Commit 898efa49 authored by GitLab Release Tools Bot's avatar GitLab Release Tools Bot

Merge branch 'security-11-graphql-timeout' into 'master'

GraphQL: Add timeout to all queries

Closes #11

See merge request gitlab-org/security/gitlab!35
parents a2c83d01 90554e6e
---
title: 'GraphQL: Add timeout to all queries'
merge_request:
author:
type: security
...@@ -5,3 +5,7 @@ GraphQL::Field.accepts_definitions(authorize: GraphQL::Define.assign_metadata_ke ...@@ -5,3 +5,7 @@ GraphQL::Field.accepts_definitions(authorize: GraphQL::Define.assign_metadata_ke
GraphQL::Schema::Object.accepts_definition(:authorize) GraphQL::Schema::Object.accepts_definition(:authorize)
GraphQL::Schema::Field.accepts_definition(:authorize) GraphQL::Schema::Field.accepts_definition(:authorize)
GitlabSchema.middleware << GraphQL::Schema::TimeoutMiddleware.new(max_seconds: ENV.fetch('GITLAB_RAILS_GRAPHQL_TIMEOUT', 30).to_i) do |timeout_error, query|
Gitlab::GraphqlLogger.error(message: timeout_error.to_s, query: query.query_string, query_variables: query.provided_variables)
end
...@@ -8,6 +8,18 @@ describe 'GitlabSchema configurations' do ...@@ -8,6 +8,18 @@ describe 'GitlabSchema configurations' do
set(:project) { create(:project) } set(:project) { create(:project) }
shared_examples 'imposing query limits' do shared_examples 'imposing query limits' do
describe 'timeouts' do
context 'when timeout is reached' do
it 'shows an error' do
Timecop.scale(50000000) do # ludicrously large number because the timeout has to happen before the query even begins
subject
expect_graphql_errors_to_include /Timeout/
end
end
end
end
describe '#max_complexity' do describe '#max_complexity' do
context 'when complexity is too high' do context 'when complexity is too high' do
it 'shows an error' do it 'shows an error' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment