Fix infinite recursion bug

benjie · benjie · commit c2479a29d197 · 2024-05-23T17:08:12.000+01:00
diff --git a/src/validation/rules/MaxIntrospectionDepthRule.ts b/src/validation/rules/MaxIntrospectionDepthRule.ts
@@ -15,14 +15,34 @@ export function MaxIntrospectionDepthRule(
    * Counts the depth of list fields in "__Type" recursively and
    * returns `true` if the limit has been reached.
    */
-  function checkDepth(node: ASTNode, depth: number = 0): boolean {
+  function checkDepth(
+    node: ASTNode,
+    visitedFragments: Record<string, true>,
+    depth: number = 0,
+  ): boolean {
     if (node.kind === Kind.FRAGMENT_SPREAD) {
-      const fragment = context.getFragment(node.name.value);
+      const fragmentName = node.name.value;
+      if (visitedFragments[fragmentName]) {
+        // Fragment cycles are handled by `NoFragmentCyclesRule`.
+        return false;
+      }
+      const fragment = context.getFragment(fragmentName);
       if (!fragment) {
-        // missing fragments checks are handled by the `KnownFragmentNamesRule`
+        // Missing fragments checks are handled by `KnownFragmentNamesRule`.
         return false;
       }
-      return checkDepth(fragment, depth);
+
+      // Rather than following an immutable programming pattern which has
+      // significant memory and garbage collection overhead, we've opted to
+      // take a mutable approach for efficiency's sake. Importantly visiting a
+      // fragment twice is fine, so long as you don't do one visit inside the
+      // other.
+      try {
+        visitedFragments[fragmentName] = true;
+        return checkDepth(fragment, visitedFragments, depth);
+      } finally {
+        delete visitedFragments[fragmentName];
+      }
     }
 
     if (
@@ -43,7 +63,7 @@ export function MaxIntrospectionDepthRule(
     // handles fields and inline fragments
     if ('selectionSet' in node && node.selectionSet) {
       for (const child of node.selectionSet.selections) {
-        if (checkDepth(child, depth)) {
+        if (checkDepth(child, visitedFragments, depth)) {
           return true;
         }
       }
@@ -55,7 +75,7 @@ export function MaxIntrospectionDepthRule(
   return {
     Field(node) {
       if (node.name.value === '__schema' || node.name.value === '__type') {
-        if (checkDepth(node)) {
+        if (checkDepth(node, Object.create(null))) {
           context.reportError(
             new GraphQLError('Maximum introspection depth exceeded', {
               nodes: [node],
