Skip to content

Response size

Description

A very large response was detected.

Remediation

A response this large may be a forerunner sign of a DoS attack: your API should provide pagination or a similar way to limit the size of the response.

REST Specific

Asp_net Implement pagination or limit the size of responses to avoid large payloads that can affect performance and lead to potential denial of service. Consider using the 'Skip' and 'Take' LINQ methods for efficient data fetching in ASP.NET.
Ruby_on_rails Implement pagination or limit the number of records retrieved in a single request to avoid large responses that can degrade performance.
Next_js Implement server-side pagination or streaming to handle large datasets efficiently, and consider compressing responses with gzip or Brotli.
Laravel Implement pagination or limit the number of items returned in a single request to reduce response size in Laravel.
Express_js Implement pagination or limit the size of responses to avoid sending excessively large payloads. Use stream processing if dealing with large datasets.
Django Implement pagination or limit the size of the response by using Django's QuerySet slicing. For example, use `MyModel.objects.all()[:100]` to limit the response to the first 100 records.
Symfony In Symfony, to handle very large responses, consider using the StreamedResponse feature. This allows you to stream the response back to the client in smaller chunks, reducing memory usage and improving performance for large datasets.
Spring_boot Implement pagination or limit the size of the response using Spring Data's Pageable interface to prevent excessively large data transfers.
Flask Implement pagination or limit the size of responses by using Flask's request.args to retrieve query parameters and slicing query results accordingly.
Nuxt Implement pagination or limit the number of items returned in a single request to reduce response size in Nuxt.js applications.
Fastapi Implement pagination or limit the size of responses by using query parameters to restrict the amount of data returned in a single request within the FastAPI application.
Frappe Optimize database queries to reduce response size
Genzio Optimize query logic to reduce response size in Genzio framework engine
Gin Limit the response size by setting a maximum payload size in the Gin framework using middleware.
Gorilla Optimize response handling to manage large data efficiently in Gorilla framework.
Hapi Limit the response size using the 'maxBytes' option in the route configuration.
Hono Optimize response handling by implementing pagination or data streaming to manage large data sets efficiently in the Hono framework engine.
Jersey Limit the response size by implementing pagination or filtering in Jersey framework.
Koa Implement response compression middleware to reduce response size in Koa framework.
Ktor Limit the response size by setting a maximum content length in the Ktor server configuration.
Leptos Optimize data handling to reduce response size in Leptos framework
Macaron Optimize response payload by compressing data and using efficient serialization in the Macaron framework.
Phoenix Optimize query logic to reduce response size
Redwoodjs Optimize data fetching with pagination or limit queries in RedwoodJS
Rocket Optimize response payload size by compressing data and implementing pagination.
Sveltekit Optimize data fetching and implement pagination to manage large response sizes in SvelteKit.

Configuration

Identifier: resource_limitation/response_size

Options

  • threshold : Minimum size before raising an alert

Examples

Ignore this check

checks:
  resource_limitation/response_size:
    skip: true

Score

  • Escape Severity:

Compliance

  • OWASP: API7:2023
  • OWASP LLM: LLM04:2023
  • pci: 6.5.10
  • gdpr: Article-32
  • soc2: CC1
  • psd2: Article-95
  • iso27001: A.14.1
  • nist: SP800-53
  • fedramp: AC-4

Classification

  • CWE: 400

Score

  • CVSS_VECTOR: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVSS_SCORE: 3.7