Description
From vektah/gqlparser#375
Open Policy Agent implements a pruneIrrelevantGraphQLASTNodes() func that removes position information from the GraphQL AST.
This causes issues on the ErrorPosf() path because that function assumes that the pos *ast.Position argument will not be nil.
The result is that it is easy to crash Open Policy Agent with bad input as you can see in this playground that results in runtime error: invalid memory address or nil pointer dereference.
Impacts:
Expected behavior
OPA doesn't crash when passed broken GraphQL schemas.
Additional context
I will submit a pull request with a test case for this that will fail until upstream merges a fix.
Description
From vektah/gqlparser#375
Open Policy Agent implements a pruneIrrelevantGraphQLASTNodes() func that removes position information from the GraphQL AST.
This causes issues on the ErrorPosf() path because that function assumes that the
pos *ast.Positionargument will not be nil.The result is that it is easy to crash Open Policy Agent with bad input as you can see in this playground that results in
runtime error: invalid memory address or nil pointer dereference.Impacts:
Expected behavior
OPA doesn't crash when passed broken GraphQL schemas.
Additional context
I will submit a pull request with a test case for this that will fail until upstream merges a fix.