Upgrade to Pro — share decks privately, control downloads, hide ads and more …

GraphQL API を悪意あるクエリから守る手法

Yuu Igarashi
May 14, 2020
Programming
0
130

GraphQL API を悪意あるクエリから守る手法

GraphQL では容易にサーバーに負荷をかけるクエリを書けてしまいます。この発表では、そうした悪意あるクエリから GraphQL API を守る手法を紹介します。

本発表の内容は以下のブログ記事でも詳しく解説しています。
https://yigarashi.hatenablog.com/entry/graphql-query-analysis

Yuu Igarashi

May 14, 2020
Tweet

More Decks by Yuu Igarashi

See All by Yuu Igarashi
プロダクトマネージャーがアジャイルに習熟して生まれた強いチームの話
yigarashi
0
720
はてなEMキャリアパス 最速攻略RTA 新卒部門
yigarashi
2
1.9k
30分でわかるFour Keysの基礎と重要性
yigarashi
31
18k
スクラムで作る頼もしく生き生きとしたチーム / The lively trustworthy team by scrum
yigarashi
4
7.4k
Hatena Engineer Seminar #14 GraphQL編
yigarashi
1
1.5k

Other Decks in Programming

See All in Programming
1인 개발자로 행복하게 살기 - GDG 송도 헬로월드 2024
benjaminkim
1
5.6k
Tailwind CSSを本気でカスタマイズする方法
fsubal
2
280
0→1と1→10の狭間で Javaという技術選定を振り返る/Reflecting on the Decision to Choose Java Between Scaling from 0 to 1 and 1 to 10
jaguar_imo
2
370
"config" ってなんだ? / What is "config"?
okashoi
0
220
From Spring Boot 2 to Spring Boot 3 with Java 21 and Jakarta EE
ivargrimstad
0
1.1k
Milestoner
bkuhlmann
1
400
CircleCIを活用して AWSへの継続的デリバリーを 実践する
coconala_engineer
1
230
What We Can Learn From OSS
inouehi
0
400
Git Lint
bkuhlmann
4
740
エンターテイメント業界で利用されるAWS
demuyan
0
200
From Spring Boot 2 to Spring Boot 3 with Java 22 and Jakarta EE
ivargrimstad
0
910
スクラムガイドのスプリントレトロスペクティブを改めて読みかえしてみた / Re-reading the Sprint Retrospective Section in the Scrum Guide
mackey0225
3
330

Featured

See All Featured
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
1
3.4k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
1
1.3k
How GitHub Uses GitHub to Build GitHub
holman
468
290k
[RailsConf 2023] Rails as a piece of cake
palkan
22
3.9k
A Tale of Four Properties
chriscoyier
150
22k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
240
1.2M
Design by the Numbers
sachag
274
18k
Into the Great Unknown - MozCon
thekraken
10
980
How To Stay Up To Date on Web Technology
chriscoyier
782
250k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
18
6.9k
In The Pink: A Labor of Love
frogandcode
138
21k
Documentation Writing (for coders)
carmenintech
59
3.9k

Transcript

  1. ϖύϘɾ͸ͯͳٕज़େձ ZJHBSBTIJ (SBQI2-"1*Λ ѱҙ͋ΔΫΤϦ͔ΒकΔख๏

  2. (SBQI2-

  3. ಋೖ(SBQI2- "1*ͷͨΊͷΫΤϦݴޠͱΫΤϦʹԠͨ͡σʔλΛฦ͢ϥϯλΠϜ

  4. ಋೖ(SBQI2- "1*ͷͨΊͷΫΤϦݴޠͱΫΤϦʹԠͨ͡σʔλΛฦ͢ϥϯλΠϜ ΫϥΠΞϯτ αʔόʔ ʢϥϯλΠϜʣ

  5. ಋೖ(SBQI2- "1*ͷͨΊͷΫΤϦݴޠͱΫΤϦʹԠͨ͡σʔλΛฦ͢ϥϯλΠϜ ΫϥΠΞϯτ αʔόʔ ʢϥϯλΠϜʣ { me { name interests

    } } ΫΤϦ

  6. ಋೖ(SBQI2- "1*ͷͨΊͷΫΤϦݴޠͱΫΤϦʹԠͨ͡σʔλΛฦ͢ϥϯλΠϜ ΫϥΠΞϯτ αʔόʔ ʢϥϯλΠϜʣ { me { name interests

