Class ParserOptions

java.lang.Object
graphql.parser.ParserOptions
@PublicApi public class ParserOptions extends Object
Options that control how the Parser behaves.

  • Field Details

    • MAX_QUERY_CHARACTERS

      public static final int MAX_QUERY_CHARACTERS
      A graphql hacking vector is to send nonsensical queries with large tokens that contain a repeated characters that burn lots of parsing CPU time and burn memory representing a document that won't ever execute. To prevent this for most users, graphql-java sets this value to 1MB. ANTLR parsing time is linear to the number of characters presented. The more you allow the longer it takes.

      If you want to allow more, then setDefaultParserOptions(ParserOptions) allows you to change this JVM wide.

      See Also:

    • MAX_QUERY_TOKENS

      public static final int MAX_QUERY_TOKENS
      A graphql hacking vector is to send nonsensical queries with lots of tokens that burn lots of parsing CPU time and burn memory representing a document that won't ever execute. To prevent this for most users, graphql-java sets this value to 15000. ANTLR parsing time is linear to the number of tokens presented. The more you allow the longer it takes.

      If you want to allow more, then setDefaultParserOptions(ParserOptions) allows you to change this JVM wide.

      See Also:

    • MAX_WHITESPACE_TOKENS

      public static final int MAX_WHITESPACE_TOKENS
      Another graphql hacking vector is to send large amounts of whitespace in operations that burn lots of parsing CPU time and burn memory representing a document. Whitespace token processing in ANTLR is 2 orders of magnitude faster than grammar token processing however it still takes some time to happen.

      If you want to allow more, then setDefaultParserOptions(ParserOptions) allows you to change this JVM wide.

      See Also:

    • MAX_RULE_DEPTH

      public static final int MAX_RULE_DEPTH
      A graphql hacking vector is to send nonsensical queries that have lots of grammar rule depth to them which can cause stack overflow exceptions during the query parsing. To prevent this for most users, graphql-java sets this value to 500 grammar rules deep.

      If you want to allow more, then setDefaultParserOptions(ParserOptions) allows you to change this JVM wide.

      See Also:

    • defaultJvmParserOptions

      private static ParserOptions defaultJvmParserOptions

    • defaultJvmOperationParserOptions

      private static ParserOptions defaultJvmOperationParserOptions

    • defaultJvmSdlParserOptions

      private static ParserOptions defaultJvmSdlParserOptions

    • captureIgnoredChars

      private final boolean captureIgnoredChars

    • captureSourceLocation

      private final boolean captureSourceLocation

    • captureLineComments

      private final boolean captureLineComments

    • readerTrackData

      private final boolean readerTrackData

    • maxCharacters

      private final int maxCharacters

    • maxTokens

      private final int maxTokens

    • maxWhitespaceTokens

      private final int maxWhitespaceTokens

    • maxRuleDepth

      private final int maxRuleDepth

    • parsingListener

      private final ParsingListener parsingListener

  • Constructor Details

  • Method Details

    • getDefaultParserOptions

      public static ParserOptions getDefaultParserOptions()
      By default, the Parser will not capture ignored characters. A static holds this default value in a JVM wide basis options object. Significant memory savings can be made if we do NOT capture ignored characters, especially in SDL parsing.
      Returns:
      the static default JVM value
      See Also:

    • setDefaultParserOptions

      public static void setDefaultParserOptions(ParserOptions options)
      By default, the Parser will not capture ignored characters. A static holds this default value in a JVM wide basis options object. Significant memory savings can be made if we do NOT capture ignored characters, especially in SDL parsing. So we have set this to false by default. This static can be set to true to allow the behavior of version 16.x or before.
      Parameters:
      options - - the new default JVM parser options
      See Also:

    • getDefaultOperationParserOptions

      public static ParserOptions getDefaultOperationParserOptions()
      By default, for operation parsing, the Parser will not capture ignored characters, and it will not capture line comments into AST elements . A static holds this default value for operation parsing in a JVM wide basis options object.
      Returns:
      the static default JVM value for operation parsing
      See Also:

