graphql-php/tests/Validator/QuerySecurityTestCase.php

<?php

declare(strict_types=1);

namespace GraphQL\Tests\Validator;

use GraphQL\Error\Error;
use GraphQL\Error\FormattedError;
use GraphQL\Language\Parser;
use GraphQL\Type\Introspection;
use GraphQL\Validator\DocumentValidator;
use GraphQL\Validator\Rules\QuerySecurityRule;
use PHPUnit\Framework\TestCase;
use function array_map;

abstract class QuerySecurityTestCase extends TestCase
{
    /**
     * @expectedException \InvalidArgumentException
     * @expectedExceptionMessage argument must be greater or equal to 0.
     */
    public function testMaxQueryDepthMustBeGreaterOrEqualTo0() : void
    {
        $this->getRule(-1);
    }

    /**
     * @param int $max
     *
     * @return QuerySecurityRule
     */
    abstract protected function getRule($max);

    protected function assertIntrospectionQuery($maxExpected)
    {
        $query = Introspection::getIntrospectionQuery();

        $this->assertMaxValue($query, $maxExpected);
    }

    protected function assertMaxValue($query, $maxExpected)
    {
        $this->assertDocumentValidator($query, $maxExpected);
        $newMax = $maxExpected - 1;
        if ($newMax === QuerySecurityRule::DISABLED) {
            return;
        }
        $this->assertDocumentValidator($query, $newMax, [$this->createFormattedError($newMax, $maxExpected)]);
    }

    /**
     * @param string     $queryString
     * @param int        $max
     * @param string[][] $expectedErrors
     * @return Error[]
     */
    protected function assertDocumentValidator($queryString, $max, array $expectedErrors = []) : array
    {
        $errors = DocumentValidator::validate(
            QuerySecuritySchema::buildSchema(),
            Parser::parse($queryString),
            [$this->getRule($max)]
        );

        $this->assertEquals($expectedErrors, array_map([Error::class, 'formatError'], $errors), $queryString);

        return $errors;
    }

    protected function createFormattedError($max, $count, $locations = [])
    {
        return FormattedError::create($this->getErrorMessage($max, $count), $locations);
    }

    /**
     * @param int $max
     * @param int $count
     *
     * @return string
     */
    abstract protected function getErrorMessage($max, $count);

    protected function assertIntrospectionTypeMetaFieldQuery($maxExpected)
    {
        $query = '
          {
            __type(name: "Human") {
              name
            }
          }
        ';

        $this->assertMaxValue($query, $maxExpected);
    }

    protected function assertTypeNameMetaFieldQuery($maxExpected)
    {
        $query = '
          {
            human {
              __typename
              firstName
            }
          }
        ';
        $this->assertMaxValue($query, $maxExpected);
    }
}
Add Complexity and Depth Query Security 2016-04-09 11:04:14 +03:00			`<?php`
Fix CS in tests/Validator 2018-09-02 14:08:49 +03:00
			`declare(strict_types=1);`

Add Complexity and Depth Query Security 2016-04-09 11:04:14 +03:00			`namespace GraphQL\Tests\Validator;`

Fix CS in tests/Validator 2018-09-02 14:08:49 +03:00			`use GraphQL\Error\Error;`
Moved all error-related classes to separate namespace; fixed related broken tests 2016-10-21 12:39:57 +03:00			`use GraphQL\Error\FormattedError;`
Add Complexity and Depth Query Security 2016-04-09 11:04:14 +03:00			`use GraphQL\Language\Parser;`
			`use GraphQL\Type\Introspection;`
			`use GraphQL\Validator\DocumentValidator;`
Fix CS in Validator folder 2018-08-07 01:35:37 +03:00			`use GraphQL\Validator\Rules\QuerySecurityRule;`
Upgrade PHPUnit 2018-07-29 18:43:10 +03:00			`use PHPUnit\Framework\TestCase;`
Fix CS in tests/Validator 2018-09-02 14:08:49 +03:00			`use function array_map;`
Add Complexity and Depth Query Security 2016-04-09 11:04:14 +03:00
Upgrade PHPUnit 2018-07-29 18:43:10 +03:00			`abstract class QuerySecurityTestCase extends TestCase`
Add Complexity and Depth Query Security 2016-04-09 11:04:14 +03:00			`{`
			`/**`
Fix CS in tests/Validator 2018-09-02 14:08:49 +03:00			`* @expectedException \InvalidArgumentException`
			`* @expectedExceptionMessage argument must be greater or equal to 0.`
Add Complexity and Depth Query Security 2016-04-09 11:04:14 +03:00			`*/`
Fix CS in tests/Validator 2018-09-02 14:08:49 +03:00			`public function testMaxQueryDepthMustBeGreaterOrEqualTo0() : void`
			`{`
			`$this->getRule(-1);`
			`}`
Add Complexity and Depth Query Security 2016-04-09 11:04:14 +03:00
			`/**`
Fix CS in tests/Validator 2018-09-02 14:08:49 +03:00			`* @param int $max`
Add Complexity and Depth Query Security 2016-04-09 11:04:14 +03:00			`*`
Fix CS in tests/Validator 2018-09-02 14:08:49 +03:00			`* @return QuerySecurityRule`
Add Complexity and Depth Query Security 2016-04-09 11:04:14 +03:00			`*/`
Fix CS in tests/Validator 2018-09-02 14:08:49 +03:00			`abstract protected function getRule($max);`
Add Complexity and Depth Query Security 2016-04-09 11:04:14 +03:00
Fix CS in tests/Validator 2018-09-02 14:08:49 +03:00			`protected function assertIntrospectionQuery($maxExpected)`
Add Complexity and Depth Query Security 2016-04-09 11:04:14 +03:00			`{`
Fix CS in tests/Validator 2018-09-02 14:08:49 +03:00			`$query = Introspection::getIntrospectionQuery();`