    } } ΫΤϦ { "me": { "name": "yigarashi", "interests": [ "ϓϩδΣΫτϚωδϝϯτ", "GraphQL", "ϓϩάϥϛϯάݴޠཧ࿦", ] } } ฦΓ஋ʢ+40/ʣ

  7. ಋೖ(SBQI2- "1*ͷͨΊͷΫΤϦݴޠͱΫΤϦʹԠͨ͡σʔλΛฦ͢ϥϯλΠϜ ΫϥΠΞϯτ αʔόʔ ʢϥϯλΠϜʣ { me { name interests

    } } ΫΤϦ { "me": { "name": "yigarashi", "interests": [ "ϓϩδΣΫτϚωδϝϯτ", "GraphQL", "ϓϩάϥϛϯάݴޠཧ࿦", ] } } ฦΓ஋ʢ+40/ʣ ΫΤϦͱಉ͡ܗͷ +40/͕ฦ͞ΕΔ

  8. ಋೖ(SBQI2- ΋͏গ͠ෳࡶͳྫ ΫϥΠΞϯτ αʔόʔ ʢϥϯλΠϜʣ

  9. ಋೖ(SBQI2- ΋͏গ͠ෳࡶͳྫ ΫϥΠΞϯτ αʔόʔ ʢϥϯλΠϜʣ { countries(first: 1) { name

    cities(first: 2) { name } } } ΫΤϦ

  10. ಋೖ(SBQI2- ΋͏গ͠ෳࡶͳྫ ΫϥΠΞϯτ αʔόʔ ʢϥϯλΠϜʣ { countries(first: 1) { name

    cities(first: 2) { name } } } ΫΤϦ Ҿ਺Λड͚औΔ͜ͱ͕Ͱ͖Δɻ pSTU͸42-Ͱݴ͏MJNJU

  11. ಋೖ(SBQI2- ΋͏গ͠ෳࡶͳྫ ΫϥΠΞϯτ αʔόʔ ʢϥϯλΠϜʣ { countries(first: 1) { name

    cities(first: 2) { name } } } ΫΤϦ { "countries": [ { "name": "೔ຊ", "cities": [ { "name": "ژ౎ࢢ" }, { "name": "৽॓۠" }, ] }, ] } ฦΓ஋ʢ+40/ʣ Ҿ਺Λड͚औΔ͜ͱ͕Ͱ͖Δɻ pSTU͸42-Ͱݴ͏MJNJU

  12. ύϫϑϧ

  13. ѱҙ͋Δਓ͕ ࢖͏ͱʜʜ

  14. ѱҙ͋ΔΫΤϦ  ΫϥΠΞϯτ αʔόʔ ʢϥϯλΠϜʣ

  15. ѱҙ͋ΔΫΤϦ  ΫϥΠΞϯτ αʔόʔ ʢϥϯλΠϜʣ { countries(first: 100) { name

    cities(first: 100) { name streets(first: 1000) { name } } } } ΫΤϦ

  16. ѱҙ͋ΔΫΤϦ  ΫϥΠΞϯτ αʔόʔ ʢϥϯλΠϜʣ { countries(first: 100) { name

    cities(first: 100) { name streets(first: 1000) { name } } } } ΫΤϦ

  17. ѱҙ͋ΔΫΤϦ  ΫϥΠΞϯτ αʔόʔ ʢϥϯλΠϜʣ { countries(first: 100) { name

    cities(first: 100) { name streets(first: 1000) { name } } } } ΫΤϦ ºº ສϊʔυ

  18. ѱҙ͋ΔΫΤϦ  ΫϥΠΞϯτ αʔόʔ ʢϥϯλΠϜʣ { countries(first: 100) { name

    cities(first: 100) { name streets(first: 1000) { name } } } } ΫΤϦ ºº ສϊʔυ

  19. ѱҙ͋ΔΫΤϦ  ΫϥΠΞϯτ αʔόʔ ʢϥϯλΠϜʣ

  20. ѱҙ͋ΔΫΤϦ  ΫϥΠΞϯτ αʔόʔ ʢϥϯλΠϜʣ { countries(first: 100) { cities(first:

    100) { superComplexStatistics } } } ΫΤϦ

  21. ѱҙ͋ΔΫΤϦ  ΫϥΠΞϯτ αʔόʔ ʢϥϯλΠϜʣ { countries(first: 100) { cities(first:

    100) { superComplexStatistics } } } ΫΤϦ

  22. ѱҙ͋ΔΫΤϦ  ΫϥΠΞϯτ αʔόʔ ʢϥϯλΠϜʣ { countries(first: 100) { cities(first:

    100) { superComplexStatistics } } } ΫΤϦ ඇৗʹॏ͍ܭࢉΛ ճ

  23. ѱҙ͋ΔΫΤϦ  ΫϥΠΞϯτ αʔόʔ ʢϥϯλΠϜʣ { countries(first: 100) { cities(first:

    100) { superComplexStatistics } } } ΫΤϦ ඇৗʹॏ͍ܭࢉΛ ճ

  24. ࠓ೔ͷςʔϚ (SBQI2-"1*Λѱҙ͋ΔΫΤϦʢʹҙਤతʹෛՙΛ͔͚ΔΫΤϦʣ͔ΒकΔ

  25. ࠓ೔ͷςʔϚ (SBQI2-"1*Λѱҙ͋ΔΫΤϦʢʹҙਤతʹෛՙΛ͔͚ΔΫΤϦʣ͔ΒकΔ యܕతͳෛՙʢσʔλͷऔಘݩ͸3%#ͱԾఆ͢Δʣ σʔλྔ ܭࢉྔ جຊతͳΞΠσΟΞ ʮΫΤϦΛ੩తղੳͯ͠ෛՙͷ໰୊͕ͳ͍͜ͱΛ֬ೝ࣮ͯ͠ߦ͢Δʯ

  26. ۩ମతͳख๏ ϗϫΠτϦετʹΑΔ੍ݶ DPNQMFYJUZʹΑΔ੍ݶ

  27. ۩ମతͳख๏ ϗϫΠτϦετʹΑΔ੍ݶ DPNQMFYJUZʹΑΔ੍ݶ

  28. ϗϫΠτϦετʹΑΔ੍ݶ αʔόʔ͕ड͚෇͚ΔΫΤϦΛϗϫΠτϦετͱ͓ͯ࣋ͬͯ͘͠ɻϦΫΤετ͞ ΕͨΫΤϦ͕ϗϫΠτϦετʹҰக͢Δ৔߹͚࣮ͩߦ͢Δ αʔόʔ ʢϥϯλΠϜʣ ΫϥΠΞϯτ

  29. ϗϫΠτϦετʹΑΔ੍ݶ αʔόʔ͕ड͚෇͚ΔΫΤϦΛϗϫΠτϦετͱ͓ͯ࣋ͬͯ͘͠ɻϦΫΤετ͞ ΕͨΫΤϦ͕ϗϫΠτϦετʹҰக͢Δ৔߹͚࣮ͩߦ͢Δ αʔόʔ ʢϥϯλΠϜʣ { countries(first: 10) { name

    } } ϗϫΠτϦετ ʜ ʜ ΫϥΠΞϯτ

  30. ϗϫΠτϦετʹΑΔ੍ݶ αʔόʔ͕ड͚෇͚ΔΫΤϦΛϗϫΠτϦετͱ͓ͯ࣋ͬͯ͘͠ɻϦΫΤετ͞ ΕͨΫΤϦ͕ϗϫΠτϦετʹҰக͢Δ৔߹͚࣮ͩߦ͢Δ αʔόʔ ʢϥϯλΠϜʣ { countries(first: 10) { name

    } } ϗϫΠτϦετ ʜ ʜ ΫϥΠΞϯτ { countries(first: 10) { name } }

  31. ϗϫΠτϦετʹΑΔ੍ݶ αʔόʔ͕ड͚෇͚ΔΫΤϦΛϗϫΠτϦετͱ͓ͯ࣋ͬͯ͘͠ɻϦΫΤετ͞ ΕͨΫΤϦ͕ϗϫΠτϦετʹҰக͢Δ৔߹͚࣮ͩߦ͢Δ αʔόʔ ʢϥϯλΠϜʣ { countries(first: 10) { name

