QueryDepth::setMaxQueryDepth() - Code Metrics - Inspection of "Query complexity security" - overblog/GraphQLBundle - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#23)

by Jérémiah

created 2016-04-03 13:29 UTC

QueryDepth::setMaxQueryDepth() A

↳ Parent: QueryDepth

Complexity

Conditions	1
Paths	1

Size

Total Lines	6
Code Lines	3

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	4
CRAP Score	1

Importance

Changes	1
Bugs	0	Features	1

Metric	Value
c	1
b	0
f	1
dl	0
loc	6
ccs	4
cts	4
cp	1
rs	9.4285
cc	1
eloc	3
nc	1
nop	1
crap	1

<?php

/*
 * This file is part of the OverblogGraphQLBundle package.
 *
 * (c) Overblog <http://github.com/overblog/>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace Overblog\GraphQLBundle\Request\Validator\Rule;

use GraphQL\Error;
use GraphQL\Language\AST\Field;
use GraphQL\Language\AST\Node;
use GraphQL\Language\AST\OperationDefinition;
use GraphQL\Language\AST\SelectionSet;
use GraphQL\Validator\ValidationContext;

class QueryDepth extends AbstractQuerySecurity
{
    const DEFAULT_QUERY_MAX_DEPTH = self::DISABLED;

    /**
     * @var int
     */
    private static $maxQueryDepth;

    public function __construct($maxQueryDepth = self::DEFAULT_QUERY_MAX_DEPTH)
    {
        $this->setMaxQueryDepth($maxQueryDepth);
    }

    /**
     * Set max query depth. If equal to 0 no check is done. Must be greater or equal to 0.
     *
     * @param $maxQueryDepth
     */
    public static function setMaxQueryDepth($maxQueryDepth)
    {
        self::checkIfGreaterOrEqualToZero('maxQueryDepth', $maxQueryDepth);

        self::$maxQueryDepth = (int) $maxQueryDepth;
    }

    public static function getMaxQueryDepth()
    {
        return self::$maxQueryDepth;
    }

    public static function maxQueryDepthErrorMessage($max, $count)
    {
        return sprintf('Max query depth should be %d but got %d.', $max, $count);
    }

    public function __invoke(ValidationContext $context)
    {
        return $this->invokeIfNeeded(
            $context,
            [
                Node::OPERATION_DEFINITION => [
                    'leave' => function (OperationDefinition $operationDefinition) use ($context) {
                        $maxDepth = $this->fieldDepth($operationDefinition);

                        if ($maxDepth > $this->getMaxQueryDepth()) {
                            return new Error($this->maxQueryDepthErrorMessage($this->getMaxQueryDepth(), $maxDepth));
                        }
                    },
                ],
            ]
        );
    }

    protected function isEnabled()
    {
        return $this->getMaxQueryDepth() !== static::DISABLED;
    }

    private function fieldDepth(Node $node, $depth = 0, $maxDepth = 0)

    {
        if (isset($node->selectionSet)) {
            foreach ($node->selectionSet->selections as $childNode) {

                $maxDepth = $this->nodeDepth($childNode, $depth, $maxDepth);
            }
        }

        return $maxDepth;
    }

    private function nodeDepth(Node $node, $depth = 0, $maxDepth = 0)
    {
        switch ($node->kind) {
            case Node::FIELD:
                // node has children?
                if (null !== $node->selectionSet) {

                    // update maxDepth if needed
                    if ($depth > $maxDepth) {
                        $maxDepth = $depth;
                    }
                    $maxDepth = $this->fieldDepth($node, $depth + 1, $maxDepth);
                }
                break;

            case Node::INLINE_FRAGMENT:
                // node has children?
                if (null !== $node->selectionSet) {
                    $maxDepth = $this->fieldDepth($node, $depth, $maxDepth);
                }
                break;

            case Node::FRAGMENT_SPREAD:
                $fragment = $this->getFragment($node);


                if (null !== $fragment) {
                    $maxDepth = $this->fieldDepth($fragment, $depth, $maxDepth);
                }
                break;
        }

