I am using
compile group: 'com.graphql-java',
name: 'graphql-java-tools',
version: '5.2.4'
type Query {
sampleQuery(roll : Int!) : SampleResponse
}
When I am trying to access this as given below in java
{sampleQuery(roll : ?2){samples{roll,name}}}
It gives 200 success response instead of 400 error response (as we are trying to pass invalid value in the input).
Here, the integer input accepts the values like ?2 or .2 or '2 or *2 or /2 etc...
Why does it accept it? What can I do to validate this input and throw error saying invalid input param? Is this an issue from graphQl implementation itself?
In the console logs I do get
line 2:72 token recognition error at: '?'
but I also get correct response for it. Ideally, this should not return valid response as the input itself is invalid.
The main question is why don't graphQL validates integer input; rather it parses the input(discards the characters along with the digits)? It should strictly accept only the integer values and nothing else.
So as per the graphql grammer, it allows(parses) the integer value appended with some characters(tokens) (like ?,~`/*...etc) But it does not allow the punctuators like @,&,$,!,{,],[,|, etc. Therefore, 200 success response is received and error is not thrown in this case.
Reference: https://spec.graphql.org/draft/