MC-36035: Prevent input based resource allocation

- Removed min page size validation.

Author: hwyu@adobe.com

app/etc/di.xml

@@ -1943,7 +1943,6 @@
     </type>
     <type name="Magento\Framework\Webapi\Validator\SearchCriteriaValidator">
         <arguments>
-            <argument name="minimumPageSize" xsi:type="number">10</argument>
             <argument name="maximumPageSize" xsi:type="number">300</argument>
         </arguments>
     </type>
@@ -1957,7 +1956,6 @@
     </type>
     <type name="Magento\Framework\GraphQl\Query\Resolver\Argument\Validator\SearchCriteriaValidator">
         <arguments>
-            <argument name="minPageSize" xsi:type="number">10</argument>
             <argument name="maxPageSize" xsi:type="number">300</argument>
         </arguments>
     </type>

lib/internal/Magento/Framework/GraphQl/Query/Resolver/Argument/Validator/SearchCriteriaValidator.php

@@ -17,23 +17,16 @@
  */
 class SearchCriteriaValidator implements ValidatorInterface
 {
-    /**
-     * @var int
-     */
-    private $minPageSize;
-
     /**
      * @var int
      */
     private $maxPageSize;
 
     /**
-     * @param int $minPageSize
      * @param int $maxPageSize
      */
-    public function __construct(int $minPageSize, int $maxPageSize)
+    public function __construct(int $maxPageSize)
     {
-        $this->minPageSize = $minPageSize;
         $this->maxPageSize = $maxPageSize;
     }
 
@@ -42,17 +35,10 @@ public function __construct(int $minPageSize, int $maxPageSize)
      */
     public function validate(Field $field, $args): void
     {
-        if (isset($args['pageSize'])) {
-            if ($args['pageSize'] < $this->minPageSize) {
-                throw new GraphQlInputException(
-                    __("Minimum pageSize is %min", ['min' => $this->minPageSize])
-                );
-            }
-            if ($args['pageSize'] > $this->maxPageSize) {
-                throw new GraphQlInputException(
-                    __("Maximum pageSize is %max", ['max' => $this->maxPageSize])
-                );
-            }
+        if (isset($args['pageSize']) && $args['pageSize'] > $this->maxPageSize) {
+            throw new GraphQlInputException(
+                __("Maximum pageSize is %max", ['max' => $this->maxPageSize])
+            );
         }
     }
 }

lib/internal/Magento/Framework/GraphQl/Test/Unit/Query/Resolver/Argument/Validator/SearchCriteriaValidatorTest.php

@@ -23,31 +23,18 @@ class SearchCriteriaValidatorTest extends TestCase
      */
     public function testValidValue()
     {
-        $validator = new SearchCriteriaValidator(1, 3);
+        $validator = new SearchCriteriaValidator(3);
         $field = self::getMockBuilder(Field::class)
             ->disableOriginalConstructor()
             ->getMock();
-        $validator->validate($field, ['pageSize' => 1]);
-        $validator->validate($field, ['pageSize' => 2]);
         $validator->validate($field, ['pageSize' => 3]);
     }
 
-    public function testValidInvalidMinValue()
-    {
-        $this->expectException(GraphQlInputException::class);
-        $this->expectExceptionMessage("Minimum pageSize is 1");
-        $validator = new SearchCriteriaValidator(1, 3);
-        $field = self::getMockBuilder(Field::class)
-            ->disableOriginalConstructor()
-            ->getMock();
-        $validator->validate($field, ['pageSize' => 0]);
-    }
-
     public function testValidInvalidMaxValue()
     {
         $this->expectException(GraphQlInputException::class);
         $this->expectExceptionMessage("Maximum pageSize is 3");
-        $validator = new SearchCriteriaValidator(1, 3);
+        $validator = new SearchCriteriaValidator(3);
         $field = self::getMockBuilder(Field::class)
             ->disableOriginalConstructor()
             ->getMock();

lib/internal/Magento/Framework/Webapi/ServiceInputProcessor.php

@@ -135,7 +135,7 @@ public function __construct(
         $this->customAttributePreprocessors = $customAttributePreprocessors;
         $this->serviceInputValidator = $serviceInputValidator
             ?: ObjectManager::getInstance()->get(ServiceInputValidatorInterface::class);
-        $this->defaultPageSize = $defaultPageSize;
+        $this->defaultPageSize = $defaultPageSize >= 10 ? $defaultPageSize : 10;
     }
 
     /**

lib/internal/Magento/Framework/Webapi/Test/Unit/Validator/SearchCriteriaValidatorTest.php

@@ -24,25 +24,16 @@ class SearchCriteriaValidatorTest extends TestCase
     public function testAllowsPageSizeWhenAboveMinLimitAndBelowMaxLimit()
     {
         $searchCriteria = new SearchCriteria();
-        $validator = new SearchCriteriaValidator(1, 3);
+        $validator = new SearchCriteriaValidator(3);
         $validator->validateEntityValue($searchCriteria, 'pageSize', 2);
     }
 
-    public function testFailsPageSizeWhenBelowMinLimit()
-    {
-        $this->expectException(InvalidArgumentException::class);
-        $this->expectErrorMessage('Minimum SearchCriteria pageSize is 1');
-        $searchCriteria = new SearchCriteria();
-        $validator = new SearchCriteriaValidator(1, 3);
-        $validator->validateEntityValue($searchCriteria, 'pageSize', 0);
-    }
-
     public function testFailsPageSizeWhenAboveMaxLimit()
     {
         $this->expectException(InvalidArgumentException::class);
         $this->expectErrorMessage('Maximum SearchCriteria pageSize is 3');
         $searchCriteria = new SearchCriteria();
-        $validator = new SearchCriteriaValidator(1, 3);
+        $validator = new SearchCriteriaValidator(3);
         $validator->validateEntityValue($searchCriteria, 'pageSize', 4);
     }
 }

lib/internal/Magento/Framework/Webapi/Validator/SearchCriteriaValidator.php

@@ -16,23 +16,16 @@
  */
 class SearchCriteriaValidator implements ServiceInputValidatorInterface
 {
-    /**
-     * @var int
-     */
-    private $minimumPageSize;
-
     /**
      * @var int
      */
     private $maximumPageSize;
 
     /**
-     * @param int $minimumPageSize
      * @param int $maximumPageSize
      */
-    public function __construct(int $minimumPageSize, int $maximumPageSize)
+    public function __construct(int $maximumPageSize)
     {
-        $this->minimumPageSize = $minimumPageSize;
         $this->maximumPageSize = $maximumPageSize;
     }
 
@@ -49,17 +42,13 @@ public function validateComplexArrayType(string $className, array $items): void
      */
     public function validateEntityValue(object $entity, string $propertyName, $value): void
     {
-        if ($entity instanceof SearchCriteriaInterface && $propertyName === 'pageSize') {
-            if ($value < $this->minimumPageSize) {
-                throw new InvalidArgumentException(
-                    __('Minimum SearchCriteria pageSize is %min', ['min' => $this->minimumPageSize])
-                );
-            }
-            if ($value > $this->maximumPageSize) {
-                throw new InvalidArgumentException(
-                    __('Maximum SearchCriteria pageSize is %max', ['max' => $this->maximumPageSize])
-                );
-            }
+        if ($entity instanceof SearchCriteriaInterface
+            && $propertyName === 'pageSize'
+            && $value > $this->maximumPageSize
+        ) {
+            throw new InvalidArgumentException(
+                __('Maximum SearchCriteria pageSize is %max', ['max' => $this->maximumPageSize])
+            );
         }
     }
 }