2020-01-24 02:20:58 +03:00
|
|
|
-- Global project configuration.
|
|
|
|
|
--
|
|
|
|
|
-- This file can be overridden with cabal.project.local (see e.g. cabal.project.dev)
|
|
|
|
|
--
|
|
|
|
|
-- If you need to switch between several local configurations you can also
|
|
|
|
|
-- create a symlink to this file with a different name, e.g.:
|
|
|
|
|
-- $ ln -s cabal.project cabal.project.myconfig
|
|
|
|
|
-- $ ln -s cabal.project.freeze cabal.project.myconfig.freeze
|
|
|
|
|
-- ...and then create a new set of overrides in:
|
|
|
|
|
-- cabal.project.myconfig.local
|
|
|
|
|
-- ...and then invoke cabal with
|
|
|
|
|
-- $ cabal new-build --project-file=cabal.project.myconfig
|
|
|
|
|
--
|
2020-02-13 20:38:23 +03:00
|
|
|
-- See: https://www.haskell.org/cabal/users-guide/nix-local-build.html#configuring-builds-with-cabal-project
|
2021-08-11 07:18:40 +03:00
|
|
|
|
|
|
|
|
packages: server
|
2020-01-18 01:07:15 +03:00
|
|
|
|
2020-05-13 15:33:16 +03:00
|
|
|
constraints:
|
2021-08-11 07:18:40 +03:00
|
|
|
-- Ensure we don't end up with a freeze file that forces an incompatible
|
|
|
|
|
-- version in CI for `Setup.hs` scripts.
|
2020-04-03 11:24:51 +03:00
|
|
|
setup.Cabal <3.4
|
2020-05-13 15:33:16 +03:00
|
|
|
|
2020-01-18 01:07:15 +03:00
|
|
|
package *
|
|
|
|
|
optimization: 2
|
2020-04-03 11:24:51 +03:00
|
|
|
-- For tooling, e.g. 'weeder', and IDE-like stuff:
|
|
|
|
|
ghc-options: -fwrite-ide-info
|
2020-01-18 01:07:15 +03:00
|
|
|
|
|
|
|
|
haddock-html: true
|
|
|
|
|
haddock-hoogle: true
|
|
|
|
|
haddock-hyperlink-source: true
|
|
|
|
|
haddock-quickjump: true
|
|
|
|
|
|
|
|
|
|
package graphql-engine
|
|
|
|
|
ghc-options: -j
|
|
|
|
|
haddock-options: "--show-all"
|
|
|
|
|
|
|
|
|
|
source-repository-package
|
|
|
|
|
type: git
|
|
|
|
|
location: https://github.com/hasura/pg-client-hs.git
|
2021-08-24 18:08:55 +03:00
|
|
|
tag: f34319871aa5b7bc30551164bcf396f3b664631c
|
2020-01-18 01:07:15 +03:00
|
|
|
|
|
|
|
|
source-repository-package
|
|
|
|
|
type: git
|
|
|
|
|
location: https://github.com/hasura/graphql-parser-hs.git
|
Update GraphQL Parser version to fix text encoding issue (fix #1965)
### A long tale about encoding
GraphQL has an [introspection system](http://spec.graphql.org/June2018/#sec-Introspection), which allows its schema to be introspected. This is what we use to introspect [remote schemas](https://github.com/hasura/graphql-engine-mono/blob/41383e1f88c709c6cae4059a1b4fb8f2a58259e6/server/src-rsr/introspection.json). There is one place in the introspection where we might find GraphQL values: the default value of an argument.
```json
{
"fields": [
{
"name": "echo",
"args": [
{
"name": "msg",
"defaultValue": "\"Hello\\nWorld!\""
}
]
}
]
}
```
Note that GraphQL's introspection is transport agnostic: the default value isn't returned as a JSON value, but as a _string-encoded GraphQL Value_. In this case, the value is the GraphQL String `"Hello\nWorld!"`. Embedded into a string, it is encoded as: `"\"Hello\\nWorld!\""`.
When we [parse that value](https://github.com/hasura/graphql-engine-mono/blob/41383e1f88c709c6cae4059a1b4fb8f2a58259e6/server/src-lib/Hasura/GraphQL/RemoteServer.hs#L351), we first extract that JSON string, to get its content, `"Hello\nWorld!"`, then use our [GraphQL Parser library](https://github.com/hasura/graphql-parser-hs/blob/21c1ddfb41791578b66633a2e51f9deb43761108/src/Language/GraphQL/Draft/Parser.hs#L200) to interpret this: we find the double quote, understand that the content is a String, unescape the backslashes, and end up with the desired string value: `['H', 'e', 'l', 'l', 'o', '\n', 'W', 'o', 'r', 'l', 'd', '!']`. This all works fine.
