{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,24]],"date-time":"2026-02-24T19:44:30Z","timestamp":1771962270630,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":40,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,11,8]],"date-time":"2020-11-08T00:00:00Z","timestamp":1604793600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,11,8]]},"DOI":"10.1145\/3368089.3409670","type":"proceedings-article","created":{"date-parts":[[2020,11,10]],"date-time":"2020-11-10T21:09:10Z","timestamp":1605042550000},"page":"257-268","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":13,"title":["A principled approach to GraphQL query cost analysis"],"prefix":"10.1145","author":[{"given":"Alan","family":"Cha","sequence":"first","affiliation":[{"name":"IBM Research, USA"}]},{"given":"Erik","family":"Wittern","sequence":"additional","affiliation":[{"name":"IBM, USA"}]},{"given":"Guillaume","family":"Baudart","sequence":"additional","affiliation":[{"name":"IBM Research, USA"}]},{"given":"James C.","family":"Davis","sequence":"additional","affiliation":[{"name":"Purdue University, USA"}]},{"given":"Louis","family":"Mandel","sequence":"additional","affiliation":[{"name":"IBM Research, USA"}]},{"given":"Jim A.","family":"Laredo","sequence":"additional","affiliation":[{"name":"IBM Research, USA"}]}],"member":"320","published-online":{"date-parts":[[2020,11,8]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"2016. How do you prevent nested attack on GraphQL\/Apollo server ? https:\/\/web.archive.org\/web\/20200910231657\/https:\/\/stackoverflow.com\/ questions\/37337466\/how-do-you-prevent-nested-attack-on-graphql-apolloserver\/37338465  2016. How do you prevent nested attack on GraphQL\/Apollo server ? https:\/\/web.archive.org\/web\/20200910231657\/https:\/\/stackoverflow.com\/ questions\/37337466\/how-do-you-prevent-nested-attack-on-graphql-apolloserver\/37338465"},{"key":"e_1_3_2_2_2_1","unstructured":"2017. Yelp-Introducing Yelp's Local Graph. https:\/\/web.archive.org\/web\/ 20200910231907\/https:\/\/engineeringblog.yelp.com\/ 2017 \/05\/introducing-yelpslocal-graph.html  2017. Yelp-Introducing Yelp's Local Graph. https:\/\/web.archive.org\/web\/ 20200910231907\/https:\/\/engineeringblog.yelp.com\/ 2017 \/05\/introducing-yelpslocal-graph.html"},{"key":"e_1_3_2_2_3_1","unstructured":"2018. GraphQL Specification. https:\/\/graphql.org\/graphql-spec\/  2018. GraphQL Specification. https:\/\/graphql.org\/graphql-spec\/"},{"key":"e_1_3_2_2_4_1","unstructured":"2019. Contentful-Query complexity limits. https:\/\/www.contentful.com\/ developers\/docs\/references\/graphql\/#\/introduction\/api-rate-limits  2019. Contentful-Query complexity limits. https:\/\/www.contentful.com\/ developers\/docs\/references\/graphql\/#\/introduction\/api-rate-limits"},{"key":"e_1_3_2_2_5_1","unstructured":"2019. GitHub-GraphQL API v4. https:\/\/developer.github.com\/v4\/  2019. GitHub-GraphQL API v4. https:\/\/developer.github.com\/v4\/"},{"key":"e_1_3_2_2_6_1","unstructured":"2019. GitHub-GraphQL Example Queries. https:\/\/github.com\/github\/platformsamples\/tree\/master\/graphql\/queri  2019. GitHub-GraphQL Example Queries. https:\/\/github.com\/github\/platformsamples\/tree\/master\/graphql\/queri"},{"key":"e_1_3_2_2_7_1","unstructured":"2019. GitHub GraphQL API v4: GraphQL resource limitations. https: \/\/developer.github.com\/v4\/guides\/resource-limitations\/  2019. GitHub GraphQL API v4: GraphQL resource limitations. https: \/\/developer.github.com\/v4\/guides\/resource-limitations\/"},{"key":"e_1_3_2_2_8_1","unstructured":"2019. GraphiQL-An in-browser IDE for exploring GraphQL. https:\/\/github.com\/ graphql\/graphiql  2019. GraphiQL-An in-browser IDE for exploring GraphQL. https:\/\/github.com\/ graphql\/graphiql"},{"key":"e_1_3_2_2_9_1","unstructured":"2019. GraphQL Docs: Introspection. https:\/\/graphql.org\/learn\/introspection\/  2019. GraphQL Docs: Introspection. https:\/\/graphql.org\/learn\/introspection\/"},{"key":"e_1_3_2_2_10_1","unstructured":"2019. GraphQL Docs: Pagination. http:\/\/graphql.org\/learn\/pagination\/  2019. GraphQL Docs: Pagination. http:\/\/graphql.org\/learn\/pagination\/"},{"key":"e_1_3_2_2_11_1","unstructured":"2019. GraphQL Docs: The Query and Mutation types. https:\/\/graphql.org\/learn\/ schema\/# the-query-and-mutation-types  2019. GraphQL Docs: The Query and Mutation