Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bad union syntax = parser non-termination #491

Closed
brandonbloom opened this issue Jan 13, 2022 · 5 comments
Closed

bad union syntax = parser non-termination #491

brandonbloom opened this issue Jan 13, 2022 · 5 comments

Comments

@brandonbloom
Copy link

there is an infinite loop in the parser. here's a reproduction:

package main

import "github.com/graph-gophers/graphql-go"

func main() {
	graphql.MustParseSchema(`type U = T`, nil)
}

There is a typo here: type U = T should have been union U = T, but this loops infinitely instead of reporting a syntax error.

@brandonbloom
Copy link
Author

brandonbloom commented Jan 13, 2022

stack trace uncovers the bug:

$ go run .
^\SIGQUIT: quit
PC=0x116d5e6 m=0 sigcode=0

goroutine 1 [running]:
github.com/graph-gophers/graphql-go/internal/schema.parseObjectDef(0xc00008a680)
	/Users/brandonbloom/Projects/go/pkg/mod/github.com/graph-gophers/graphql-go@v1.2.0/internal/schema/schema.go:379 +0xa6 fp=0xc0000adab0 sp=0xc0000ada38 pc=0x116d5e6
github.com/graph-gophers/graphql-go/internal/schema.parseSchema(0xc0000c8750, 0xc00008a680)
	/Users/brandonbloom/Projects/go/pkg/mod/github.com/graph-gophers/graphql-go@v1.2.0/internal/schema/schema.go:323 +0xb3 fp=0xc0000adbb0 sp=0xc0000adab0 pc=0x116cb93
github.com/graph-gophers/graphql-go/internal/schema.Parse.func1()
	/Users/brandonbloom/Projects/go/pkg/mod/github.com/graph-gophers/graphql-go@v1.2.0/internal/schema/schema.go:31 +0x25 fp=0xc0000adbd0 sp=0xc0000adbb0 pc=0x116ae45
github.com/graph-gophers/graphql-go/internal/common.(*Lexer).CatchSyntaxError(0x11baa28, 0xa)
	/Users/brandonbloom/Projects/go/pkg/mod/github.com/graph-gophers/graphql-go@v1.2.0/internal/common/lexer.go:52 +0x73 fp=0xc0000adc10 sp=0xc0000adbd0 pc=0x10d5893
github.com/graph-gophers/graphql-go/internal/schema.Parse(0xc0000c8750, {0x11baa28, 0x13625a8}, 0xa0)
	/Users/brandonbloom/Projects/go/pkg/mod/github.com/graph-gophers/graphql-go@v1.2.0/internal/schema/schema.go:31 +0x8f fp=0xc0000adee8 sp=0xc0000adc10 pc=0x1169f0f
github.com/graph-gophers/graphql-go.ParseSchema({0x11baa28, 0xa}, {0x0, 0x0}, {0x0, 0x0, 0xc0000001a0})
	/Users/brandonbloom/Projects/go/pkg/mod/github.com/graph-gophers/graphql-go@v1.2.0/graphql.go:46 +0x18d fp=0xc0000adf38 sp=0xc0000adee8 pc=0x116ee6d
github.com/graph-gophers/graphql-go.MustParseSchema(...)
	/Users/brandonbloom/Projects/go/pkg/mod/github.com/graph-gophers/graphql-go@v1.2.0/graphql.go:64
main.main()
	/tmp/blah/blah.go:6 +0x31 fp=0xc0000adf80 sp=0xc0000adf38 pc=0x116f351
runtime.main()
	/usr/local/Cellar/go/1.17.3/libexec/src/runtime/proc.go:255 +0x227 fp=0xc0000adfe0 sp=0xc0000adf80 pc=0x10360e7
runtime.goexit()
	/usr/local/Cellar/go/1.17.3/libexec/src/runtime/asm_amd64.s:1581 +0x1 fp=0xc0000adfe8 sp=0xc0000adfe0 pc=0x1062861

rax    0xc0000c8ea0
rbx    0x1640108
rcx    0x1
rdx    0xc00008a680
rdi    0x0
rsi    0x3d
rbp    0xc0000adaa0
rsp    0xc0000ada38
r8     0x90
r9     0x70
r10    0x14
r11    0x11f73a8
r12    0x203000
r13    0x203000
r14    0xc0000001a0
r15    0x5106479
rip    0x116d5e6
rflags 0x283
cs     0x2b
fs     0x0
gs     0x0
exit status 2

Looks like the loop in parseObjectDef needs a fallback case that does l.SyntaxError(fmt.Sprintf(`unexpected ...

@cnnrrss
Copy link
Contributor

cnnrrss commented Feb 23, 2022

Hey, first time contributor 👋 . I'd like to give this one a go if nobody has picked it up yet.

