Skip to content

Pagination missing

Description

The API returned a substantial amount of data. A query pagination might be missing.

Remediation

Implement pagination on the specified queries.

GraphQL Specific

Apollo Implement pagination in the Apollo framework engine by using cursor-based or offset-based strategies to manage large sets of data efficiently. This can be achieved by modifying the GraphQL schema to include pagination arguments such as 'limit' and 'after' for cursor-based pagination or 'offset' for offset-based pagination, and updating resolvers to handle these arguments appropriately. Ensure that the client-side queries also include these pagination parameters to fetch data in chunks.
Yoga Implement pagination in the Yoga framework engine to manage data sets efficiently. This can be achieved by using built-in pagination support or by creating custom pagination logic. Ensure that the pagination mechanism includes features such as page number, page size, and total record count to provide a seamless user experience.
Awsappsync To address the issue of missing pagination in AWS AppSync, implement pagination logic in your GraphQL schema by using arguments such as 'limit' and 'nextToken' for list queries. This will allow clients to request a specific number of items and to navigate through large sets of data by providing a token from the previous response. Ensure that your resolvers support this pagination mechanism and that they handle the 'nextToken' appropriately to fetch the subsequent set of results.
Graphqlgo Implement pagination in your GraphQL queries by using cursor-based or offset-based methods. This can be achieved by adding arguments such as 'first', 'last', 'before', and 'after' for cursor-based pagination, or 'limit' and 'offset' for offset-based pagination, to your GraphQL schema. Ensure that your Go framework's resolver functions are designed to handle these arguments and return the appropriate subset of data. This will help manage large datasets efficiently and prevent performance issues.
Graphqlruby Implement pagination in your GraphQL queries by using the `graphql-ruby` gem's built-in features. Define a `max_page_size` to limit the number of records returned in a single request and use `after` and `before` cursors to navigate between pages. This will help prevent performance issues and potential denial-of-service attacks due to large, unpaginated result sets.
Hasura Implement pagination in your Hasura queries by using the 'limit' and 'offset' arguments to control the number of records returned and to skip over records of a set. This will help in managing and optimizing the data load, especially for large datasets. Additionally, consider using cursor-based pagination with 'where' conditions for more efficient and performant data fetching.
Agoo Implement pagination in the Agoo framework by using query parameters such as 'limit' and 'offset' to manage and control the amount of data returned by the API, ensuring efficient data handling and improved performance.
Ariadne Implement pagination in your Ariadne GraphQL API by using arguments like 'first', 'last', 'before', and 'after' in your query definitions to efficiently manage and navigate through large datasets.
Caliban Implement pagination in the Caliban framework by using parameters such as 'limit' and 'offset' in your GraphQL queries to efficiently manage and retrieve large datasets.
Dgraph Implement pagination in your Dgraph queries by using the 'first' and 'offset' parameters to limit the number of results returned and efficiently manage large datasets.
Dianajl Implement pagination in the DianaJL framework engine by adding limit and offset parameters to your API queries to efficiently manage and retrieve large datasets.
