Resource Limitation: Pagination missing¶

Identifier: pagination_missing

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

If your API returns too much data at once because there's no limit on the results, it can overwhelm both the client and server. Without pagination, a request could pull back a huge dataset, which might slow down or even crash the system. This makes it easier for attackers to trigger denial-of-service conditions or expose more data than needed, especially when data is sensitive. Developers often miss this because it's tempting to simplify queries without considering the impact of unbounded responses, so always remember to limit and paginate your API results.

References:

https://graphql.org/learn/pagination/

Configuration¶

Example¶

Example configuration:

---
security_tests:
  pagination_missing:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.