@pavelnikolov
Copy link
Member

@cnnrrss contributions are more than welcome

@BigBallard
Copy link
Contributor

@pavelnikolov is this still an issue with the those PR's in?

@pavelnikolov
Copy link
Member

@DallasP9124 This issue should be closed. The first PR fixed it.

Umanish pushed a commit to tokopedia/graphql-go that referenced this issue May 15, 2023
* Support for embedded struct type in resolver

* fix bug in slice pop

* fix bug while finding field

* add 'getFieldCount' to resolve ambiguity

* Increase extensions test coverage

* Remove duplicate unit tests

* rename 'getFieldCount' to 'fieldCount'

* add test for ambiguous field panic

* add unit tests for embedded struct feature

* rename TestEmbedded => TestEmbeddedStruct

* Fixes graph-gophers#357

* Actually fix graph-gophers#357

* Print context to panic log

* Add Example of Custom Errors

Adding example and documentation for how to create custom error
 implementations which include `extensions` within their `error` payload

* Clarify errors for mismatching input implementation

Producing clearer error messages when field input arguments are
 implemented by code:

 * Which does not match the schema e.g. missing field; or
 * Function missing struct wrapper for field arguments

* Allow `schema` to be omitted when using default root op names

* Strip Common Indentation from BlockString Descriptions

Multi-line descriptions need to have their common indentation level
 (which results from indentation of that part of the schema, rather than
 being intentional for the description text) removed to ensure the
 descriptions use the correct value, are formatted correctly etc

This is to meet the condition documented in the GraphQL spec:

https://graphql.github.io/graphql-spec/June2018/#sec-String-Value

> Since block strings represent freeform text often used in indented
>  positions, the string value semantics of a block string excludes
>  uniform indentation and blank initial and trailing lines via
>  BlockStringValue().

* Syntax highlighting fixed in README

* Add walkthrough

Fixed small punctuation and added my walkthrough package

* Update README.md

* Add support for directives in schema parser

* Use operationName from query if missing from POST

* Fix SIGSEGV when client subs to multiple fields

* bugfix: correctly determine fragment usage

In previous versions of this code, this validation would exit when it
encountered a fragment legitimately used twice. This bugfix skips the recursion
but does not stop progress altogether allowing other fragments to be marked as
used.

* Limit the number of concurrent list nodes processed

It uses the current capacity of the limiter as a hint as this is set
based on the maxParallelism field on the schema.

* Remove need for WaitGroup

* More descriptive error when unmarshaling ID/Time

This adds a tiny bit more information to the error messages produced
when unmarshaling an input value to an ID or Time fails.

* Improve README.md

Fixes graph-gophers#307

Add short descriptions for different schema options.
Move community examples to wiki.
Add companies that use this library.

* fix graph-gophers#241

Similar to graph-gophers#407, but adds test cases.

* Add comment explaining why we limit concurrency

* Issue graph-gophers#299: unclear error message in case of multiline string argument

* handle case where interface is type-asserted to same interface

* Issue graph-gophers#299: unclear error message in case of multiline strings

* Issue graph-gophers#299: unclear error message in case of multiline string argument

* Update logic to always check for nil pointer returns

* Adding variables parameter for query validations.

* Fixed `reflect.Value.Type on zero Value` panic when subscription resolver itself panicks

The internal exec Subscribe method had code to deal with subscription resolver panicking
when being called. But when such handling happen, the error is attached to the request
object and it never checked later on.

This leads to some zero checks to fail when we try to extract the type from the resolver's
channel since this variable was never set. Doing this creates a second panic which is not
handled and make the application die.

To fix the issue, we now check if there is errors on the request object before continuing
with the rest of the check, if there is errors, it's because a panic occurs and we return
the response right away.

* Added possibility to customize subscription resolver timeout value

The previous value was hard-coded to 1 second. This is problematic for resolver that
takes more time than this to return a result.

When parsing the schema, it's not possible to pass a custom value for the subscription
resolver timeout.

Extracted from graph-gophers#317

* Allowed Subscription resolver to return `*QueryError` directly

Previously, any error returned by the Subscription resolver was immediately wrapped inside
its own `*QueryError` value even if the returned error was already a `*QueryError`.

Now, when receiving such types, we use it as-is without wrapping again.

* Adding/removing empty lines where needed

* DisableIntrospection should not skip __typename for usages of GraphQL union types

* Add context to validation tracing

Context is needed for tracing to access the current span, in order to
 add tags to it, or create child spans. As presently defined (without a
 context), this cannot be done: new spans could be created, but they
 would not be associated with the existing request trace.

