1
68%
main: 68%

Ran 13 Jan 2026 03:45PM UTC

Files 96

Run time 3s

Badge

Embed ▾

Committed 13 Jan 2026 03:38PM UTC coverage: 68.114% (+0.5%) from 67.588%

Job # 20962737247.1

Build Type

push

github

Committed by

web-flow

Commit Message

fix: Prevent GraphQL query bypass and add service provider validation (#898)

* fix(service): add query size limit to /status endpoint

Add a 4KB size limit check for status queries before parsing to prevent
memory exhaustion attacks from large malicious queries.

Part of TRST-H-2 security fix for GraphQL allowlist bypass.

* fix(service): prevent GraphQL allowlist bypass via fragment handling [TRST-H-2]

The /status endpoint's field allowlist could be bypassed by hiding
forbidden fields inside inline fragments or named fragment spreads.

The validation only checked Selection::Field, ignoring InlineFragment
and FragmentSpread variants entirely.

Changes:
- Add recursive field extraction that traverses all selection types
- Implement circular fragment detection to prevent infinite loops
- Add depth limit (10) to prevent stack overflow from deep nesting

* fix(service): reject undefined fragment references in status queries

Run Details

10168 of 14928 relevant lines covered (68.11%)

82.57 hits per line

graphprotocol / indexer-rs / 20962737247 / 1
68%
main: 68%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 20962737247.1

graphprotocol / indexer-rs / 20962737247 / 1 68% main: 68%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 20962737247.1

graphprotocol / indexer-rs / 20962737247 / 1
68%
main: 68%

README BADGES
x