test: postgraphile tests for interface ordering and interface compute…

…d columns (#2368)

CONTRIBUTING.md

@@ -131,6 +131,24 @@ Here's an example for `homebrew`:
 brew install diffutils
 ```
 
+### Update test snapshots
+
+If you're contributing to our test suite, make sure you update (and then check!)
+the test snapshots:
+
+```shell
+UPDATE_SNAPSHOTS=1 yarn test
+```
+
+If you're iterating you may want to test just a single file; to do so change
+into the relevant folder and then run that single file with `jest` with
+`UPDATE_SNAPSHOTS` enabled:
+
+```shell
+cd postgraphile/postgraphile
+UPDATE_SNAPSHOTS=1 yarn jest __tests__/path/to/test.file.graphql
+```
+
 ## ASK FIRST!
 
 There's nothing worse than having your PR with 3 days of work in it rejected

postgraphile/postgraphile/__tests__/kitchen-sink-schema.sql

@@ -1560,6 +1560,18 @@ create table polymorphic.third_party_vulnerabilities (
   vendor_name text
 );
 
+create function polymorphic.first_party_vulnerabilities_cvss_score_int (
+  r polymorphic.first_party_vulnerabilities
+) returns int as $$
+select (r.cvss_score * 100)::int;
+$$ language sql stable;
+
+create function polymorphic.third_party_vulnerabilities_cvss_score_int (
+  r polymorphic.third_party_vulnerabilities
+) returns int as $$
+select (r.cvss_score * 100)::int;
+$$ language sql stable;
+
 create table polymorphic.aws_application_first_party_vulnerabilities (
   aws_application_id int not null references polymorphic.aws_applications,
   first_party_vulnerability_id int not null references polymorphic.first_party_vulnerabilities,

postgraphile/postgraphile/__tests__/queries/polymorphic/vulns-ordering.json5

@@ -0,0 +1,82 @@
+{
+  allVulnerabilities: {
+    nodes: [
+      {
+        __typename: "ThirdPartyVulnerability",
+        id: 3,
+        name: "SQL injection",
+        cvssScore: 10,
+        vendorName: "Eval-Sequel-Corp",
+        cvssScoreInt: 1000,
+      },
+      {
+        __typename: "ThirdPartyVulnerability",
+        id: 2,
+        name: "XSS",
+        cvssScore: 9.1,
+        vendorName: "Frog-Render-Lib",
+        cvssScoreInt: 910,
+      },
+      {
+        __typename: "FirstPartyVulnerability",
+        id: 3,
+        name: "Exponential backtracking",
+        cvssScore: 7.7,
+      },
+      {
+        __typename: "ThirdPartyVulnerability",
+        id: 1,
+        name: "CSRF",
+        cvssScore: 7.5,
+        vendorName: "98-Factor-Login",
+        cvssScoreInt: 750,
+      },
+      {
+        __typename: "FirstPartyVulnerability",
+        id: 2,
+        name: "Index-out-of-bounds",
+        cvssScore: 7.2,
+      },
+      {
+        __typename: "FirstPartyVulnerability",
+        id: 4,
+        name: "Information disclosure",
+        cvssScore: 7.2,
+      },
+      {
+        __typename: "ThirdPartyVulnerability",
+        id: 5,
+        name: "License",
+        cvssScore: 7.2,
+        vendorName: "Frog-Render-Lib",
+        cvssScoreInt: 720,
+      },
+      {
+        __typename: "ThirdPartyVulnerability",
+        id: 4,
+        name: "Malware",
+        cvssScore: 7.2,
+        vendorName: "Frog-Render-Lib",
+        cvssScoreInt: 720,
+      },
+      {
+        __typename: "FirstPartyVulnerability",
+        id: 5,
+        name: "Timing attack",
+        cvssScore: 7.2,
+      },
+      {
