graphql-rust
proposal:embed graphql-parser as a secure graphql parser for multiple languages
Currently the reference implementation and python graphql-core have a stack problem (this project most probably too, but easily fixable via the generator hack, see graphql-core issue) and the evaluation of graphql strings is slow (performance bottleneck which could be used for a ddos):
You can specify highly nested graphs and the parser crashes before any security software can evaluate the tree.
See issue:
- https://github.com/graphql/graphql-js/issues/4031
- https://github.com/graphql-python/graphql-core/issues/216
So my idea is to fix the projects properly by replacing their parsers with a high performance graphql string parser. And this could be something like this project.
Are you interested in this idea?
Given that I have no rust knowledge yet I would need some guidance should we start the project. Also it would require some coordination between the three projects (not sure how this can be handled).
I think we would take PRs to expose and test the crate via other languages (using something like Neon for JS for example) but it is not a priority for us.
I'm going to close this as it is not actionable, but we would love PRs that add support for other langs!
actually there is one approach. But I have no time, so far future. Just close it.