Fixed value overflows break query validation. (#5522)

ChilliCream · Nov 1, 2022 · 5c59a9f · 5c59a9f
1 parent 9158360
commit 5c59a9f
Show file tree

Hide file tree

Showing 5 changed files with 88 additions and 9 deletions.
diff --git a/src/HotChocolate/Core/src/Types/Types/Scalars/IntType.cs b/src/HotChocolate/Core/src/Types/Types/Scalars/IntType.cs
@@ -50,9 +50,9 @@ public IntType(int min, int max)
         Description = description;
     }
 
-    protected override int ParseLiteral(IntValueNode valueSyntax) =>
-        valueSyntax.ToInt32();
+    protected override int ParseLiteral(IntValueNode valueSyntax)
+        => valueSyntax.ToInt32();
 
-    protected override IntValueNode ParseValue(int runtimeValue) =>
-        new(runtimeValue);
+    protected override IntValueNode ParseValue(int runtimeValue)
+        => new(runtimeValue);
 }
diff --git a/src/HotChocolate/Core/src/Types/Types/Scalars/IntegerTypeBase.cs b/src/HotChocolate/Core/src/Types/Types/Scalars/IntegerTypeBase.cs
@@ -27,7 +27,14 @@ public abstract class IntegerTypeBase<TRuntimeType>
 
     protected override bool IsInstanceOfType(IntValueNode valueSyntax)
     {
-        return IsInstanceOfType(ParseLiteral(valueSyntax));
+        try
+        {
+            return IsInstanceOfType(ParseLiteral(valueSyntax));
+        }
+        catch (InvalidFormatException)
+        {
+            return false;
+        }
     }
 
     protected override bool IsInstanceOfType(TRuntimeType runtimeValue)

diff --git a/src/HotChocolate/Core/src/Validation/Rules/ValueVisitor.cs b/src/HotChocolate/Core/src/Validation/Rules/ValueVisitor.cs
@@ -223,7 +223,7 @@ public ValueVisitor()
                                     inputObjectType));
                         }
                         else if (value.Value.Kind is SyntaxKind.Variable &&
-                            !IsInstanceOfType(context, new NonNullType(field.Type), value.Value))
+                            !TryIsInstanceOfType(context, new NonNullType(field.Type), value.Value))
                         {
                             context.ReportError(
                                 context.OneOfVariablesMustBeNonNull(
@@ -332,7 +332,7 @@ public ValueVisitor()
         if (context.Types.TryPeek(out var currentType) &&
             currentType is IInputType locationType)
         {
-            if (valueNode.IsNull() || IsInstanceOfType(context, locationType, valueNode))
+            if (valueNode.IsNull() || TryIsInstanceOfType(context, locationType, valueNode))
             {
                 return Skip;
             }
@@ -348,7 +348,7 @@ public ValueVisitor()
         return Skip;
     }
 
-    private bool TryCreateValueError(
+    private static bool TryCreateValueError(
         IDocumentValidatorContext context,
         IInputType locationType,
         IValueNode valueNode,
@@ -390,6 +390,23 @@ public ValueVisitor()
         return false;
     }
 
+    private bool TryIsInstanceOfType(
+        IDocumentValidatorContext context,
+        IInputType inputType,
+        IValueNode value)
+    {
+        try
+        {
+            return IsInstanceOfType(context, inputType, value);
+        }
+        // in the case a scalar IsInstanceOfType check is not done well an throws we will
+        // catch this here and make sure that the validation fails correctly.
+        catch
+        {
+            return false;
+        }
+    }
+
     private bool IsInstanceOfType(
         IDocumentValidatorContext context,
         IInputType inputType,

diff --git a/src/HotChocolate/Core/test/Validation.Tests/ValuesOfCorrectTypeRuleTests.cs b/src/HotChocolate/Core/test/Validation.Tests/ValuesOfCorrectTypeRuleTests.cs
@@ -211,6 +211,17 @@ public void GoodIntNegativeValue()
             ");
     }
 
+    [Fact]
+    public void OverflowInt()
+    {
+        ExpectErrors($@"
+            {{
+              arguments {{
+                intArgField(intArg: {long.MaxValue})
+              }}
+            }}");
+    }
+
     [Fact]
     public void GoodNullToBooleanNullableValue()
     {
@@ -1173,4 +1184,4 @@ public void BadVariablesListWithInvalidItem()
                 }
             ");
     }
-}
+}
diff --git a/...te/Core/test/Validation.Tests/__snapshots__/ValuesOfCorrectTypeRuleTests.OverflowInt.snap b/...te/Core/test/Validation.Tests/__snapshots__/ValuesOfCorrectTypeRuleTests.OverflowInt.snap
@@ -0,0 +1,44 @@
+[
+  {
+    "Message": "The specified argument value does not match the argument type.",
+    "Code": null,
+    "Path": {
+      "Name": "intArgField",
+      "Parent": {
+        "Name": "arguments",
+        "Parent": {
+          "Parent": null,
+          "Depth": -1,
+          "IsRoot": true
+        },
+        "Depth": 0,
+        "IsRoot": false
+      },
+      "Depth": 1,
+      "IsRoot": false
+    },
+    "Locations": [
+      {
+        "Line": 4,
+        "Column": 37
+      }
+    ],
+    "Extensions": {
+      "argument": "intArg",
+      "argumentValue": "9223372036854775807",
+      "locationType": "Int",
+      "specifiedBy": "http://spec.graphql.org/October2021/#sec-Values-of-Correct-Type"
+    },
+    "Exception": null,
+    "SyntaxNode": {
+      "Kind": "IntValue",
+      "Location": {
+        "Start": 77,
+        "End": 97,
+        "Line": 4,
+        "Column": 37
+      },
+      "Value": "9223372036854775807"
+    }
+  }
+]