graphql-java#352 - fixed the bug where too many tokens are allowed as valid

bbakerman · bbakerman · commit 096da1c1f1c2 · 2017-04-17T10:54:09.000+10:00
diff --git a/src/main/java/graphql/parser/Parser.java b/src/main/java/graphql/parser/Parser.java
@@ -6,7 +6,11 @@
 import org.antlr.v4.runtime.ANTLRInputStream;
 import org.antlr.v4.runtime.BailErrorStrategy;
 import org.antlr.v4.runtime.CommonTokenStream;
+import org.antlr.v4.runtime.Token;
 import org.antlr.v4.runtime.atn.PredictionMode;
+import org.antlr.v4.runtime.misc.ParseCancellationException;
+
+import java.util.List;
 
 public class Parser {
 
@@ -25,6 +29,21 @@ public Document parseDocument(String input) {
 
         GraphqlAntlrToLanguage antlrToLanguage = new GraphqlAntlrToLanguage(tokens);
         antlrToLanguage.visitDocument(document);
+
+        Token stop = document.getStop();
+        List<Token> allTokens = tokens.getTokens();
+        if (stop != null && allTokens != null && !allTokens.isEmpty()) {
+            Token last = allTokens.get(allTokens.size() - 1);
+            //
+            // do we have more tokens in the stream than we consumed in the parse?
+            // if yes then its invalid.  We make sure its the same channel
+            boolean notEOF = last.getType() != Token.EOF;
+            boolean lastGreaterThanDocument = last.getTokenIndex() > stop.getTokenIndex();
+            boolean sameChannel = last.getChannel() == stop.getChannel();
+            if (notEOF && lastGreaterThanDocument && sameChannel) {
+                throw new ParseCancellationException("There are more tokens in the query that have not been consumed");
+            }
+        }
         return antlrToLanguage.result;
     }
 }
diff --git a/src/test/groovy/graphql/parser/ParserTest.groovy b/src/test/groovy/graphql/parser/ParserTest.groovy
@@ -317,7 +317,7 @@ class ParserTest extends Specification {
 
         then:
         isEqual(helloField, new Field("hello", [new Argument("arg", new StringValue("hello, world"))]))
-        helloField.comments.collect { c-> c.content } == [" this is some comment, which should be captured"]
+        helloField.comments.collect { c -> c.content } == [" this is some comment, which should be captured"]
     }
 
     @Unroll
@@ -408,4 +408,39 @@ class ParserTest extends Specification {
         'extend'     | _
         'directive'  | _
     }
+
+    def "#352 - incorrect parentheses are detected"() {
+        given:
+        def input = "{profile(id:117) {firstNames, lastNames, frontDegree}}}"
+
+        when:
+        new Parser().parseDocument(input)
+
+        then:
+        def exception = thrown(ParseCancellationException)
+        exception != null
+    }
+
+    def "#352 - lots of incorrect parentheses are detected"() {
+        given:
+        def input = "{profile(id:117) {firstNames, lastNames, frontDegree}}}}}}}}"
+
+        when:
+        new Parser().parseDocument(input)
+
+        then:
+        def exception = thrown(ParseCancellationException)
+        exception != null
+    }
+
+    def "#352 - comments don't count as unused"() {
+        given:
+        def input = "{profile(id:117) {firstNames, lastNames, frontDegree}} #trailing comments don't count"
+
+        when:
+        new Parser().parseDocument(input)
+
+        then:
+        noExceptionThrown()
+    }
 }
