node list GraphQL Api : add fields + Add GraphQL Api to fetch transactions list on type #51
Conversation
| resolve(fn args, _ -> | ||
| type = Map.get(args, :type) | ||
| page = Map.get(args, :page, 1) | ||
| {:ok, Resolver.network_transactions(String.to_atom(type), page)} |
There was a problem hiding this comment.
You should avoid to use String.to_atom as it may create a overflow of the atom list in the Erlang VM. It's a security issue, and a way to bring down nodes for attackers.
But you can either create a function to parse stringified type to atomized type, or use String.to_existing_atom
| resolve(fn args, _ -> | ||
| type = Map.get(args, :type) | ||
| page = Map.get(args, :page, 1) | ||
| {:ok, Resolver.network_transactions(String.to_atom(type), page)} |
There was a problem hiding this comment.
You should avoid to use String.to_atom as it may create a overflow of the atom table in the Erlang VM. It's a security issue, and a way to bring down nodes for attackers.
But you can create a function to parse stringified type to atomized type. This approach will enable a validation for the existing type and will sanitize the input.
Those checks can be done in the resolver itself.
|
is it possible to fix this PR with someone who have better skills in elixir than me please :) that's a small evolution ;) |
ghost
closed this
|
Moved to #198 |
See Issue #49