Don't allow reserved argument names as user defined arguments.

hypermodeinc · Jun 4, 2020 · 59be150 · 59be150
1 parent 98e5fe0
commit 59be150
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 6 deletions.
diff --git a/graphql/schema/custom_http_config_test.yaml b/graphql/schema/custom_http_config_test.yaml
@@ -124,7 +124,7 @@
     }
 
     type Country @remote {
-      code(first: Int!, filter: MyFilter): String
+      code(get: Int!, choose: MyFilter): String
       name: String
       states: [State]
       std: Int
@@ -158,7 +158,7 @@
   gqlquery: |
     mutation addCountry1($input: CountryInput!) {
       addCountry1(input: $input) {
-        code(first: 10, filter: {ids: "0x123", name: { eq: "github" }})
+        code(get: 10, choose: {ids: "0x123", name: { eq: "github" }})
         name
         states {
           code
@@ -194,7 +194,7 @@
     }
 
     type Country {
-      code(first: Int!, filter: MyFilter): String
+      code(get: Int!, choose: MyFilter): String
       name: String
       states: [State]
       std: Int
@@ -227,7 +227,7 @@
     }
   remotequery: |-
     mutation($input: CountryInput!) { setCountry(country: $input) {
-    code(first: 10, filter: {ids:"0x123",name:{eq:"github"}})
+    code(get: 10, choose: {ids:"0x123",name:{eq:"github"}})
     name
     states{
     code

diff --git a/graphql/schema/gqlschema_test.yml b/graphql/schema/gqlschema_test.yml
@@ -1893,6 +1893,17 @@ invalid_schemas:
      "locations":[{"line":1, "column":11}]},
     ]
 
+
+  - name: "There shoudnt be any reserved arguments on any field"
+    input: |
+      type T {
+        f(first: Int): String
+      }
+    errlist: [
+    {"message": "Type T; Field f: can't have first as an argument because it is a reserved argument.", "locations": [{"line": 2, "column": 3}]}
+    ]
+
+
 valid_schemas:
   - name: "@auth on interface implementation"
     input: |

diff --git a/graphql/schema/rules.go b/graphql/schema/rules.go
@@ -39,8 +39,8 @@ func init() {
 	schemaValidations = append(schemaValidations, dgraphDirectivePredicateValidation)
 	typeValidations = append(typeValidations, idCountCheck, dgraphDirectiveTypeValidation,
 		passwordDirectiveValidation, conflictingDirectiveValidation, nonIdFieldsCheck)
-	fieldValidations = append(fieldValidations, listValidityCheck, fieldNameCheck,
-		isValidFieldForList, hasAuthDirective)
+	fieldValidations = append(fieldValidations, listValidityCheck, fieldArgumentCheck,
+		fieldNameCheck, isValidFieldForList, hasAuthDirective)
 
 	validator.AddRule("Check variable type is correct", variableTypeCheck)
 	validator.AddRule("Check for list type value", listTypeCheck)
@@ -632,6 +632,30 @@ func isValidFieldForList(typ *ast.Definition, field *ast.FieldDefinition) *gqler
 	return nil
 }
 
+func fieldArgumentCheck(typ *ast.Definition, field *ast.FieldDefinition) *gqlerror.Error {
+	if isQueryOrMutationType(typ) {
+		return nil
+	}
+	// We don't need to verify the argument names for fields which are part of a remote type as
+	// we don't add any of our own arguments to them.
+	remote := typ.Directives.ForName(remoteDirective)
+	if remote != nil {
+		return nil
+	}
+	for _, arg := range field.Arguments {
+		if isReservedArgument(arg.Name) {
+			return gqlerror.ErrorPosf(
+				field.Position,
+				"Type %s; Field %s: can't have %s as an argument because it is a reserved "+
+					"argument.",
+				typ.Name, field.Name, arg.Name,
+			)
+
+		}
+	}
+	return nil
+}
+
 func fieldNameCheck(typ *ast.Definition, field *ast.FieldDefinition) *gqlerror.Error {
 	// field name cannot be a reserved word
 	if isReservedKeyWord(field.Name) {
@@ -1577,6 +1601,14 @@ func isScalar(s string) bool {
 	return ok
 }
 
+func isReservedArgument(name string) bool {
+	switch name {
+	case "first", "offset", "filter", "order":
+		return true
+	}
+	return false
+}
+
 func isReservedKeyWord(name string) bool {
 	if isScalar(name) || isQueryOrMutation(name) || name == "uid" {
 		return true