    • setDefaultOperationParserOptions

      public static void setDefaultOperationParserOptions(ParserOptions options)
      By default, the Parser will not capture ignored characters or line comments. A static holds this default value in a JVM wide basis options object for operation parsing. This static can be set to true to allow the behavior of version 16.x or before.
      Parameters:
      options - - the new default JVM parser options for operation parsing
      See Also:

    • getDefaultSdlParserOptions

      public static ParserOptions getDefaultSdlParserOptions()
      By default, for SDL parsing, the Parser will not capture ignored characters, but it will capture line comments into AST elements. The SDL default options allow unlimited tokens and whitespace, since a DOS attack vector is not commonly available via schema SDL parsing. A static holds this default value for SDL parsing in a JVM wide basis options object.
      Returns:
      the static default JVM value for SDL parsing
      See Also:

    • setDefaultSdlParserOptions

      public static void setDefaultSdlParserOptions(ParserOptions options)
      By default, for SDL parsing, the Parser will not capture ignored characters, but it will capture line comments into AST elements . A static holds this default value for operation parsing in a JVM wide basis options object. This static can be set to true to allow the behavior of version 16.x or before.
      Parameters:
      options - - the new default JVM parser options for operation parsing
      See Also:

    • isCaptureIgnoredChars

      public boolean isCaptureIgnoredChars()
      Significant memory savings can be made if we do NOT capture ignored characters, especially in SDL parsing. So we have set this to false by default.
      Returns:
      true if ignored chars should be captured as AST nodes

    • isCaptureSourceLocation

      public boolean isCaptureSourceLocation()
      Memory savings can be made if we do NOT set SourceLocations on AST nodes, especially in SDL parsing.
      Returns:
      true if SourceLocations should be captured as AST nodes
      See Also:

    • isCaptureLineComments

      public boolean isCaptureLineComments()
      Single-line Comments do not have any semantic meaning in GraphQL source documents, as such you may wish to ignore them.

      This option does not ignore documentation Descriptions.

      Returns:
      true if Comments should be captured as AST nodes
      See Also:

    • isReaderTrackData

      public boolean isReaderTrackData()
      Controls whether the underlying MultiSourceReader should track previously read data or not.
      Returns:
      true if MultiSourceReader should track data in memory.

    • getMaxCharacters

      public int getMaxCharacters()
      A graphql hacking vector is to send nonsensical queries that contain a repeated characters that burn lots of parsing CPU time and burn memory representing a document that won't ever execute. To prevent this for most users, graphql-java sets this value to 1MB.
      Returns:
      the maximum number of characters the parser will accept, after which an exception will be thrown.

    • getMaxTokens

      public int getMaxTokens()
      A graphql hacking vector is to send nonsensical queries that burn lots of parsing CPU time and burns memory representing a document that won't ever execute. To prevent this you can set a maximum number of parse tokens that will be accepted before an exception is thrown and the parsing is stopped.
      Returns:
      the maximum number of raw tokens the parser will accept, after which an exception will be thrown.

    • getMaxWhitespaceTokens

      public int getMaxWhitespaceTokens()
      A graphql hacking vector is to send larges amounts of whitespace that burn lots of parsing CPU time and burn memory representing a document. To prevent this you can set a maximum number of whitespace parse tokens that will be accepted before an exception is thrown and the parsing is stopped.
      Returns:
      the maximum number of raw whitespace tokens the parser will accept, after which an exception will be thrown.

    • getMaxRuleDepth

      public int getMaxRuleDepth()
      A graphql hacking vector is to send nonsensical queries that have lots of rule depth to them which can cause stack overflow exceptions during the query parsing. To prevent this you can set a value that is the maximum depth allowed before an exception is thrown and the parsing is stopped.
      Returns:
      the maximum token depth the parser will accept, after which an exception will be thrown.

    • getParsingListener

      public ParsingListener getParsingListener()

    • transform

      public ParserOptions transform(Consumer<ParserOptions.Builder> builderConsumer)

    • newParserOptions

      public static ParserOptions.Builder newParserOptions()