Open Cold-A-Muse opened 2 years ago
## Description The [GraphQL Inspector](https://www.the-guild.dev/graphql/inspector/docs/essentials/audit) is a potential strong ally for use to keep a check on the resilience of our API (mostly its security). It would be good to investigate the Inspector, and see what types of data it can generate. * [ ] What can we extract from this Auditor? * [ ] Are there things we can do to add this to our CI process @jmitnik ?
This pull request is automatically being deployed by Amplify Hosting (learn more).
Access this pull request here: https://pr-478.d2j37lx5gsfgp1.amplifyapp.com
This pull request is automatically being deployed by Amplify Hosting (learn more).
Access this pull request here: https://pr-478.d36c61y3h9mqcx.amplifyapp.com
- Does this work for all GraphQL files in client / dashboard atm?
yes I use the blobs strings found in graphql-codegen files for both client and dashboard
- Do you know what the numbers mean already?
Depth: How many layers in your graphql query Aliases: N/A Directives: N/A Token count: Amount of grouped characters in your request (https://www.envelop.dev/docs/guides/securing-your-graphql-api#reject-malicious-operation-documents) Complexity Score: just some cost analysis algorithm that indicates how likely there will be resource overload. (think it is mentioned here https://github.com/Escape-Technologies/graphql-armor#cost-limit)
- Any particular number we should use as "threshold"?
Anything a little bit above our current largest query i suppose Depth GetWorkspaceSessions: 13 so like 15? (unless we want to make this query simpler one way or another) Token count GetDialogueStatistics: 212 so like 250?
FIXES HAAS-445