+        __typename: "FirstPartyVulnerability",
+        id: 6,
+        name: "Race condition",
+        cvssScore: 5,
+      },
+      {
+        __typename: "FirstPartyVulnerability",
+        id: 1,
+        name: "Off-by-one",
+        cvssScore: 3,
+      },
+    ],
+  },
+}

postgraphile/postgraphile/__tests__/queries/polymorphic/vulns-ordering.mermaid

@@ -0,0 +1,90 @@
+%%{init: {'themeVariables': { 'fontSize': '12px'}}}%%
+graph TD
+    classDef path fill:#eee,stroke:#000,color:#000
+    classDef plan fill:#fff,stroke-width:1px,color:#000
+    classDef itemplan fill:#fff,stroke-width:2px,color:#000
+    classDef unbatchedplan fill:#dff,stroke-width:1px,color:#000
+    classDef sideeffectplan fill:#fcc,stroke-width:2px,color:#000
+    classDef bucket fill:#f6f6f6,color:#000,stroke-width:2px,text-align:left
+
+
+    %% plan dependencies
+    Object13{{"Object[13∈0] ➊<br />ᐸ{pgSettings,withPgClient}ᐳ"}}:::plan
+    Access11{{"Access[11∈0] ➊<br />ᐸ2.pgSettingsᐳ"}}:::plan
+    Access12{{"Access[12∈0] ➊<br />ᐸ2.withPgClientᐳ"}}:::plan
+    Access11 & Access12 --> Object13
+    __Value2["__Value[2∈0] ➊<br />ᐸcontextᐳ"]:::plan
+    __Value2 --> Access11
+    __Value2 --> Access12
+    __Value4["__Value[4∈0] ➊<br />ᐸrootValueᐳ"]:::plan
+    Connection14{{"Connection[14∈0] ➊<br />ᐸ10ᐳ"}}:::plan
+    PgUnionAll15[["PgUnionAll[15∈1] ➊"]]:::plan
+    Object13 & Connection14 --> PgUnionAll15
+    Access45{{"Access[45∈1] ➊<br />ᐸ15.itemsᐳ"}}:::plan
+    PgUnionAll15 --> Access45
+    __Item17[/"__Item[17∈2]<br />ᐸ45ᐳ"\]:::itemplan
+    Access45 ==> __Item17
+    PgUnionAllSingle18["PgUnionAllSingle[18∈2]"]:::plan
+    __Item17 --> PgUnionAllSingle18
+    Access19{{"Access[19∈2]<br />ᐸ18.1ᐳ"}}:::plan
+    PgUnionAllSingle18 --> Access19
+    PgSelect22[["PgSelect[22∈3]<br />ᐸfirst_party_vulnerabilitiesᐳ<br />ᐳFirstPartyVulnerability"]]:::plan
+    Access21{{"Access[21∈3]<br />ᐸ20.0ᐳ"}}:::plan
+    Object13 & Access21 --> PgSelect22
+    PgSelect34[["PgSelect[34∈3]<br />ᐸthird_party_vulnerabilitiesᐳ<br />ᐳThirdPartyVulnerability"]]:::plan
+    Access33{{"Access[33∈3]<br />ᐸ32.0ᐳ"}}:::plan
+    Object13 & Access33 --> PgSelect34
+    JSONParse20[["JSONParse[20∈3]<br />ᐸ19ᐳ<br />ᐳFirstPartyVulnerability"]]:::plan
+    Access19 --> JSONParse20
+    JSONParse20 --> Access21
+    First26{{"First[26∈3]"}}:::plan
+    PgSelectRows27[["PgSelectRows[27∈3]"]]:::plan
+    PgSelectRows27 --> First26
+    PgSelect22 --> PgSelectRows27
+    PgSelectSingle28{{"PgSelectSingle[28∈3]<br />ᐸfirst_party_vulnerabilitiesᐳ"}}:::plan
+    First26 --> PgSelectSingle28
+    PgClassExpression29{{"PgClassExpression[29∈3]<br />ᐸ__first_pa...ies__.”id”ᐳ"}}:::plan
+    PgSelectSingle28 --> PgClassExpression29
+    PgClassExpression30{{"PgClassExpression[30∈3]<br />ᐸ__first_pa...s__.”name”ᐳ"}}:::plan
+    PgSelectSingle28 --> PgClassExpression30
+    PgClassExpression31{{"PgClassExpression[31∈3]<br />ᐸ__first_pa...vss_score”ᐳ"}}:::plan
+    PgSelectSingle28 --> PgClassExpression31
+    JSONParse32[["JSONParse[32∈3]<br />ᐸ19ᐳ<br />ᐳThirdPartyVulnerability"]]:::plan
+    Access19 --> JSONParse32
+    JSONParse32 --> Access33
+    First36{{"First[36∈3]"}}:::plan
+    PgSelectRows37[["PgSelectRows[37∈3]"]]:::plan
+    PgSelectRows37 --> First36
+    PgSelect34 --> PgSelectRows37
+    PgSelectSingle38{{"PgSelectSingle[38∈3]<br />ᐸthird_party_vulnerabilitiesᐳ"}}:::plan
