Avoid infinite recursion in QueryDepth validator

k0ka · web-flow · commit 7bcd31d1dcf6 · 2024-06-23T13:30:58.000+02:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,11 +9,15 @@ You can find and compare releases at the [GitHub release page](https://github.co
 
 ## Unreleased
 
+### Fixed
+
+- Avoid infinite recursion in `QueryDepth` validator https://github.com/webonyx/graphql-php/pull/1581
+
 ## v15.12.4
 
 ### Fixed
 
-- Ensure unaliasedPath does not grow for each list item https://github.com/webonyx/graphql-php/pull/1579
+- Ensure `unaliasedPath` does not grow for each list item https://github.com/webonyx/graphql-php/pull/1579
 
 ## v15.12.3
 
diff --git a/src/Validator/Rules/QueryDepth.php b/src/Validator/Rules/QueryDepth.php
@@ -15,6 +15,9 @@
 
 class QueryDepth extends QuerySecurityRule
 {
+    /** @var array<string, bool> Fragment names which are already calculated in recursion */
+    protected array $calculatedFragments = [];
+
     protected int $maxQueryDepth;
 
     /** @throws \InvalidArgumentException */
@@ -82,7 +85,14 @@ protected function nodeDepth(Node $node, int $depth = 0, int $maxDepth = 0): int
                 $fragment = $this->getFragment($node);
 
                 if ($fragment !== null) {
+                    $name = $fragment->name->value;
+                    if (isset($this->calculatedFragments[$name])) {
+                        return $this->maxQueryDepth + 1;
+                    }
+
+                    $this->calculatedFragments[$name] = true;
                     $maxDepth = $this->fieldDepth($fragment, $depth, $maxDepth);
+                    unset($this->calculatedFragments[$name]);
                 }
 
                 break;
diff --git a/tests/Validator/QueryDepthTest.php b/tests/Validator/QueryDepthTest.php
@@ -93,6 +93,12 @@ public function testTypeNameMetaFieldQuery(): void
         $this->assertTypeNameMetaFieldQuery(1);
     }
 
+    public function testInfiniteRecursion(): void
+    {
+        $query = 'query MyQuery { human { ...F1 } } fragment F1 on Human { ...F1 }';
+        $this->assertDocumentValidator($query, 7, [self::createFormattedError(7, 8)]);
+    }
+
     /** @return iterable<array{0: int, 1?: int, 2?: array<int, array<string, mixed>>}> */
     public static function queryDataProvider(): iterable
     {

Original file line number	Diff line number	Diff line change
`@@ -93,6 +93,12 @@ public function testTypeNameMetaFieldQuery(): void`
`93`	`93`	`$this->assertTypeNameMetaFieldQuery(1);`
`94`	`94`	`}`
`95`	`95`
	`96`	`+ public function testInfiniteRecursion(): void`
	`97`	`+ {`
	`98`	`+ $query = 'query MyQuery { human { ...F1 } } fragment F1 on Human { ...F1 }';`
	`99`	`+ $this->assertDocumentValidator($query, 7, [self::createFormattedError(7, 8)]);`
	`100`	`+ }`
	`101`	`+`
`96`	`102`	`/** @return iterable<array{0: int, 1?: int, 2?: array<int, array<string, mixed>>}> */`
`97`	`103`	`public static function queryDataProvider(): iterable`
`98`	`104`	`{`