More than 15000 parse tokens have been presented

Question

I am using Spring Boot with Netflix DGS (GraphQL) frameworks. I need to mutation my type which is big "Object" with recursive binding. When I want to use mutation, the DGS framework responses me with this error message:

More than 15000 parse tokens have been presented. To prevent Denial Of Service attacks, parsing has been cancelled. offending token ':' at line 1 column 97831

It is possible to increase this limitation by some configuration ideally maybe in application.yml, or in some GraphQL config?

Thanks for any answer.

score 3 · Accepted Answer · edited Mar 07 '22 at 08:04

3

I think this is related to this change: https://github.com/graphql-java/graphql-java/pull/2549

New limits have been introduced to GraphQL.

You can use graphql.parser.ParserOptions; to set a higher maxTokens value.

edited Mar 07 '22 at 08:04

Procrastinator

2,526
30
27
36

answered Mar 03 '22 at 07:12

Martin

46
2

score 1 · Answer 2 · answered Jul 11 '22 at 12:57

1

There is a by-default limit set of maxTokens as 15000, you can change it using below configuration:

ParserOptions.setDefaultParserOptions(ParserOptions.newParserOptions().maxTokens(<YOUR_NEW_VALUE>).build());

answered Jul 11 '22 at 12:57

Rahul Tiwari

269
2
6

Stephen Spalding · Answer 3 · 2023-05-26T23:17:07.810

As mentioned by @rahul-tiwari and @bertkoor, this is related to a change in graphql-java that adds a new token limit for DOS protection.

In order to change this limit within the Netflix DGS framework, you can implement GraphQLContextContributor (docs) to set ParserOptions.

@Component
public class MyGraphQLContextContributor implements GraphQLContextContributor {

  @Override
  public void contribute(
      @NotNull GraphQLContext.Builder builder,
      @Nullable Map<String, ?> extensions,
      @Nullable DgsRequestData dgsRequestData) {

    ParserOptions parserOptions = ParserOptions.newParserOptions().maxTokens(1_000_000).build();
    ParserOptions.setDefaultParserOptions(parserOptions);
    builder.put(ParserOptions.class, parserOptions);
  }
}

BertKoor · Answer 4 · 2022-09-26T14:41:42.347

For anyone like me stubling upon this, since graphql-java 18.3 / netflix.graphql.dgs 5.2.4 you need to call ParserOptions.setDefaultOperationParserOption.

Full code snippet which takes any existing options into account:

    ParserOptions.setDefaultParserOptions(ParserOptions.getDefaultParserOptions()
            .transform(opts -> opts.maxTokens(<YOUR_NEW_VALUE>)));
    ParserOptions.setDefaultOperationParserOptions(ParserOptions.getDefaultOperationParserOptions()
            .transform(opts -> opts.maxTokens(<YOUR_NEW_VALUE>)));

More than 15000 parse tokens have been presented

4 Answers4

Linked