
}
""",
[
{
"message": "GraphQL introspection has been disabled, but"
" the requested query contained the field 'introspectionField'.",
"locations": [(4, 17)],
},
],
)
|