OpenTracingTracer implements the new interface (it never implemented the
 old one). Via this 'extension interface', the tracer configured (or the
 default tracer) will be used as the validation tracer if:

 * The tracer implements the (optional) interface; and
 * A validation tracer isn't provided using the deprecated option

What this means is that the deprecated option is _preferred_ as an
 override. This allows users to migrate in a non-breaking, non-behaviour
 changing way, until such time as they intentionally remove the use of
 the deprecated option. For those who are currently using the default
 tracer, and not supplying a validation tracer, validation will be traced
 immediately with no change required to configuration options.

* Add support for nullable types

This allows to differentiate between an omitted value and a null value
in an input struct.

* Fixed duplicated __typename in response (fixes graph-gophers#369)

* Create CHANGELOG.md

* Update CHANGELOG.md

* ignore JetBrains IDEA and vscode meta directories

* expose packer.Unmarshaler interface as graphql.Unmarshaler
- add tests for graphql.Time as reference implementation

* move packer.Unmarshaler interface to decode.Unmarshaler, so the methods are actually visible

* add types package

Part of graph-gophers#434 and related to graph-gophers#116 this change adds a new package containing all
types used by graphql-go in representing the GraphQL specification. The names
used in this package should match the specification as closely as possible.

In order to have cohesion, all internal packages that use GraphQL types have
been changed to use this new package.

This change is large but mostly mechanical. I recommend starting by reading
through the `types` package to build familiarity. I'll call out places in the
code where I made decisions and what the tradeoffs were.

* add getter for the types.Schema field

This additive function shouldn't break backward compatibility will allow those
who want access to the types to get at an AST version of the `types.Schema`

* unused fields

* rename to match types

* remove unused

* use a string and not an Ident for a FieldDefinition's name

This was an error. When this field was renamed from schema.Field (to avoid
ambiguity) its name field changed to match query.Field (to Ident). This caused a
cascade of useless changes that will be rolled back in the next commit

* fix compile errors introduced by ab449f0

* merge conflict errors

* add location fields to type definitions

* Fix dir in readme

* coerce float64 to int32 in NullInt and vice versa in NullFloat

* errors.Errorf preserves original error similar to fmt.Error

* removed test dependency on errors.Is

* checkErrors ignores the raw error for purposes of determining if the test passed or failed

* Update CHANGELOG.md

* internal/exec: assign parent type name to __typename fields

* Accepting value Json in parameter of request's body in  custom Scalar (graph-gophers#467)

Accept JSON value in resolver args

* Add option for custom panic handler (graph-gophers#468)

Add option for custom panic handler

* Tests showing query variables are validated correctly (graph-gophers#470)

* README nit -- Move '$' out of cut/paste buffer (graph-gophers#473)

Move '$' out of cut/paste buffer

* internal/exec/resolvable: include struct field name in errors (graph-gophers#477)

* internal/exec/resolvable: include struct field name in errors

We were only adding method name, which meant that it was taking
an empty string if the resolver was a struct field. This was
making the error messages hard to parse as the user can't know
which field has the error.

Added a check to use the correct variable.

* improve test

* ci: setup SemaphoreCI v2 (graph-gophers#479)

Update Semaphore configuration

* Support "Interfaces Implementing Interfaces" (graph-gophers#471)

Interface implementing interfaces support https://spec.graphql.org/draft/#sec-Interfaces.Interfaces-Implementing-Interfaces

* README.md: Fix build status badge

I broke this accidentally when removing the legacy SemaphoreCI integration.

* fix golangci lint errors in the codebase (graph-gophers#478)

Added a base golangci-config to the codebase to get
started. Some more changes are pending, and those
checks are commented out in the config.

* Improve Sempahore CI (graph-gophers#481)

Improve Sempahore CI build

* Make some more golang-ci improvements (graph-gophers#483)

* graphql.Time unmarshal unix nano time (graph-gophers#486)

* validation: fix bug in maxDepth fragment spread logic (graph-gophers#492)

* Create codeql-analysis.yml

* Add OpenTelemetry Support (graph-gophers#493)

Add OpenTelemetry tracer implementation

* Improve the Getting Started section

* Update README.md

* Improve the Getting Started section in the README

* Create SECURITY.md

* Fix the OTEL tracer package name (graph-gophers#495)

* Fix parseObjectDef will terminate when object has bad syntax (graph-gophers#491) (graph-gophers#500)

Thank you for your contribution

* Fix remove checkNilCase test helper function (graph-gophers#504)

* Add graphql.Time example (graph-gophers#508)

* Apollo Federation Spec: Fetch service capabilities (graph-gophers#507)

Add basic support for Apollo Federation

Co-authored-by: Alam <sulthan.alam@lemonilo.com>
Co-authored-by: pavelnikolov <me@pavelnikolov.net>

* Ignore yarn.lock file

* add support for repeatable directives (graph-gophers#502)

add support for repeatable directives

* Fix example/social code (graph-gophers#510)

The `Friends` field had higher priority than the `FriendsResolver` method. This is the reason why the field was renamed to a value, that doesn't match the GraphQL resolver.

* Fix lint error (graph-gophers#512)

* Refactor trace package (graph-gophers#513)

Remove dependency for graphql-go on OpenTracing and OpenTelemetry except
 where those tracers are explicitly configured for use.

* Adding in primitive value validation. (graph-gophers#515)

* Update README.md

* Update README.md

* Improve type assertion method argument validation (require zero) (graph-gophers#516)

Improve type assertion method argument validation (require zero)

It's tempting to include a context argument (or think it's allowed), but
not discover that this will fail until a query is executed. Validating
the resolver during schema parsing reduces the chance of inadvertant
errors here.

Signed-off-by: Evan Owen <kainosnoema@gmail.com>

* Disallow repeat of non repeatable directives (graph-gophers#525)

* Disallow repeat of non repeatable directives

* Remove unnecessary scallar

* Added changes lost after package update

* merging old prs

* adding gqlerrors support

* adding dev message, error code support

* Readded Export query name method functionality after package update

* Fix: extension initialisation and updated error method to return extension details

* updated QueryError Extensions to not emit if empty

---------

Signed-off-by: Evan Owen <kainosnoema@gmail.com>
Co-authored-by: Elijah Oyekunle <eloyekunle@gmail.com>
Co-authored-by: Pavel Nikolov <me@pavelnikolov.net>
Co-authored-by: Pavel Nikolov <pavelnikolov@users.noreply.github.com>
Co-authored-by: Dorian Thiessen <Dorian.thiessen@usask.ca>
Co-authored-by: Ivan <ivan.petrus@kumparan.com>
Co-authored-by: David Ackroyd <dackroyd@fairfaxmedia.com.au>
Co-authored-by: pavemaksim <pavemaksim@gmail.com>
Co-authored-by: Tony Ghita <ghita71@gmail.com>
Co-authored-by: Zaydek <zaydekdotcom@gmail.com>
Co-authored-by: Sylvain Cleymans <sylvain@movio.co>
Co-authored-by: will@newrelic.com <will@newrelic.com>
Co-authored-by: Nicolas Maquet <nicolas@movio.co>
Co-authored-by: Sean Sorrell <seansorr@twitch.tv>
Co-authored-by: Ryan Slade <ryanslade@gmail.com>
Co-authored-by: Thorsten Ball <mrnugget@gmail.com>
Co-authored-by: obei <obei.sideg@gmail.com>
Co-authored-by: Quinn Slack <quinn@slack.org>
Co-authored-by: suntoucha <suntoucha@gmail.com>
Co-authored-by: Barry Dutton <dutbarry@justin.tv>
Co-authored-by: Sebastian Motavita <Sebastian.Motavita@endava.com>
Co-authored-by: Matthieu Vachon <matt@dfuse.io>
Co-authored-by: Epsirom <chenhuarongzp@gmail.com>
Co-authored-by: David Ackroyd <23301187+dackroyd@users.noreply.github.com>
Co-authored-by: Vincent Composieux <vincent@composieux.fr>
Co-authored-by: Silvio Ginter <silvio.ginter@esome.com>
Co-authored-by: Sam Ko <samuko@twitch.tv>
Co-authored-by: jinleileiking <jinleileiking@gmail.com>
Co-authored-by: Edward Ma <edward@catch.co>
Co-authored-by: Matt Ho <matt.ho@gmail.com>
Co-authored-by: Tony Ghita <tony@twitch.tv>
Co-authored-by: Gustavo Delfim <gusttavodelfim@gmail.com>
Co-authored-by: John Starich <johnstarich@gmail.com>
Co-authored-by: Florian Suess <floriansuess96@icloud.com>
Co-authored-by: wejafoo <79415032+wejafoo@users.noreply.github.com>
Co-authored-by: Agniva De Sarker <agnivade@yahoo.co.in>
Co-authored-by: Steve Gray <steve-gray@users.noreply.github.com>
Co-authored-by: Connor Vanderhook <14183191+cnnrrss@users.noreply.github.com>
Co-authored-by: roaris <61813626+roaris@users.noreply.github.com>
Co-authored-by: Sulthan Alam <40392850+aeramu@users.noreply.github.com>
Co-authored-by: Alam <sulthan.alam@lemonilo.com>
Co-authored-by: speezepearson <speezepearson@users.noreply.github.com>
Co-authored-by: Dallas Phillips <dallasphillips24@gmail.com>
Co-authored-by: Evan Owen <kainosnoema@gmail.com>
Co-authored-by: Igor <9917165+ostrea@users.noreply.github.com>
Co-authored-by: Amritansh Kumar <amritansh.kumar@tokopedia.com>
Co-authored-by: kumaramritansh <105722986+kumaramritansh@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants