Port MaxIntrospectionDepthRule from graphql-js (#904)

* https://github.com/graphql/graphql-js/blob/v17.0.0-alpha.7/src/validation/rules/MaxIntrospectionDepthRule.ts
* https://github.com/graphql/graphql-js/blob/v17.0.0-alpha.7/src/validation/__tests__/MaxIntrospectionDepthRule-test.ts

Without this rule, a malicious client could cause huge introspection responses
that grow exponentially with the list nesting level in the query.

Instead of a validation rule, this check is performed as part of
`SchemaIntrospectionSplit::split`.
graphql-js allows users to disable or enable specific validation rules,
with max introspection depth being part of "recommended" rules.
apollo-compiler does not have this mechanism, so `document.validate()`
always performs validation as per the GraphQL spec.

The depth limit is hard-coded to 3, and applied to specific intropsection fields
that matches graphql-js.
graphql-js code has a comment about counting all list fields.
When I tried that, a "normal" introspection query was rejected
because `__schema.types[list].field[list].args[list]` reaches depth 3.

Author: SimonSapin

crates/apollo-compiler/CHANGELOG.md

@@ -28,8 +28,14 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
   and matches their definition order in the schema.
   This helps fuzzing, where the same entropy source should generate the same test case.
 
+## Features
+
+- **Port MaxIntrospectionDepthRule from graphql-js - [SimonSapin] in [pull/904].**
+  This limits list nesting in introspection query which can cause very large responses.
+
 [SimonSapin]: https://github.com/SimonSapin
 [pull/898]: https://github.com/apollographql/apollo-rs/pull/898
+[pull/904]: https://github.com/apollographql/apollo-rs/pull/904
 
 
 # [1.0.0-beta.20](https://crates.io/crates/apollo-compiler/1.0.0-beta.20) - 2024-07-30

crates/apollo-compiler/src/execution/introspection_execute.rs

@@ -6,6 +6,7 @@ use crate::execution::engine::ExecutionMode;
 use crate::execution::resolver::ResolvedValue;
 use crate::execution::JsonMap;
 use crate::execution::Response;
+use crate::execution::SchemaIntrospectionError;
 use crate::execution::SchemaIntrospectionSplit;
 use crate::schema;
 use crate::schema::Implementers;
@@ -23,7 +24,7 @@ use std::sync::OnceLock;
 ///
 /// [schema introspection]: https://spec.graphql.org/October2021/#sec-Schema-Introspection
 #[derive(Clone, Debug)]
-pub struct SchemaIntrospectionQuery(pub(crate) Valid<ExecutableDocument>);
+pub struct SchemaIntrospectionQuery(Valid<ExecutableDocument>);
 
 impl std::ops::Deref for SchemaIntrospectionQuery {
     type Target = Valid<ExecutableDocument>;
@@ -40,6 +41,22 @@ impl std::fmt::Display for SchemaIntrospectionQuery {
 }
 
 impl SchemaIntrospectionQuery {
+    /// Construct a `SchemaIntrospectionQuery` from a document
+    /// assumed to contain exactly one operation that only has [schema introspection] fields.
+    ///
+    /// Generally [`split`][SchemaIntrospectionSplit::split] should be used instead.
+    ///
+    /// [schema introspection]: https://spec.graphql.org/October2021/#sec-Schema-Introspection
+    #[doc(hidden)]
+    // Hidden to discourage usage, but pub to allow Router "both" mode to use legacy code
+    // for deciding what is or isn’t an introspection query.
+    pub fn assume_only_intropsection_fields(
+        document: Valid<ExecutableDocument>,
+    ) -> Result<Self, SchemaIntrospectionError> {
+        super::introspection_max_depth::check_document(&document)?;
+        Ok(Self(document))
+    }
+
     /// Execute the [schema introspection] parts of an operation
     /// and wrap a callback to execute the rest (if any).
     ///