    } } ϗϫΠτϦετ ʜ ʜ ΫϥΠΞϯτ { countries(first: 10) { name } }

  32. ϗϫΠτϦετʹΑΔ੍ݶ αʔόʔ͕ड͚෇͚ΔΫΤϦΛϗϫΠτϦετͱ͓ͯ࣋ͬͯ͘͠ɻϦΫΤετ͞ ΕͨΫΤϦ͕ϗϫΠτϦετʹҰக͢Δ৔߹͚࣮ͩߦ͢Δ αʔόʔ ʢϥϯλΠϜʣ { countries(first: 10) { name

    } } ϗϫΠτϦετ ʜ ʜ ΫϥΠΞϯτ

  33. ϗϫΠτϦετʹΑΔ੍ݶ αʔόʔ͕ड͚෇͚ΔΫΤϦΛϗϫΠτϦετͱ͓ͯ࣋ͬͯ͘͠ɻϦΫΤετ͞ ΕͨΫΤϦ͕ϗϫΠτϦετʹҰக͢Δ৔߹͚࣮ͩߦ͢Δ αʔόʔ ʢϥϯλΠϜʣ { countries(first: 10) { name

    } } ϗϫΠτϦετ ʜ ʜ ΫϥΠΞϯτ { countries(first: 10) { name population } }

  34. ϗϫΠτϦετʹΑΔ੍ݶ αʔόʔ͕ड͚෇͚ΔΫΤϦΛϗϫΠτϦετͱ͓ͯ࣋ͬͯ͘͠ɻϦΫΤετ͞ ΕͨΫΤϦ͕ϗϫΠτϦετʹҰக͢Δ৔߹͚࣮ͩߦ͢Δ αʔόʔ ʢϥϯλΠϜʣ { countries(first: 10) { name

    } } ϗϫΠτϦετ ʜ ʜ ΫϥΠΞϯτ { countries(first: 10) { name population } }

  35. ϗϫΠτϦετʹΑΔ੍ݶ ϝϦοτ ಋೖ͕༰қʢΫΤϦ͕จࣈྻͱͯ͠Ұக͢Δ͔֬ೝ͢Δ͚ͩͰྑ͍ʣ ޮՌ͕ߴ͍ʢຊ౰ʹ࢖͏ΫΤϦͷΈϗϫΠτϦετͱͯ͠ڐՄ͢ΔͨΊʣ σϝϦοτ ϗϫΠτϦετͷϝϯςφϯείετ ެ։"1*΍εςʔΫϗϧμʔͷҧ͏ΫϥΠΞϯτͰ͸࢖͍ͮΒ͍ ૯ධ ؔ܎͢Δ։ൃऀɾΫϥΠΞϯτ͕গͳ͍৔߹ʹ͔ͳΓ༗ޮ

  36. ۩ମతͳख๏ ϗϫΠτϦετʹΑΔ੍ݶ DPNQMFYJUZʹΑΔ੍ݶ

  37. ۩ମతͳख๏ ϗϫΠτϦετʹΑΔ੍ݶ DPNQMFYJUZʹΑΔ੍ݶ

  38. DPNQMFYJUZʹΑΔ੍ݶ ΫΤϦͷෛՙʹൺྫͯ͠େ͖͘ͳΔ਺஋ʢDPNQMFYJUZʣΛܭࢉ͢Δɻͦͷ਺ ஋͕ᮢ஋Λ௒͑ͨ৔߹͸࣮ߦ͠ͳ͍

  39. DPNQMFYJUZʹΑΔ੍ݶ ΫΤϦͷෛՙʹൺྫͯ͠େ͖͘ͳΔ਺஋ʢDPNQMFYJUZʣΛܭࢉ͢Δɻͦͷ਺ ஋͕ᮢ஋Λ௒͑ͨ৔߹͸࣮ߦ͠ͳ͍ యܕతͳෛՙʹ͍ͭͯDPNQMFYJUZͷྫΛݟ͍ͯ͘ σʔλྔ ܭࢉྔ %#ΞΫηεճ਺ ʢ஫ҙʣDPNQMFYJUZͷܭࢉํ๏͸ແ਺ʹߟ͑ΒΕΔɻࠓ೔ࣔ͢ͷ͸Ұྫ

  40. ྫϊʔυ਺ʹൺྫ͢ΔDPNQMFYJUZ

  41. ྫϊʔυ਺ʹൺྫ͢ΔDPNQMFYJUZ { countries(first: 50) { name cities(first: 100) { name

    } } }

  42. ྫϊʔυ਺ʹൺྫ͢ΔDPNQMFYJUZ ϊʔυ਺DPVOUSJFT ºDJUJFT OPEFT { countries(first: 50) { name cities(first:

    100) { name } } }

  43. ྫϊʔυ਺ʹൺྫ͢ΔDPNQMFYJUZ ϊʔυ਺DPVOUSJFT ºDJUJFT OPEFT ͜Ε͕ᮢ஋ҎԼͳΒ࣮ߦ͢Δ { countries(first: 50) { name

    cities(first: 100) { name } } }

  44. ྫϊʔυ਺ʹൺྫ͢ΔDPNQMFYJUZ ϊʔυ਺DPVOUSJFT ºDJUJFT OPEFT ͜Ε͕ᮢ஋ҎԼͳΒ࣮ߦ͢Δ { countries(first: 50) { name

    cities(first: 100) { name } } } ࢀߟ(JU)VC(SBQI2-"1*Wͷ/PEFMJNJU ϊʔυ਺͸ ·Ͱ ϦετͷऔಘͰ͸Ҿ਺ʹpSTU͔MBTU͕ඞਢͰҎ಺

  45. ྫܭࢉίετʹൺྫ͢ΔDPNQMFYJUZ

  46. ྫܭࢉίετʹൺྫ͢ΔDPNQMFYJUZ type City { name superComplexStatistics @cost(n: 10) }

  47. ྫܭࢉίετʹൺྫ͢ΔDPNQMFYJUZ type City { name superComplexStatistics @cost(n: 10) } (SBQI2-ͷEJSFDUJWFΛར༻ͯ͠ɺ

    ܕఆٛʢεΩʔϚʣͷଆͰॏ͍ܭࢉʹίετΛ͚ͭΔɻ αʔόʔ͸͜ͷ৘ใΛࢀরͯ͠DPNQMFYJUZΛܭࢉ͢Δ

  48. ྫܭࢉίετʹൺྫ͢ΔDPNQMFYJUZ type City { name superComplexStatistics @cost(n: 10) } (SBQI2-ͷEJSFDUJWFΛར༻ͯ͠ɺ

    ܕఆٛʢεΩʔϚʣͷଆͰॏ͍ܭࢉʹίετΛ͚ͭΔɻ αʔόʔ͸͜ͷ৘ใΛࢀরͯ͠DPNQMFYJUZΛܭࢉ͢Δ { countries(first: 100) { cities(first: 100) { superComplexStatistics } } } ΫΤϦ

  49. ྫܭࢉίετʹൺྫ͢ΔDPNQMFYJUZ type City { name superComplexStatistics @cost(n: 10) } (SBQI2-ͷEJSFDUJWFΛར༻ͯ͠ɺ

    ܕఆٛʢεΩʔϚʣͷଆͰॏ͍ܭࢉʹίετΛ͚ͭΔɻ αʔόʔ͸͜ͷ৘ใΛࢀরͯ͠DPNQMFYJUZΛܭࢉ͢Δ { countries(first: 100) { cities(first: 100) { superComplexStatistics } } } ܭࢉίετ ºDJUJFT ºDPTU   ΫΤϦ

  50. ྫܭࢉίετʹൺྫ͢ΔDPNQMFYJUZ type City { name superComplexStatistics @cost(n: 10) } (SBQI2-ͷEJSFDUJWFΛར༻ͯ͠ɺ

    ܕఆٛʢεΩʔϚʣͷଆͰॏ͍ܭࢉʹίετΛ͚ͭΔɻ αʔόʔ͸͜ͷ৘ใΛࢀরͯ͠DPNQMFYJUZΛܭࢉ͢Δ { countries(first: 100) { cities(first: 100) { superComplexStatistics } } } ܭࢉίετ ºDJUJFT ºDPTU   ΫΤϦ %#ΞΫηεճ਺΋શ͘ಉ͡ΞΠσΟΞͰDPNQMFYJUZΛઃܭͰ͖Δɻ%#ΞΫ ηε͕ൃੜ͢ΔϑΟʔϧυʹDPTUΛ͚ͭΕ͹ɺ%#ΞΫηεճ਺ʹൺྫͯ͠ DPNQMFYJUZ͕૿Ճ͢ΔΑ͏ʹͰ͖Δɻ

