You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When a crafted query is received, it significantly exhausts computing resources like the CPU, which negatively impacts response time.
What did you expect?
I expected return an error immediately.
Minimal graphql.schema and models to reproduce
$ go run github.com/99designs/gqlgen init
$ go run server.go
$ PAYLOAD=$(python3 -c "print('%s' % ('id ' * 5000))")
$ time curl \
--data-raw "{\"query\":\"query Todo { todos { $PAYLOAD } }\"}" \
--header 'Content-Type: application/json' \
--include \
--request POST \
http://localhost:8080/query
This query takes approximately 2.5 seconds to process. If the number of id is increased to 10000, the processing time increases to about 8 seconds.
The attached frame graph illustrates the system's response when the id is increased to 100000.
The validator.Validate function takes so long, that it appears unlikely to be mitigated by either the Complexity Extension or our custom Extension.
Any ideas or suggestions on how to mitigate this would be helpful.
versions
go run github.com/99designs/gqlgen version? ... v0.17.43
go version? ... go version go1.21.3 darwin/arm64
The text was updated successfully, but these errors were encountered:
What happened?
When a crafted query is received, it significantly exhausts computing resources like the CPU, which negatively impacts response time.
What did you expect?
I expected return an error immediately.
Minimal graphql.schema and models to reproduce
This query takes approximately 2.5 seconds to process. If the number of id is increased to 10000, the processing time increases to about 8 seconds.
The attached frame graph illustrates the system's response when the id is increased to
100000
.The
validator.Validate
function takes so long, that it appears unlikely to be mitigated by either the Complexity Extension or our custom Extension.Any ideas or suggestions on how to mitigate this would be helpful.
versions
go run github.com/99designs/gqlgen version
? ...v0.17.43
go version
? ...go version go1.21.3 darwin/arm64
The text was updated successfully, but these errors were encountered: