Pagination missing
Description
The API returned a substantial amount of data. A query pagination might be missing.
Remediation
Implement pagination on the specified queries.
GraphQL Specific
Apollo
Implement pagination in the Apollo framework engine by using cursor-based or offset-based strategies to manage large sets of data efficiently. This can be achieved by modifying the GraphQL schema to include pagination arguments such as 'limit' and 'after' for cursor-based pagination or 'offset' for offset-based pagination, and updating resolvers to handle these arguments appropriately. Ensure that the client-side queries also include these pagination parameters to fetch data in chunks.
Yoga
Implement pagination in the Yoga framework engine to manage data sets efficiently. This can be achieved by using built-in pagination support or by creating custom pagination logic. Ensure that the pagination mechanism includes features such as page number, page size, and total record count to provide a seamless user experience.
Awsappsync
To address the issue of missing pagination in AWS AppSync, implement pagination logic in your GraphQL schema by using arguments such as 'limit' and 'nextToken' for list queries. This will allow clients to request a specific number of items and to navigate through large sets of data by providing a token from the previous response. Ensure that your resolvers support this pagination mechanism and that they handle the 'nextToken' appropriately to fetch the subsequent set of results.
Graphqlgo
Implement pagination in your GraphQL queries by using cursor-based or offset-based methods. This can be achieved by adding arguments such as 'first', 'last', 'before', and 'after' for cursor-based pagination, or 'limit' and 'offset' for offset-based pagination, to your GraphQL schema. Ensure that your Go framework's resolver functions are designed to handle these arguments and return the appropriate subset of data. This will help manage large datasets efficiently and prevent performance issues.
Graphqlruby
Implement pagination in your GraphQL queries by using the graphql-ruby gem's built-in features. Define a max_page_size to limit the number of records returned in a single request and use after and before cursors to navigate between pages. This will help prevent performance issues and potential denial-of-service attacks due to large, unpaginated result sets.
Hasura
Implement pagination in your Hasura queries by using the 'limit' and 'offset' arguments to control the number of records returned and to skip over records of a set. This will help in managing and optimizing the data load, especially for large datasets. Additionally, consider using cursor-based pagination with 'where' conditions for more efficient and performant data fetching.
REST Specific
Asp_net
Implement pagination in your API endpoints by using Skip and Take methods in LINQ queries or leveraging the built-in pagination support in Entity Framework. This will help manage and limit the amount of data returned in a single request, improving performance and reducing server load.
Ruby_on_rails
Implement pagination using gems like 'kaminari' or 'will_paginate' to break the dataset into manageable chunks and return it page by page.
Next_js
Implement server-side pagination in your API by using query parameters such as 'page' and 'limit' to return a subset of results per request. In Next.js, you can handle this logic within your API routes or when fetching data in 'getServerSideProps' or 'getStaticProps'.
Laravel
Implement pagination in Laravel by using the 'paginate' method on the Eloquent query, which automatically handles large datasets and provides a simple way to access paginated data.
Express_js
Implement pagination in your Express.js routes by using query parameters such as 'page' and 'limit' to control the amount of data returned per request. Utilize middleware or a library like 'mongoose-paginate' for MongoDB to handle the pagination logic efficiently.
Django
Implement pagination in your Django views by using Django's Paginator class. This will help to split the large data set into manageable pages and reduce server load.
Symfony
Implement pagination in your Symfony application by using the Pagerfanta bundle or the KnpPaginatorBundle to efficiently handle large datasets and limit the amount of data returned per request. Adjust your queries to fetch only a subset of data based on the page number and size parameters.
Spring_boot
Implement pagination in the Spring Boot application by using Pageable interface in the repository methods and applying @PageableDefault or @RequestParam to controller endpoints to handle page size, number, and sorting.
Flask
Implement pagination in your Flask route by using request arguments to define page number and limit, and apply these to your database query to return a subset of data.
Nuxt
Implement pagination in your Nuxt.js application by using the 'fetch' or 'asyncData' methods to retrieve data in chunks. Utilize query parameters such as 'page' and 'limit' to request specific subsets of data from the API.
Fastapi
Implement pagination in FastAPI by using query parameters such as 'skip' and 'limit' to control the number of records returned in a single request. This can help manage large datasets and improve API performance.
Configuration
Identifier:
resource_limitation/pagination_missing
Options
- threshold_low : Maximum number of nodes returned before raising a low level alert.
- threshold_medium : Maximum number of nodes returned before raising a low level alert.
- threshold_high : Maximum number of nodes returned before raising a low level alert.
Examples
Increase the threshold
checks:
resource_limitation/pagination_missing:
skip: true
threshold_low: 1000
threshold_medium: 2000
threshold_high: 5000
Ignore this check
checks:
resource_limitation/pagination_missing:
skip: true
Score
- Escape Severity: LOW
Compliance
OWASP: API8:2023
pci: 6.5.10
gdpr: Article-32
soc2: CC1
psd2: Article-95
iso27001: A.18.1
nist: SP800-53
fedramp: AC-4
Classification
- CWE: 770
Score
- CVSS_VECTOR: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
- CVSS_SCORE: 3.7