types. https:\/\/graphql.org\/learn\/ schema\/# the-query-and-mutation-types"},{"key":"e_1_3_2_2_12_1","unstructured":"2019. GraphQL Faker. https:\/\/github.com\/APIs-guru\/graphql-faker  2019. GraphQL Faker. https:\/\/github.com\/APIs-guru\/graphql-faker"},{"key":"e_1_3_2_2_13_1","unstructured":"2019. GraphQL.js-JavaScript reference implementation for GraphQL. https: \/\/github.com\/graphql\/graphql-js  2019. GraphQL.js-JavaScript reference implementation for GraphQL. https: \/\/github.com\/graphql\/graphql-js"},{"key":"e_1_3_2_2_14_1","unstructured":"2019. Oracle Database Documentation. https:\/\/docs.oracle.com\/database  2019. Oracle Database Documentation. https:\/\/docs.oracle.com\/database"},{"key":"e_1_3_2_2_15_1","unstructured":"2019. Public GraphQL APIs. https:\/\/github.com\/APIs-guru\/graphql-apis  2019. Public GraphQL APIs. https:\/\/github.com\/APIs-guru\/graphql-apis"},{"key":"e_1_3_2_2_16_1","unstructured":"2019. Relay-Pagination Specification. https:\/\/facebook.github.io\/relay\/graphql\/ connections.htm  2019. Relay-Pagination Specification. https:\/\/facebook.github.io\/relay\/graphql\/ connections.htm"},{"key":"e_1_3_2_2_17_1","unstructured":"2019. Shopify-GraphQL Admin API rate limits. https:\/\/shopify.dev\/concepts\/ about-apis\/rate-limits#graphql-admin-api-rate-limits  2019. Shopify-GraphQL Admin API rate limits. https:\/\/shopify.dev\/concepts\/ about-apis\/rate-limits#graphql-admin-api-rate-limits"},{"key":"e_1_3_2_2_18_1","unstructured":"2019. Shopify-Shopify Storefront API. https:\/\/shopify.dev\/docs\/storefront-api  2019. Shopify-Shopify Storefront API. https:\/\/shopify.dev\/docs\/storefront-api"},{"key":"e_1_3_2_2_19_1","unstructured":"2019. Yelp-GraphQL API Points-Based Daily Limit. https:\/\/www.yelp.com\/ developers\/graphql\/guides\/rate_limiting  2019. Yelp-GraphQL API Points-Based Daily Limit. https:\/\/www.yelp.com\/ developers\/graphql\/guides\/rate_limiting"},{"key":"e_1_3_2_2_20_1","unstructured":"2020. 4Catalyzer\/graphql-validation-complexity: Query complexity validation for GraphQL.js. https:\/\/github.com\/4Catalyzer\/graphql-validation-complexity  2020. 4Catalyzer\/graphql-validation-complexity: Query complexity validation for GraphQL.js. https:\/\/github.com\/4Catalyzer\/graphql-validation-complexity"},{"key":"e_1_3_2_2_21_1","unstructured":"2020. Google Apigee. https:\/\/cloud.google.com\/apigee\/  2020. Google Apigee. https:\/\/cloud.google.com\/apigee\/"},{"key":"e_1_3_2_2_22_1","unstructured":"2020. IBM API Connect. https:\/\/www.ibm.com\/cloud\/api-connect  2020. IBM API Connect. https:\/\/www.ibm.com\/cloud\/api-connect"},{"key":"e_1_3_2_2_23_1","unstructured":"2020. pabru\/graphql-cost-analysis: A Graphql query cost analyzer. https: \/\/github.com\/pa-bru\/ graphql-cost-analysis  2020. pabru\/graphql-cost-analysis: A Graphql query cost analyzer. https: \/\/github.com\/pa-bru\/ graphql-cost-analysis"},{"key":"e_1_3_2_2_24_1","unstructured":"2020. RedHat 3Scale. https:\/\/www.3scale.net\/  2020. RedHat 3Scale. https:\/\/www.3scale.net\/"},{"key":"e_1_3_2_2_25_1","unstructured":"2020. slicknode\/graphql-query-complexity: GraphQL query complexity analysis and validation for graphql-js. https:\/\/github.com\/slicknode\/graphql-querycomplexity  2020. slicknode\/graphql-query-complexity: GraphQL query complexity analysis and validation for graphql-js. https:\/\/github.com\/slicknode\/graphql-querycomplexity"},{"key":"e_1_3_2_2_26_1","unstructured":"2020. Who's using GraphQL? http :\/\/graphql.org\/users  2020. Who's using GraphQL? http :\/\/graphql.org\/users"},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"crossref","unstructured":"Hudson Borges and Marco Tulio Valente. 2018. What's in a GitHub star? understanding repository starring practices in a social coding platform. 112-129 pages.  Hudson Borges and Marco Tulio Valente. 2018. What's in a GitHub star? understanding repository starring practices in a social coding platform. 112-129 pages.","DOI":"10.1016\/j.jss.2018.09.016"},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2019.8667986"},{"key":"e_1_3_2_2_30_1","unstructured":"Lee Byron. 2015. GraphQL: A data query language. https: \/\/web.archive.org\/web\/20200910232048\/https:\/\/engineering.fb.com\/coredata\/graphql-a-data-query-language\/  Lee Byron. 2015. GraphQL: A data query language. https: \/\/web.archive.org\/web\/20200910232048\/https:\/\/engineering.fb.com\/coredata\/graphql-a-data-query-language\/"},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.5281\/zenodo.4023299"},{"key":"e_1_3_2_2_32_1","volume-title":"Proceedings of the 12th Conference on USENIX Security Symposium-Volume 12 (Washington, DC) ( SSYM'03). USENIX Association, 29-44","author":"Scott","unstructured":"Scott A. Crosby and Dan S. Wallach. 2003. Denial of Service via Algorithmic Complexity Attacks . In Proceedings of the 12th Conference on USENIX Security Symposium-Volume 12 (Washington, DC) ( SSYM'03). USENIX Association, 29-44 . Scott A. Crosby and Dan S. Wallach. 2003. Denial of Service via Algorithmic Complexity Attacks. In Proceedings of the 12th Conference on USENIX Security Symposium-Volume 12 (Washington, DC) ( SSYM'03). USENIX Association, 29-44."},{"key":"e_1_3_2_2_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/1375581.1375607"},{"key":"e_1_3_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3178876.3186014"},{"key":"e_1_3_2_2_35_1","volume-title":"Vivek R. Narasayya, and Surajit Chaudhuri.","author":"Li Jiexing","year":"2012","unstructured":"Jiexing Li , Arnd Christian K\u00f6nig , Vivek R. Narasayya, and Surajit Chaudhuri. 2012 ., 1555-1566 pages. Jiexing Li, Arnd Christian K\u00f6nig, Vivek R. Narasayya, and Surajit Chaudhuri. 2012., 1555-1566 pages."},{"key":"e_1_3_2_2_36_1","unstructured":"Arnaud Rinquin. 2017. Avoiding n+1 requests in GraphQL including within subscriptions. https:\/\/web.archive.org\/web\/20200910232552\/https: \/\/medium.com\/slite\/avoiding-n-1-requests-in-graphql-including-withinsubscriptions-f9d7867a257d  Arnaud Rinquin. 2017. Avoiding n+1 requests in GraphQL including within subscriptions. https:\/\/web.archive.org\/web\/20200910232552\/https: \/\/medium.com\/slite\/avoiding-n-1-requests-in-graphql-including-withinsubscriptions-f9d7867a257d"},{"key":"e_1_3_2_2_37_1","unstructured":"Nick Shrock. 2015. GraphQL Introduction. https:\/\/web.archive.org\/web\/ 20200414211542\/https:\/\/reactjs.org\/blog\/2015\/05\/01\/graphql-introduction.html  Nick Shrock. 2015. GraphQL Introduction. https:\/\/web.archive.org\/web\/ 20200414211542\/https:\/\/reactjs.org\/blog\/2015\/05\/01\/graphql-introduction.html"},{"key":"e_1_3_2_2_38_1","unstructured":"Max Stoiber. 2018. Securing Your GraphQL API from Malicious Queries. https:\/\/web.archive.org\/web\/20200910232751\/https:\/\/www.apollographql.com\/ blog\/securing-your-graphql-api-from-malicious-queries-16130a324a6b\/  Max Stoiber. 2018. Securing Your GraphQL API from Malicious Queries. https:\/\/web.archive.org\/web\/20200910232751\/https:\/\/www.apollographql.com\/ blog\/securing-your-graphql-api-from-malicious-queries-16130a324a6b\/"},{"key":"e_1_3_2_2_39_1","unstructured":"Rob Thelen. 2020. API Connect is making GraphQL safer for the enterprise. https:\/\/web.archive.org\/web\/20200910232932\/https:\/\/community.ibm.com\/ community\/user\/imwuc\/blogs\/rob-thelen1\/ 2020 \/06\/16\/api-connect-is-makinggraphql-safer-for-the-enterp  Rob Thelen. 2020. API Connect is making GraphQL safer for the enterprise. https:\/\/web.archive.org\/web\/20200910232932\/https:\/\/community.ibm.com\/ community\/user\/imwuc\/blogs\/rob-thelen1\/ 2020 \/06\/16\/api-connect-is-makinggraphql-safer-for-the-enterp"},{"key":"e_1_3_2_2_40_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-33702-5_1"},{"key":"e_1_3_2_2_41_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-91662-0_5"}],"event":{"name":"ESEC\/FSE '20: 28th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering","location":"Virtual Event USA","acronym":"ESEC\/FSE '20","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering"]},"container-title":["Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3368089.3409670","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3368089.3409670","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:44:39Z","timestamp":1750203879000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3368089.3409670"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,11,8]]},"references-count":40,"alternative-id":["10.1145\/3368089.3409670","10.1145\/3368089"],"URL":"https:\/\/doi.org\/10.1145\/3368089.3409670","relation":{},"subject":[],"published":{"date-parts":[[2020,11,8]]},"assertion":[{"value":"2020-11-08","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}