Summary
A query depth restriction using the max-depth property can be bypassed if ignoreIntrospection is enabled (which is the default configuration) by naming your query/fragment __schema.
Details
At the start of the countDepth function, we have the following check for the ignoreIntrospection option:
if (this.config.ignoreIntrospection && 'name' in node && node.name?.value === '__schema') {
return 0;
}
However, the node can be one of: FieldNode, FragmentDefinitionNode, InlineFragmentNode, OperationDefinitionNode, FragmentSpreadNode.
For example, consider sending the following query:
query hello {
books {
title
}
}
This would create an OperationDefinitionNode where node.name.value == 'hello'
The proper way to handle this is to check explicitly for the __schema field, which corresponds to a FieldNode.
The fix is
if (
this.config.ignoreIntrospection &&
'name' in node &&
node.name?.value === '__schema' &&
node.kind === Kind.FIELD
) {
return 0;
}
This ensures that the node is explicitly a FieldNode.
PoC
Max depth: 6
query {
books {
author {
books {
author {
...__schema
}
}
}
}
}
fragment __schema on Author {
books {
title
}
}
Impact
This issue affects applications using the GraphQL Armor Depth Limit plugin with ignoreIntrospection enabled.
Fix
This is fixed in PR#823
References
Summary
A query depth restriction using the
max-depthproperty can be bypassed ifignoreIntrospectionis enabled (which is the default configuration) by naming your query/fragment__schema.Details
At the start of the
countDepthfunction, we have the following check for theignoreIntrospectionoption:However, the
nodecan be one of:FieldNode,FragmentDefinitionNode,InlineFragmentNode,OperationDefinitionNode,FragmentSpreadNode.For example, consider sending the following query:
This would create an
OperationDefinitionNodewherenode.name.value == 'hello'The proper way to handle this is to check explicitly for the
__schemafield, which corresponds to aFieldNode.The fix is
This ensures that the node is explicitly a
FieldNode.PoC
Max depth:
6Impact
This issue affects applications using the GraphQL Armor Depth Limit plugin with
ignoreIntrospectionenabled.Fix
This is fixed in PR#823
References