Skip to content

Incorrect boolean validation #14

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
olegrok opened this issue Jul 11, 2021 · 1 comment · Fixed by #15
Closed

Incorrect boolean validation #14

olegrok opened this issue Jul 11, 2021 · 1 comment · Fixed by #15
Labels
bug Something isn't working

Comments

@olegrok
Copy link
Collaborator

olegrok commented Jul 11, 2021
edited
Loading 

tarantool> require('graphql.parse').parse('{ a(arg: False) }')
---
- definitions:
  - operation: query
    selectionSet:
      selections:
      - arguments:
        - kind: argument
          name:
            kind: name
            value: arg
          value:
            kind: enum
            value: False
        name:
          kind: name
          value: a
        kind: field
      kind: selectionSet
    kind: operation
  kind: document
...

Imagine that we have argument of boolean type. We make a typo - write "False" instead of "false". Parser consider it as "enum", not boolean. Finally we don't have an error - after processing we have "true" boolean value.

From spec:

Input Coercion
When expected as an input type, only boolean input values are accepted. All other input values must raise a request error indicating an incorrect type.
@olegrok olegrok added the bug Something isn't working label Jul 11, 2021
olegrok added a commit that referenced this issue Jul 11, 2021
@olegrok
throw if it's impossible to coerce boolean value
b3eea77 
Graphql spec states:
> Input Coercion
When expected as an input type, only boolean input values are accepted.
All other input values must raise a request error indicating an incorrect type.

(https://spec.graphql.org/draft/#sec-Boolean)

So we can't coerce string, numeric and enum values. And here we
faced main issue - because graphql parser considered "False" and
"True" as enum values (correct boolean values is "true" and
"false"). And if user passed "False" value to boolean argument it
silently converted to true. This patch check that passed node type
is boolean and raises if it's not so.

Closes #14
@olegrok olegrok mentioned this issue Jul 11, 2021
Merged
olegrok added a commit that referenced this issue Jul 13, 2021
@olegrok
throw if it's impossible to coerce boolean value
a2fc502 
Graphql spec states:
> Input Coercion
When expected as an input type, only boolean input values are accepted.
All other input values must raise a request error indicating an incorrect type.

(https://spec.graphql.org/draft/#sec-Boolean)

So we can't coerce string, numeric and enum values. And here we
faced main issue - because graphql parser considered "False" and
"True" as enum values (correct boolean values is "true" and
"false"). And if user passed "False" value to boolean argument it
silently converted to true. This patch check that passed node type
is boolean and raises if it's not so.

Closes #14
@kyukhin kyukhin added the teamE label Sep 10, 2021
@Totktonada
Copy link
Member

It seems, it is the regression from 84e9cce.

Totktonada pushed a commit that referenced this issue Sep 29, 2021
@olegrok @Totktonada
throw if it's impossible to coerce boolean value
6512d2b 
Graphql spec states:
> Input Coercion
When expected as an input type, only boolean input values are accepted.
All other input values must raise a request error indicating an incorrect type.

(https://spec.graphql.org/draft/#sec-Boolean)

So we can't coerce string, numeric and enum values. And here we
faced main issue - because graphql parser considered "False" and
"True" as enum values (correct boolean values is "true" and
"false"). And if user passed "False" value to boolean argument it
silently converted to true. This patch check that passed node type
is boolean and raises if it's not so.

Closes #14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

throw if it's impossible to coerce boolean value tarantool/graphql
3 participants
@Totktonada @olegrok @kyukhin