Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Limit the page size of GraphQL queries to 50 with the default to 10. #2561

Open
2 tasks
achimnol opened this issue Jul 25, 2024 · 2 comments
Open
2 tasks

Limit the page size of GraphQL queries to 50 with the default to 10. #2561

achimnol opened this issue Jul 25, 2024 · 2 comments
Labels
comp:manager Related to Manager component type:enhance Enhance component, behavior, internals without user-facing features urgency:5 It is imperative that action be taken right away.
Milestone

Comments

@achimnol
Copy link
Member

There were several mis-use of the paginated GraphQL queries by setting the page size to an unreasonably large number, like 1000.

Let's explicitly forbid such usage by setting the maximum page size to 50 and the default page size to 10 when not specified.

  • Legacy hand-crafted paginated queries
  • Relay node queries
@achimnol achimnol added comp:manager Related to Manager component type:enhance Enhance component, behavior, internals without user-facing features urgency:4 As soon as feasible, implementation is essential. urgency:5 It is imperative that action be taken right away. labels Jul 25, 2024
@achimnol achimnol added this to the 24.03 milestone Jul 25, 2024
@achimnol achimnol removed the urgency:4 As soon as feasible, implementation is essential. label Jul 25, 2024
@achimnol
Copy link
Member Author

@lqez will contribute to this issue!

@lqez
Copy link

lqez commented Aug 22, 2024

The below list shows the current implementation status of GraphQL models.

  v1 (graphene.ObjectType) v1 list (whole items) v1 list (manual paging) v2 (graphene.ObjectType & AsyncNode) v2 list (PaginatedConnection) variations
agent agent agents agent_list      
agent_summary agent_summary   agent_summary_list      
domain domain domains        
group group groups   group_node group_nodes groups_by_name
image image images   customized_image    
user user users user_list user_node user_nodes  
keypair keypair keypairs keypair_list      
keypair_resource_policiy keypair_resource_policy keypair_resource_policies        
user_resource user_resource_policy user_resource_policies        
project_resource project_resource_policy project_resource_policies        
resource_preset resource_preset resource_presets        
scailing_group scailing_group scailing_groups       scailing_groups_for_domain / scailing_groups_for_user_group / scailing_groups_for_keypair
storage_volume storage_volume   storage_volume_list      
vfolder vfolder vfolders vfolder_list vfolder_node vfolder_nodes  
vfolder_permission_list     vfolder_permission_list      
vfolder_own_list     vfolder_own_list      
vfolder_invited_list     vfolder_invited_list      
vfolder_project_list     vfolder_project_list      
vfolder_host_permissions   vfolder_host_permissions        
compute_session compute_session   compute_session_list      
compute_container compute_container   compute_container_list      
legacy_compute_session legacy_compute_session   legacy_compute_session_list      
endpoint endpoint   endpoint_list      
routing routing   routing_list      
endpoint_token endpoint_token   endpoint_token_list      
quota_scope quota_scope          
container_registry   container_registries   container_registry    
model_card       model_card model_cards  

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
comp:manager Related to Manager component type:enhance Enhance component, behavior, internals without user-facing features urgency:5 It is imperative that action be taken right away.
Projects
None yet
Development

No branches or pull requests

2 participants