+    First36 --> PgSelectSingle38
+    PgClassExpression39{{"PgClassExpression[39∈3]<br />ᐸ__third_pa...ies__.”id”ᐳ"}}:::plan
+    PgSelectSingle38 --> PgClassExpression39
+    PgClassExpression40{{"PgClassExpression[40∈3]<br />ᐸ__third_pa...s__.”name”ᐳ"}}:::plan
+    PgSelectSingle38 --> PgClassExpression40
+    PgClassExpression41{{"PgClassExpression[41∈3]<br />ᐸ__third_pa...vss_score”ᐳ"}}:::plan
+    PgSelectSingle38 --> PgClassExpression41
+    PgClassExpression42{{"PgClassExpression[42∈3]<br />ᐸ__third_pa...ndor_name”ᐳ"}}:::plan
+    PgSelectSingle38 --> PgClassExpression42
+    PgClassExpression44{{"PgClassExpression[44∈3]<br />ᐸ”polymorph...ilities__)ᐳ"}}:::plan
+    PgSelectSingle38 --> PgClassExpression44
+
+    %% define steps
+
+    subgraph "Buckets for queries/polymorphic/vulns-ordering"
+    Bucket0("Bucket 0 (root)"):::bucket
+    classDef bucket0 stroke:#696969
+    class Bucket0,__Value2,__Value4,Access11,Access12,Object13,Connection14 bucket0
+    Bucket1("Bucket 1 (nullableBoundary)<br />Deps: 13, 14<br /><br />ROOT Connectionᐸ10ᐳ[14]"):::bucket
+    classDef bucket1 stroke:#00bfff
+    class Bucket1,PgUnionAll15,Access45 bucket1
+    Bucket2("Bucket 2 (listItem)<br />Deps: 13<br /><br />ROOT __Item{2}ᐸ45ᐳ[17]"):::bucket
+    classDef bucket2 stroke:#7f007f
+    class Bucket2,__Item17,PgUnionAllSingle18,Access19 bucket2
+    Bucket3("Bucket 3 (polymorphic)<br />FirstPartyVulnerability,ThirdPartyVulnerability<br />Deps: 19, 13, 18<br />ᐳFirstPartyVulnerability<br />ᐳThirdPartyVulnerability<br /><br />1: JSONParse[20], JSONParse[32]<br />ᐳ: Access[21], Access[33]<br />2: PgSelect[22], PgSelect[34]<br />3: PgSelectRows[27], PgSelectRows[37]<br />ᐳ: 26, 28, 29, 30, 31, 36, 38, 39, 40, 41, 42, 44"):::bucket
+    classDef bucket3 stroke:#ffa500
+    class Bucket3,JSONParse20,Access21,PgSelect22,First26,PgSelectRows27,PgSelectSingle28,PgClassExpression29,PgClassExpression30,PgClassExpression31,JSONParse32,Access33,PgSelect34,First36,PgSelectRows37,PgSelectSingle38,PgClassExpression39,PgClassExpression40,PgClassExpression41,PgClassExpression42,PgClassExpression44 bucket3
+    Bucket0 --> Bucket1
+    Bucket1 --> Bucket2
+    Bucket2 --> Bucket3
+    end

postgraphile/postgraphile/__tests__/queries/polymorphic/vulns-ordering.sql

@@ -0,0 +1,92 @@
+select
+  __vulnerability__."0" as "0",
+  __vulnerability__."1"::text as "1",
+  __vulnerability__."2"::text as "2",
+  __vulnerability__."3" as "3"
+from (
+    select
+      __first_party_vulnerabilities__."0",
+      __first_party_vulnerabilities__."1",
+      __first_party_vulnerabilities__."2",
+      __first_party_vulnerabilities__."3",
+      "n"
+    from (
+      select
+        'FirstPartyVulnerability' as "0",
+        json_build_array((__first_party_vulnerabilities__."id")::text) as "1",
+        __first_party_vulnerabilities__."cvss_score" as "2",
+        __first_party_vulnerabilities__."name" as "3",
+        row_number() over (
+          order by
+            __first_party_vulnerabilities__."cvss_score" desc,
+            __first_party_vulnerabilities__."name" asc,
+            __first_party_vulnerabilities__."id" asc
+        ) as "n"
+      from "polymorphic"."first_party_vulnerabilities" as __first_party_vulnerabilities__
+      order by
+        __first_party_vulnerabilities__."cvss_score" desc,
