Got invalid value wrong interpretation #12
Comments
|
GraphQL.js uses the inspect function to print values in error messages which also leaks some details like function names. Maybe we should add our own inspect function to pyutils and use it everywhere for that purpose? Then we can easily modify what we expose in all error messages in a central location. I'd also like to stay close to GraphQL.js. |
|
That would be great! |
|
I'll get that into the next release then. |
|
The problem with the approach in graphql-core of simply JSON dumping values is that the actual error message is not shown when JSON dumping is not possible, instead you get a JSON error. Demonstration: import graphql
schema = graphql.build_ast_schema(graphql.parse(
"schema { query: T } input I { n: Int! } type T { s(i: I!): String }"))
query = "query ($i: I!) { s(i: $i) }"
result = graphql.graphql(schema, query, variables={'i': object()})
print(result.errors)This gives a TypeError("Object of type 'object' is not JSON serializable") instead of a GraphQLError("Variable '$i' got invalid value...; Expected type I to be a dict."). That's why I resorted to repr(). The custom inspect() function will not reveal as much as repr(). |
We don't want to leak too much of the inner representation of Python objects in the client-facing error messages.
Code in graphql-core
https://github.com/graphql-python/graphql-core/blob/master/graphql/execution/values.py#L71-L76
Code in graphql-core-next:
https://github.com/graphql-python/graphql-core-next/blob/master/graphql/execution/values.py#L96-L99
Graphql-core next leaks the inner Python representation of an object.
In general, after reviewing a lot of tests and code, there is a lot of usage of
reprwhen it should be used just for debugging, not for uniform error messages.The text was updated successfully, but these errors were encountered: