Upgrade from 2.2.0 to 2.3.0 breaks app (GraphQL queries with fragments)

[nesrual]

Current behaviour
Logging works as expected with 2.2.0

Expected behaviour
The app crashes with this error message:

undefined method `arguments' for an instance of GraphQL::Language::Nodes::FragmentSpread (NoMethodError)

                  set_hash_with_variables(resolver_args, selection.arguments, query.provided_variables)
                                                                  ^^^^^^^^^^

This is when GraphQL queries are performed:

result = DaBackendSchema.execute(query, variables:, context:, operation_name:)

Crashed in non-app: datadog (2.3.0) lib/datadog/appsec/contrib/graphql/gateway/multiplex.rb in block in create_arguments_hash

[y9v]

hey @nesrual, thank you for reaching out!

I will look into this.

[y9v]

@nesrual could you tell me your graphql gem version, and maybe also something about how I can reproduce this issue?

Is this some particular query that is failing?

[nesrual]

It seems to be all queries. I have not been able to reproduce the error in test/dev yet. I will test further tomorrow and let you know my findings.

We use the following GraphQL gems:

graphql-pro (1.29.0)
graphql (2.3.14)
      base64
      fiber-storage
    graphql-batch (0.6.0)
      graphql (>= 1.12.18, < 3)
      promise.rb (~> 0.7.2)
    graphql-c_parser (1.1.1)
      graphql (>= 2.2.10)
    graphql-persisted_queries (1.8.1)
      graphql (>= 1.12)

[nesrual]

I have done some more digging around and I found that this triggers the error:

This query will result in a 500 server error:

query {
  accounts {
    ...AccountDetails
    __typename
  }
}

fragment AccountDetails on Account {
  id
  name
  accountType
  useBudget
  parent {
    id
    __typename
  }
  __typename
}

whereas this works fine:

query {
  accounts {
  id
  name
  accountType
  useBudget
  parent {
    id
    __typename
  }
    __typename
  }
}

So I think it could have something to do with using fragments in the query.

The error returned is:

web-1  | App 321 output: NoMethodError (undefined method `arguments' for an instance of GraphQL::Language::Nodes::FragmentSpread):
web-1  | App 321 output:
web-1  | App 321 output: app/controllers/graphql_controller.rb:25:in `execute'
web-1  | App 321 output:
web-1  | App 321 output: NoMethodError (undefined method `arguments' for an instance of GraphQL::Language::Nodes::FragmentSpread):
web-1  | App 321 output:
web-1  | App 321 output: app/controllers/graphql_controller.rb:25:in `execute'

[y9v]

@nesrual thank you! This definitely helps a lot, I will look into queries with fragments

[y9v]

@nesrual I could reproduce the issue locally and I am now actively working on a fix for this

[y9v]

@nesrual we just released version 2.4.0 that fixes this issue. Could you please try it out?