+        __first_party_vulnerabilities__."name" asc,
+        __first_party_vulnerabilities__."id" asc
+    ) as __first_party_vulnerabilities__
+  union all
+    select
+      __third_party_vulnerabilities__."0",
+      __third_party_vulnerabilities__."1",
+      __third_party_vulnerabilities__."2",
+      __third_party_vulnerabilities__."3",
+      "n"
+    from (
+      select
+        'ThirdPartyVulnerability' as "0",
+        json_build_array((__third_party_vulnerabilities__."id")::text) as "1",
+        __third_party_vulnerabilities__."cvss_score" as "2",
+        __third_party_vulnerabilities__."name" as "3",
+        row_number() over (
+          order by
+            __third_party_vulnerabilities__."cvss_score" desc,
+            __third_party_vulnerabilities__."name" asc,
+            __third_party_vulnerabilities__."id" asc
+        ) as "n"
+      from "polymorphic"."third_party_vulnerabilities" as __third_party_vulnerabilities__
+      order by
+        __third_party_vulnerabilities__."cvss_score" desc,
+        __third_party_vulnerabilities__."name" asc,
+        __third_party_vulnerabilities__."id" asc
+    ) as __third_party_vulnerabilities__
+  order by
+    "2" desc,
+    "3" asc,
+    "0" asc,
+    "n" asc
+) __vulnerability__
+
+
+select __first_party_vulnerabilities_result__.*
+from (select ids.ordinality - 1 as idx, (ids.value->>0)::"int4" as "id0" from json_array_elements($1::json) with ordinality as ids) as __first_party_vulnerabilities_identifiers__,
+lateral (
+  select
+    __first_party_vulnerabilities__."id"::text as "0",
+    __first_party_vulnerabilities__."name" as "1",
+    __first_party_vulnerabilities__."cvss_score"::text as "2",
+    __first_party_vulnerabilities_identifiers__.idx as "3"
+  from "polymorphic"."first_party_vulnerabilities" as __first_party_vulnerabilities__
+  where (
+    __first_party_vulnerabilities__."id" = __first_party_vulnerabilities_identifiers__."id0"
+  )
+) as __first_party_vulnerabilities_result__;
+
+select __third_party_vulnerabilities_result__.*
+from (select ids.ordinality - 1 as idx, (ids.value->>0)::"int4" as "id0" from json_array_elements($1::json) with ordinality as ids) as __third_party_vulnerabilities_identifiers__,
+lateral (
+  select
+    __third_party_vulnerabilities__."id"::text as "0",
+    __third_party_vulnerabilities__."name" as "1",
+    __third_party_vulnerabilities__."cvss_score"::text as "2",
+    __third_party_vulnerabilities__."vendor_name" as "3",
+    ("polymorphic"."third_party_vulnerabilities_cvss_score_int"(__third_party_vulnerabilities__))::text as "4",
+    __third_party_vulnerabilities_identifiers__.idx as "5"
+  from "polymorphic"."third_party_vulnerabilities" as __third_party_vulnerabilities__
+  where (
+    __third_party_vulnerabilities__."id" = __third_party_vulnerabilities_identifiers__."id0"
+  )
+) as __third_party_vulnerabilities_result__;

postgraphile/postgraphile/__tests__/queries/polymorphic/vulns-ordering.test.graphql

@@ -0,0 +1,18 @@
+## expect(errors).toBeFalsy()
+#> schema: ["polymorphic"]
+#> simpleCollections: "both"
+
+{
+  allVulnerabilities(orderBy: [CVSS_SCORE_DESC, NAME_ASC]) {
+    nodes {
+      __typename
+      id
+      name
+      cvssScore
+      ... on ThirdPartyVulnerability {
+        vendorName
+        cvssScoreInt
+      }
+    }
+  }
+}