crates/apollo-compiler/src/execution/introspection_max_depth.rs

@@ -0,0 +1,53 @@
+use crate::executable::Selection;
+use crate::executable::SelectionSet;
+use crate::execution::introspection_split::get_fragment;
+use crate::execution::SchemaIntrospectionError;
+use crate::validation::Valid;
+use crate::ExecutableDocument;
+
+const MAX_LISTS_DEPTH: u32 = 3;
+
+pub(crate) fn check_document(
+    document: &Valid<ExecutableDocument>,
+) -> Result<(), SchemaIntrospectionError> {
+    for operation in document.operations.iter() {
+        let initial_depth = 0;
+        check_selection_set(document, initial_depth, &operation.selection_set)?;
+    }
+    Ok(())
+}
+
+fn check_selection_set(
+    document: &Valid<ExecutableDocument>,
+    depth_so_far: u32,
+    selection_set: &SelectionSet,
+) -> Result<(), SchemaIntrospectionError> {
+    for selection in &selection_set.selections {
+        match selection {
+            Selection::InlineFragment(inline) => {
+                check_selection_set(document, depth_so_far, &inline.selection_set)?
+            }
+            Selection::FragmentSpread(spread) => {
+                // Validation ensures that `Valid<ExecutableDocument>` does not contain fragment cycles
+                let def = get_fragment(document, &spread.fragment_name)?;
+                check_selection_set(document, depth_so_far, &def.selection_set)?
+            }
+            Selection::Field(field) => {
+                let mut depth = depth_so_far;
+                if matches!(
+                    field.name.as_str(),
+                    "fields" | "interfaces" | "possibleTypes" | "inputFields"
+                ) {
+                    depth += 1;
+                    if depth >= MAX_LISTS_DEPTH {
+                        return Err(SchemaIntrospectionError::DeeplyNestedIntrospectionList(
+                            field.name.location(),
+                        ));
+                    }
+                }
+                check_selection_set(document, depth, &field.selection_set)?
+            }
+        }
+    }
+    Ok(())
+}

crates/apollo-compiler/src/execution/introspection_split.rs

@@ -65,6 +65,7 @@ pub enum SchemaIntrospectionSplit {
 #[derive(Debug)]
 pub enum SchemaIntrospectionError {
     SuspectedValidationBug(SuspectedValidationBug),
+    DeeplyNestedIntrospectionList(Option<SourceSpan>),
     Unsupported {
         message: String,
         location: Option<SourceSpan>,
@@ -123,7 +124,9 @@ impl SchemaIntrospectionSplit {
                 .collect();
             let introspection_document =
                 make_single_operation_document(schema, document, new_operation, fragments);
-            Ok(Self::Only(SchemaIntrospectionQuery(introspection_document)))
+            Ok(Self::Only(
+                SchemaIntrospectionQuery::assume_only_intropsection_fields(introspection_document)?,
+            ))
         } else {
             let mut fragments_done = HashSet::with_hasher(Default::default());
             let mut new_documents = Split {
@@ -136,11 +139,13 @@ impl SchemaIntrospectionSplit {
                 &operation.selection_set,
             );
             Ok(Self::Both {
-                introspection_query: SchemaIntrospectionQuery(new_documents.introspection.build(
-                    schema,
-                    document,
-                    operation_selection_set.introspection,
-                )),
+                introspection_query: SchemaIntrospectionQuery::assume_only_intropsection_fields(
+                    new_documents.introspection.build(
+                        schema,
+                        document,
+                        operation_selection_set.introspection,
+                    ),
+                )?,
                 filtered_document: new_documents.other.build(
                     schema,
                     document,
@@ -244,7 +249,7 @@ fn make_single_operation_document(
         .expect("filtering a valid document should result in a valid document")
 }
 
-fn get_fragment<'doc>(
+pub(crate) fn get_fragment<'doc>(
     document: &'doc Valid<ExecutableDocument>,
     name: &Name,
 ) -> Result<&'doc Node<Fragment>, SchemaIntrospectionError> {
@@ -592,6 +597,9 @@ impl SchemaIntrospectionError {
     pub fn into_graphql_error(self, sources: &SourceMap) -> GraphQLError {
         match self {
             Self::SuspectedValidationBug(s) => s.into_graphql_error(sources),
+            Self::DeeplyNestedIntrospectionList(location) => {
+                GraphQLError::new("Maximum introspection depth exceeded", location, sources)
+            }
             Self::Unsupported { message, location } => {
                 GraphQLError::new(message, location, sources)
             }

crates/apollo-compiler/src/execution/mod.rs

@@ -9,6 +9,7 @@ mod resolver;
 mod engine;
 mod input_coercion;
 mod introspection_execute;
+mod introspection_max_depth;
 mod introspection_split;
 mod response;
 mod result_coercion;