Directus Implement pagination in the Directus API by using query parameters such as 'limit' and 'offset' to manage and control the amount of data returned in each request.
Flutter Implement pagination in your Flutter application by using the 'ListView.builder' widget with a 'ScrollController' to load more data as the user scrolls. This will help manage large datasets efficiently and improve performance.
Graphene Implement pagination in your Graphene API by using the 'relay' library to create connections and edges, allowing clients to request data in manageable chunks with 'first', 'last', 'before', and 'after' parameters.
Graphqlapiforwp Implement pagination in your GraphQL queries using the 'first' and 'after' arguments to efficiently manage and retrieve large datasets in the GraphQL API for WordPress framework.
Graphqlgophergo Implement pagination in your GraphQL queries using the 'first' and 'after' arguments to efficiently manage large datasets and improve performance in the GopherGo framework.
Graphqljava Implement pagination in your GraphQL queries using 'first' and 'after' arguments to limit the amount of data returned and efficiently handle large datasets.
Graphqlphp Implement pagination in your GraphQL queries using the 'limit' and 'offset' arguments to manage large datasets effectively.
Graphqlyoga Implement pagination in your GraphQL Yoga queries by using arguments such as 'first', 'last', 'before', and 'after' to efficiently manage and retrieve large datasets.
Hypergraphql Implement pagination in your HyperGraphQL queries by using limit and offset parameters to manage large data sets effectively.
Jaal Implement pagination in the Jaal framework engine by using limit and offset parameters to manage large data sets efficiently.
Juniper Implement pagination in the Juniper framework engine by using limit and offset parameters to manage large data sets efficiently.
Lacinia Implement pagination in the Lacinia framework by using the 'first' and 'after' arguments in your GraphQL queries to limit and navigate through large datasets efficiently.
Lighthouse Implement pagination in the API response to efficiently handle large datasets and improve performance in the Lighthouse framework.
Mercurius Implement pagination in your Mercurius GraphQL queries by using 'limit' and 'offset' arguments to manage large datasets efficiently.
Morpheusgraphql Implement pagination in your Morpheus GraphQL queries by using arguments such as 'first', 'last', 'before', and 'after' to efficiently manage and retrieve large datasets.
Qglgen Implement pagination in the gqlgen framework by using limit and offset parameters in your GraphQL queries to efficiently manage and retrieve large datasets.
Sangria Implement pagination in your GraphQL queries using Sangria's built-in support for cursor-based pagination to efficiently manage large datasets.
Shopify Implement pagination in the Shopify API requests by using parameters such as 'limit' and 'page_info' to efficiently manage and retrieve large datasets.
Stepzen Implement pagination in your StepZen API by using the 'limit' and 'offset' parameters in your queries to manage large datasets efficiently. This will help in fetching data in smaller, manageable chunks, improving performance and user experience.
Strawberry Implement pagination in the Strawberry framework by using query parameters such as 'limit' and 'offset' to manage and control the amount of data returned by the API.
Tartiflette Implement pagination in your Tartiflette GraphQL queries by using 'limit' and 'offset' arguments to manage large datasets effectively.
Wpgraphql Implement pagination in your WPGraphQL queries by using the 'first' and 'after' arguments to limit the number of results returned and navigate through pages of data efficiently.