			`$this->assertMaxValue($query, $maxExpected);`
Add Complexity and Depth Query Security 2016-04-09 11:04:14 +03:00			`}`

Fix CS in tests/Validator 2018-09-02 14:08:49 +03:00			`protected function assertMaxValue($query, $maxExpected)`
Add Complexity and Depth Query Security 2016-04-09 11:04:14 +03:00			`{`
Fix CS in tests/Validator 2018-09-02 14:08:49 +03:00			`$this->assertDocumentValidator($query, $maxExpected);`
			`$newMax = $maxExpected - 1;`
			`if ($newMax === QuerySecurityRule::DISABLED) {`
			`return;`
			`}`
			`$this->assertDocumentValidator($query, $newMax, [$this->createFormattedError($newMax, $maxExpected)]);`
Add Complexity and Depth Query Security 2016-04-09 11:04:14 +03:00			`}`

Fix CS in tests/Validator 2018-09-02 14:08:49 +03:00			`/**`
			`* @param string $queryString`
			`* @param int $max`
			`* @param string[][] $expectedErrors`
			`* @return Error[]`
			`*/`
			`protected function assertDocumentValidator($queryString, $max, array $expectedErrors = []) : array`
Add Complexity and Depth Query Security 2016-04-09 11:04:14 +03:00			`{`
			`$errors = DocumentValidator::validate(`
			`QuerySecuritySchema::buildSchema(),`
			`Parser::parse($queryString),`
			`[$this->getRule($max)]`
			`);`

Fix CS in tests/Validator 2018-09-02 14:08:49 +03:00			`$this->assertEquals($expectedErrors, array_map([Error::class, 'formatError'], $errors), $queryString);`
Add Complexity and Depth Query Security 2016-04-09 11:04:14 +03:00
			`return $errors;`
			`}`

Fix CS in tests/Validator 2018-09-02 14:08:49 +03:00			`protected function createFormattedError($max, $count, $locations = [])`
Add Complexity and Depth Query Security 2016-04-09 11:04:14 +03:00			`{`
Fix CS in tests/Validator 2018-09-02 14:08:49 +03:00			`return FormattedError::create($this->getErrorMessage($max, $count), $locations);`
Add Complexity and Depth Query Security 2016-04-09 11:04:14 +03:00			`}`

Fix CS in tests/Validator 2018-09-02 14:08:49 +03:00			`/**`
			`* @param int $max`
			`* @param int $count`
			`*`
			`* @return string`
			`*/`
			`abstract protected function getErrorMessage($max, $count);`

Add Complexity and Depth Query Security 2016-04-09 11:04:14 +03:00			`protected function assertIntrospectionTypeMetaFieldQuery($maxExpected)`
			`{`
			`$query = '`
			`{`
			`__type(name: "Human") {`
			`name`
			`}`
			`}`
			`';`

			`$this->assertMaxValue($query, $maxExpected);`
			`}`

			`protected function assertTypeNameMetaFieldQuery($maxExpected)`
			`{`
			`$query = '`
			`{`
			`human {`
			`__typename`
			`firstName`
			`}`
			`}`
			`';`
			`$this->assertMaxValue($query, $maxExpected);`
			`}`
			`}`