How to increase Parse Limit from 15000 in Graphql Using Quarkus

Question

I am using an Angular application with Graphql to communicate with a Java/Quarkus backend. There is a situation where a large object is generated and I am attempting to manipulate it in the backend.

An error occurs: Invalid Syntax : More than 15000 parse tokens have been presented. To prevent Denial Of Service attacks, parsing has been cancelled.

Smallrye-graphql and smallrye-graphql-client are being used and I was unable to find any parameter that could be set to increase the limit.

I am aware of this solution but am unsure how to apply it to a Quarkus scenario. More than 15000 parse tokens have been presented

Any help is greatly appreciated.

Please provide enough code so others can better understand or reproduce the problem. — Community, Aug 03 '22 at 20:29

score 0 · Accepted Answer · answered Aug 04 '22 at 06:04

Quarkus at the moment doesn't offer a straightforward way to configure the maximum allowed number of tokens in a query, but you should be able to set it by executing ParserOptions.setDefaultParserOptions(...) somewhere during the start of your application. For example, add a bean that executes it at boot:

public void onStart(@Observes StartupEvent startup) {
   ParserOptions.setDefaultParserOptions(ParserOptions.newParserOptions().maxTokens(90000).build());
}

Of course, be aware that this might be abusable by malicious clients, so if you're exposing such service to the internet, it should at least require authentication or so.

By the way, I reported a feature request: https://github.com/smallrye/smallrye-graphql/issues/1485 so once we implement it, there will be a configuration option for this — Jan Martiška, Aug 04 '22 at 07:08

How to increase Parse Limit from 15000 in Graphql Using Quarkus

1 Answers1