REST Specific

Asp_net Implement pagination in your API endpoints by using Skip and Take methods in LINQ queries or leveraging the built-in pagination support in Entity Framework. This will help manage and limit the amount of data returned in a single request, improving performance and reducing server load.
Ruby_on_rails Implement pagination using gems like 'kaminari' or 'will_paginate' to break the dataset into manageable chunks and return it page by page.
Next_js Implement server-side pagination in your API by using query parameters such as 'page' and 'limit' to return a subset of results per request. In Next.js, you can handle this logic within your API routes or when fetching data in 'getServerSideProps' or 'getStaticProps'.
Laravel Implement pagination in Laravel by using the 'paginate' method on the Eloquent query, which automatically handles large datasets and provides a simple way to access paginated data.
Express_js Implement pagination in your Express.js routes by using query parameters such as 'page' and 'limit' to control the amount of data returned per request. Utilize middleware or a library like 'mongoose-paginate' for MongoDB to handle the pagination logic efficiently.
Django Implement pagination in your Django views by using Django's Paginator class. This will help to split the large data set into manageable pages and reduce server load.
Symfony Implement pagination in your Symfony application by using the Pagerfanta bundle or the KnpPaginatorBundle to efficiently handle large datasets and limit the amount of data returned per request. Adjust your queries to fetch only a subset of data based on the page number and size parameters.
Spring_boot Implement pagination in the Spring Boot application by using Pageable interface in the repository methods and applying @PageableDefault or @RequestParam to controller endpoints to handle page size, number, and sorting.
Flask Implement pagination in your Flask route by using request arguments to define page number and limit, and apply these to your database query to return a subset of data.
Nuxt Implement pagination in your Nuxt.js application by using the 'fetch' or 'asyncData' methods to retrieve data in chunks. Utilize query parameters such as 'page' and 'limit' to request specific subsets of data from the API.
Fastapi Implement pagination in FastAPI by using query parameters such as 'skip' and 'limit' to control the number of records returned in a single request. This can help manage large datasets and improve API performance.
Frappe Implement pagination in the Frappe framework by using limit and offset parameters in your API queries to efficiently handle large datasets.
Genzio Implement pagination in the Genzio framework engine by using limit and offset parameters to manage large data sets efficiently.
Gin Implement pagination in your Gin framework API by using query parameters such as 'page' and 'limit' to control the amount of data returned in each response. This will help manage large datasets efficiently and improve performance.
Gorilla Implement pagination in the Gorilla framework by using query parameters such as 'limit' and 'offset' to manage large data sets efficiently.
Hapi Implement pagination in your Hapi.js API by using query parameters such as 'limit' and 'offset' to control the amount of data returned in each response. This will help manage large datasets and improve performance.
Hono Implement pagination in the Hono framework engine by using query parameters such as 'limit' and 'offset' to manage and control the amount of data returned by the API, ensuring efficient data handling and improved performance.
Jersey Implement pagination in your Jersey API by using query parameters such as 'limit' and 'offset' to control the amount of data returned in each response. This will help manage large datasets efficiently and improve performance.
Koa Implement pagination in your Koa API by using query parameters such as 'limit' and 'offset' to control the amount of data returned in each response.
Ktor Implement pagination in the Ktor API by using query parameters such as 'limit' and 'offset' to control the amount of data returned in each response.
Leptos Implement pagination in the Leptos framework by using query parameters such as 'page' and 'limit' to control the amount of data returned in each API response, ensuring efficient data handling and improved performance.
Macaron Implement pagination in the Macaron framework by using query parameters such as 'limit' and 'offset' to control the amount of data returned by the API. This will help manage large datasets efficiently and improve performance.
Phoenix Implement pagination in your Phoenix framework API by using limit and offset parameters in your queries to manage large data sets efficiently.
Redwoodjs Implement pagination in your RedwoodJS API by using query parameters such as 'limit' and 'offset' to control the amount of data returned. This will help manage large datasets efficiently and improve performance.
Rocket Implement pagination by using limit and offset parameters in your API queries to manage large data sets efficiently in Rocket framework.
Sveltekit Implement pagination in your SvelteKit application by using query parameters to limit and offset the data returned by the API. This can be achieved by modifying your API requests to include pagination parameters, such as 'limit' and 'offset', and updating your SvelteKit components to handle and display paginated data effectively.

Configuration

Identifier: resource_limitation/pagination_missing

Options

  • threshold_low : Maximum number of nodes returned before raising a low level alert.
  • threshold_medium : Maximum number of nodes returned before raising a low level alert.
  • threshold_high : Maximum number of nodes returned before raising a low level alert.

Examples

Increase the threshold

checks:
  resource_limitation/pagination_missing:
    skip: true
    threshold_low: 1000
    threshold_medium: 2000
    threshold_high: 5000

Ignore this check

checks:
  resource_limitation/pagination_missing:
    skip: true

Score

  • Escape Severity:

Compliance

  • OWASP: API8:2023
  • OWASP LLM: LLM04:2023
  • pci: 6.5.10
  • gdpr: Article-32
  • soc2: CC1
  • psd2: Article-95
  • iso27001: A.18.1
  • nist: SP800-53
  • fedramp: AC-4

Classification

  • CWE: 770

Score

  • CVSS_VECTOR: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVSS_SCORE: 3.7

References