  51. ࣮૷ (SBQI2-Ͱྑ͘࢖ΘΕΔݴޠͰ͸ϥΠϒϥϦ౳ͷαϙʔτ͕͋Δ +BWB4DSJQUHSBQIRMDPTUBOBMZTJTͳͲ (PHRMHFO͕αϙʔτ͍ͯ͠Δ αϙʔτͷͳ͍ݴޠͰͲ͏͢Δ͔ ΫΤϦղੳ͚ͩϚΠΫϩαʔϏεͱͯ͠੾Γग़ͯ͠ผݴޠΛ࢖͏ ࣗલͰ࣮૷͢Δ

  52. ମݧஊ ͱ͋ΔαʔϏεͰϑϧεΫϥονͰΫΤϦղੳΛ࣮૷ʢ1FSMͩͬͨͷͰʜʣ εςʔΫϗϧμʔͷҧ͏ΫϥΠΞϯτ͕༧૝͞ΕͨͷͰϗϫΠτϦετʹΑΔ ੍ݶ͸ݟૹͬͨ QBSTFͱFYFDVUFͷؒʹDPNQMFYJUZʹΑΔ੍ݶΛ࢓ࠐΜͩ ϕʔε͸ϊʔυ਺ʹΑΔ੍ݶ શ݅औಘ͢ΔϑΟʔϧυ΍%#ΞΫηε͕ൃੜ͢ΔϑΟʔϧυʹߴΊͷίε τΛ͚ͭΔ ᮢ஋͸௨ৗར༻Λ્֐͠ͳ͍େ͖Ίͷ஋ʹઃఆ ؀ڥม਺Ͱᮢ஋ΛઃఆͰ͖ΔΑ͏ʹͯ͠ૉૣ͘ରॲՄೳʹ

  53. ݱঢ়ͷ՝୊ DPNQMFYJUZͷϕετϓϥΫςΟεཱ͕֬͞Ε͍ͯͳ͍ ࠓճ͸ϊʔυ਺ɾܭࢉίετɾ%#ΞΫηεʹண໨ͯٞ͠࿦Λ͕ͨ͠ɺͦ΋ ͦ΋͜͜·Ͱ౿ΈࠐΜͰٞ࿦͍ͯ͠Δࢿྉ͕গͳ͍ ޙΖʹ%#Ҏ֎͕͍ΔέʔεͳͲଞʹ΋࿦఺͸͋Γͦ͏ ੈͷதͷϥΠϒϥϦ͸DPNQMFYJUZ͕ͻͱͭͷέʔεΛް͘αϙʔτ͍ͯ͠Δ ϊʔυ਺ɾܭࢉίετͱ͍ͬͨෳ਺ͷई౓Λѻ͍ͮΒ͍ ࢓ํͳ͘ͻͱͭͷDPNQMFYJUZʹෳ਺ͷई౓Λԡ͠ࠐΉ͜ͱ΋ +BWB4DSJQUͷHSBQIRMDPTUBOBMZTJTͰ͸࣮ݱՄೳͳ͜ͱΛ֬ೝ

  54. ·ͱΊ (SBQI2-Ͱ͸ҙਤతʹෛՙΛ͔͚ΔΫΤϦΛ༰қʹهड़Ͱ͖Δ ͭͷ๷ӴखஈΛ঺հͨ͠ ϗϫΠτϦετʹΑΔ੍ݶ DPNQMFYJUZʹΑΔ੍ݶ ׬ᘳͳ๷Ӵ͸ඞͣ͠΋ඞཁͳ͍ ϦεΫͱରࡦͷશମ૾Λݟ౉͠ཁ݅ʹ͋ͬͨίεύͷྑ͍ํ਑ΛऔΔ ϒϩάهࣄ൛ʮ(SBQI2-"1*Λѱҙ͋ΔΫΤϦ͔ΒकΔख๏ʯ IUUQTZJHBSBTIJIBUFOBCMPHDPNFOUSZHSBQIRMRVFSZBOBMZTJT