-
Notifications
You must be signed in to change notification settings - Fork 2k
/
NoSchemaIntrospectionCustomRule-test.js
142 lines (127 loc) · 3.3 KB
/
NoSchemaIntrospectionCustomRule-test.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
// @flow strict
import { describe, it } from 'mocha';
import { buildSchema } from '../../utilities/buildASTSchema';
import { NoSchemaIntrospectionCustomRule } from '../rules/custom/NoSchemaIntrospectionCustomRule';
import { expectValidationErrorsWithSchema } from './harness';
function expectErrors(queryStr) {
return expectValidationErrorsWithSchema(
schema,
NoSchemaIntrospectionCustomRule,
queryStr,
);
}
function expectValid(queryStr) {
expectErrors(queryStr).to.deep.equal([]);
}
const schema = buildSchema(`
type Query {
someQuery: SomeType
}
type SomeType {
someField: String
introspectionField: __EnumValue
}
`);
describe('Validate: Prohibit introspection queries', () => {
it('ignores valid fields including __typename', () => {
expectValid(`
{
someQuery {
__typename
someField
}
}
`);
});
it('ignores fields not in the schema', () => {
expectValid(`
{
__introspect
}
`);
});
it('reports error when a field with an introspection type is requested', () => {
expectErrors(`
{
__schema {
queryType {
name
}
}
}
`).to.deep.equal([
{
message:
'GraphQL introspection has been disabled, but the requested query contained the field "__schema".',
locations: [{ line: 3, column: 9 }],
},
{
message:
'GraphQL introspection has been disabled, but the requested query contained the field "queryType".',
locations: [{ line: 4, column: 11 }],
},
]);
});
it('reports error when a field with an introspection type is requested and aliased', () => {
expectErrors(`
{
s: __schema {
queryType {
name
}
}
}
`).to.deep.equal([
{
message:
'GraphQL introspection has been disabled, but the requested query contained the field "__schema".',
locations: [{ line: 3, column: 9 }],
},
{
message:
'GraphQL introspection has been disabled, but the requested query contained the field "queryType".',
locations: [{ line: 4, column: 11 }],
},
]);
});
it('reports error when using a fragment with a field with an introspection type', () => {
expectErrors(`
{
...QueryFragment
}
fragment QueryFragment on Query {
__schema {
queryType {
name
}
}
}
`).to.deep.equal([
{
message:
'GraphQL introspection has been disabled, but the requested query contained the field "__schema".',
locations: [{ line: 7, column: 9 }],
},
{
message:
'GraphQL introspection has been disabled, but the requested query contained the field "queryType".',
locations: [{ line: 8, column: 11 }],
},
]);
});
it('reports error for non-standard introspection fields', () => {
expectErrors(`
{
someQuery {
introspectionField
}
}
`).to.deep.equal([
{
message:
'GraphQL introspection has been disabled, but the requested query contained the field "introspectionField".',
locations: [{ line: 4, column: 11 }],
},
]);
});
});