Skip to main content

Pagination missing

Description

The API returned a substantial amount of data. A query pagination might be missing.

Remediation

Implement pagination on the specified queries.

GraphQL Specific

Apollo

Implement pagination in the Apollo framework engine by using cursor-based or offset-based strategies to manage large sets of data efficiently. This can be achieved by modifying the GraphQL schema to include pagination arguments such as 'limit' and 'after' for cursor-based pagination or 'offset' for offset-based pagination, and updating resolvers to handle these arguments appropriately. Ensure that the client-side queries also include these pagination parameters to fetch data in chunks.

Yoga

Implement pagination in the Yoga framework engine to manage data sets efficiently. This can be achieved by using built-in pagination support or by creating custom pagination logic. Ensure that the pagination mechanism includes features such as page number, page size, and total record count to provide a seamless user experience.

Awsappsync

To address the issue of missing pagination in AWS AppSync, implement pagination logic in your GraphQL schema by using arguments such as 'limit' and 'nextToken' for list queries. This will allow clients to request a specific number of items and to navigate through large sets of data by providing a token from the previous response. