Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Missing validation of schema directive argument types #3912

Open
vwkd opened this issue Jun 17, 2023 · 0 comments
Open

Missing validation of schema directive argument types #3912

vwkd opened this issue Jun 17, 2023 · 0 comments

Comments

@vwkd
Copy link

vwkd commented Jun 17, 2023

It seems there is no validation for the argument types of custom schema directives.

Passing an argument with the wrong type to a custom schema directive doesn't throw an error during schema building, e.g. with buildASTSchema or buildSchema. Meanwhile, built-in schema directives like deprecated seem to validate their argument types correctly.

This results in the arguments of a custom schema directive possibly ending up with an unexpected type and your server breaking at runtime when you figure out the bug in your schema. Notably, the type ends up being EnumValue if it doesn't exist as this seems to be the default type.

Steps to reproduce

  1. Run with deno, e.g. open deno repl and paste in, or run from file with deno run file.ts
import { buildSchema } from "npm:graphql@16.6.0";

const source1 = `
  type Query {
    # ups... forgot the quotes around the string FOOBAR
    baz: Boolean @foo(bar: FOOBAR)
  }

  directive @foo(bar: String!) on FIELD_DEFINITION
`;

// should throw but doesn't
const schema1 = buildSchema(source1);

console.log(schema1.getQueryType()!.getFields()["baz"].astNode!.directives![0].arguments![0].value.kind);
// EnumValue

const source2 = `
  type Query {
    # ups... forgot the quotes around the string FOOBAR
    baz: Boolean @deprecated(reason: FOOBAR)
  }
`;

// correctly throws
const schema2 = buildSchema(source2);
// error: Uncaught GraphQLError: Argument "reason" has invalid value FOOBAR.

Expected result

The buildSchema(source1) call throws like the buildSchema(source2) does.

Actual result

The buildSchema(source1) call doesn't throw.

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants
@vwkd and others