GraphQL related resources explain how query analysis can be done to protect the GraphQL endpoint. Some of the approaches which are being used are query depth analysis, query complexity analysis, etc. The question that I have is, does Query Analysis only refer to Queries? What about Mutations and Subscriptions? Or are all 3 (Query, Mutation, Subscription) included when we talk about query analysis?
3
votes
1 Answers
2
votes
Apollo Tracing is one of the Query Analysis Tools and based on what I have used it in graphql-java , it can be used on all Query , Mutation and Subscription. So , I believe the term Query Analysis can apply to all of them.
After all , all of them are handled in a pretty much the same way internally inside a GraphQL engine as defined by the spec. In the Execution Operation section, you can see both Query and Mutation has the same execution logic.The only differences are that Query is allow to execute in parallel while mutation can only execute in serial.
Then in the subscription response stream section ,it mentions :
The ExecuteSubscriptionEvent() algorithm is intentionally similar to ExecuteQuery() since this is how each event result is produced.
which mean at the end, its execution logic is the same as Query.