        return $maxDepth;
    }
}


1			<?php
2
3			/*
4			* This file is part of the OverblogGraphQLBundle package.
5			*
6			* (c) Overblog <http://github.com/overblog/>
7			*
8			* For the full copyright and license information, please view the LICENSE
9			* file that was distributed with this source code.
10			*/
11
12			namespace Overblog\GraphQLBundle\Request\Validator\Rule;
13
14			use GraphQL\Error;
15			use GraphQL\Language\AST\Field;
16			use GraphQL\Language\AST\Node;
17			use GraphQL\Language\AST\OperationDefinition;
18			use GraphQL\Language\AST\SelectionSet;
19			use GraphQL\Validator\ValidationContext;
20
21			class QueryDepth extends AbstractQuerySecurity
22			{
23			const DEFAULT_QUERY_MAX_DEPTH = self::DISABLED;
24
25			/**
26			* @var int
27			*/
28			private static $maxQueryDepth;
29
30	73		public function __construct($maxQueryDepth = self::DEFAULT_QUERY_MAX_DEPTH)
31			{
32	73		$this->setMaxQueryDepth($maxQueryDepth);
33	72		}
34
35			/**
36			* Set max query depth. If equal to 0 no check is done. Must be greater or equal to 0.
37			*
38			* @param $maxQueryDepth
39			*/
40	73		public static function setMaxQueryDepth($maxQueryDepth)
41			{
42	73		self::checkIfGreaterOrEqualToZero('maxQueryDepth', $maxQueryDepth);
43
44	72		self::$maxQueryDepth = (int) $maxQueryDepth;
45	72		}
46
47	72		public static function getMaxQueryDepth()
48			{
49	72		return self::$maxQueryDepth;
50			}
51
52	7		public static function maxQueryDepthErrorMessage($max, $count)
53			{
54	7		return sprintf('Max query depth should be %d but got %d.', $max, $count);
55			}
56
57	72		public function __invoke(ValidationContext $context)
58			{
59	72		return $this->invokeIfNeeded(
60	72		$context,
61			[
62	72		Node::OPERATION_DEFINITION => [
63	72		'leave' => function (OperationDefinition $operationDefinition) use ($context) {
64	33		$maxDepth = $this->fieldDepth($operationDefinition);
65
66	33		if ($maxDepth > $this->getMaxQueryDepth()) {
67	7		return new Error($this->maxQueryDepthErrorMessage($this->getMaxQueryDepth(), $maxDepth));
68			}
69	72		},
70	72		],
71			]
72	72		);
73			}
74
75	72		protected function isEnabled()
76			{
77	72		return $this->getMaxQueryDepth() !== static::DISABLED;
78			}
79
80	33	View Code Duplication	private function fieldDepth(Node $node, $depth = 0, $maxDepth = 0)
			0 ignored issues – show Duplication introduced 2016-04-02 20:15 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
81			{
82	33		if (isset($node->selectionSet)) {
83	33		foreach ($node->selectionSet->selections as $childNode) {
			0 ignored issues – show Bug introduced 2016-04-02 20:15 UTC by Report Bug Copy Issue Report The property `selectionSet` does not seem to exist in `GraphQL\Language\AST\Node`. An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. Loading history...
84	33		$maxDepth = $this->nodeDepth($childNode, $depth, $maxDepth);
85	33		}
86	33		}
87
88	33		return $maxDepth;
89			}
90
91	33		private function nodeDepth(Node $node, $depth = 0, $maxDepth = 0)
92			{
93	33		switch ($node->kind) {
94	33		case Node::FIELD:
95			// node has children?
96	33		if (null !== $node->selectionSet) {
			0 ignored issues – show Bug introduced 2016-04-02 20:15 UTC by Report Bug Copy Issue Report The property `selectionSet` does not seem to exist in `GraphQL\Language\AST\Node`. An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. Loading history...
97			// update maxDepth if needed
98	33		if ($depth > $maxDepth) {
99	31		$maxDepth = $depth;
100	31		}
101	33		$maxDepth = $this->fieldDepth($node, $depth + 1, $maxDepth);
102	33		}
103	33		break;
104
105	21		case Node::INLINE_FRAGMENT:
106			// node has children?
107	10		if (null !== $node->selectionSet) {
108	10		$maxDepth = $this->fieldDepth($node, $depth, $maxDepth);
109	10		}
110	10		break;
111
112	11		case Node::FRAGMENT_SPREAD:
113	11		$fragment = $this->getFragment($node);
			0 ignored issues – show Compatibility introduced 2016-04-02 20:15 UTC by Report Bug Copy Issue Report `$node` of type `object<GraphQL\Language\AST\Node>` is not a sub-type of `object<GraphQL\Language\AST\FragmentSpread>`. It seems like you assume a child class of the class `GraphQL\Language\AST\Node` to be always present. This check looks for parameters that are defined as one type in their type hint or doc comment but seem to be used as a narrower type, i.e an implementation of an interface or a subclass. Consider changing the type of the parameter or doing an instanceof check before assuming your parameter is of the expected type. Loading history...
114
115	11		if (null !== $fragment) {
116	11		$maxDepth = $this->fieldDepth($fragment, $depth, $maxDepth);
117	11		}
118	11		break;
119	33		}
120
121	33		return $maxDepth;
122			}
123			}
124

overblog / GraphQLBundle

Scrutinizer GitHub App not installed

Pull Request — master (#23)

QueryDepth::setMaxQueryDepth() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like