However, there was a bug in the _printer_ part of our parser library: when printing back a String value, we would not re-escape characters properly. In practice, this meant that the GraphQL String `"Hello\nWorld"` would be encoded in JSON as `"\"Hello\nWorld!\""`. Note how the `\n` is not properly double-escaped. This led to a variety of problems, as described in #1965:
- we would successfully parse a remote schema containing such characters in its default values, but then would print those erroneous JSON values in our introspection, which would _crash the console_
- we would inject those default values in queries sent to remote schemas, and print them wrong doing so, sending invalid values to remote schemas and getting errors in result
It turns out that this bug had been lurking in the code for a long time: I combed through the history of [the parser library](https://github.com/hasura/graphql-parser-hs), and as far as I can tell, this bug has always been there. So why was it never caught? After all, we do have [round trip tests](https://github.com/hasura/graphql-parser-hs/blob/21c1ddfb41791578b66633a2e51f9deb43761108/test/Spec.hs#L52) that print + parse arbitrary values and check that we get the same value as a result. They do use any arbitrary unicode character in their generated strings. So... that should have covered it, right?
Well... it turns out that [the tests were ignoring errors](https://github.com/hasura/graphql-parser-hs/blob/7678066c49b61acf0c102a0ffe48e86897e2e22d/test/Spec.hs#L45), and would always return "SUCCESS" in CI, even if they failed... Furthermore, the sample size was small enough that, most of the time, _they would not hit such characters_. Running the tests locally on a loop, I only got errors ~10% of the time...
This was all fixed in hasura/graphql-parser-hs#44. This was probably one of Hasura's longest standing bugs? ^^'
### Description
This PR bumps the version of graphql-parser-hs in the engine, and switches some of our own arbitrary tests to use unicode characters in text rather than alphanumeric values. It turns out those tests were much better at hitting "bad" values, and that they consistently failed when generating arbitrary unicode characters.
https://github.com/hasura/graphql-engine-mono/pull/2031
GitOrigin-RevId: 54fa48270386a67336e5544351691619e0684559
2021-08-06 14:53:52 +03:00
|
|
|
tag: 21c1ddfb41791578b66633a2e51f9deb43761108
|
2020-01-18 01:07:15 +03:00
|
|
|
|
|
|
|
|
source-repository-package
|
|
|
|
|
type: git
|
|
|
|
|
location: https://github.com/hasura/ci-info-hs.git
|
2021-03-03 10:01:44 +03:00
|
|
|
tag: be578a01979fc95137cc2c84827f9fafb99df60f
|
2020-09-01 07:56:11 +03:00
|
|
|
|
|
|
|
|
source-repository-package
|
|
|
|
|
type: git
|
|
|
|
|
location: https://github.com/hasura/pool.git
|
2021-02-15 16:32:19 +03:00
|
|
|
tag: bc4c3f739a8fb8ec4444336a34662895831c9acf
|
2021-02-23 20:37:27 +03:00
|
|
|
|
|
|
|
|
source-repository-package
|
|
|
|
|
type: git
|
|
|
|
|
location: https://github.com/fpco/odbc.git
|
2021-02-24 10:46:09 +03:00
|
|
|
tag: 7c0cea45d0b779419eb16177407c4ee9e7ba4c6f
|
2021-02-23 20:37:27 +03:00
|
|
|
|
|
|
|
|
package odbc
|
|
|
|
|
ghc-options: -Wwarn
|
|
|
|
|
-- Our CI compiles with -Werror, which is also applied to those packages
|
|
|
|
|
-- while it's fine for packages we maintain, we can't actually enforce
|
|
|
|
|
-- that third-party packages are warning-free, hence this -Wno-error.
|
|
|
|
|
-- When the changes in odbc are released, we can instead depend on
|
|
|
|
|
-- the hackage version, and remove it from this list of packages.
|
2021-08-06 00:07:17 +03:00
|
|
|
|
|
|
|
|
source-repository-package
|
|
|
|
|
type: git
|
|
|
|
|
location: https://github.com/hasura/ekg-core.git
|
|
|
|
|
tag: e31b47d5c67e1347f141079ad2d18f682e1b046f
|
|
|
|
|
|
|
|
|
|
source-repository-package
|
|
|
|
|
type: git
|
|
|
|
|
location: https://github.com/hasura/ekg-json.git
|
|
|
|
|
tag: 098e3a5951c4991c823815706f1f58f608bb6ec3
|
2021-08-11 07:18:40 +03:00
|
|
|
|
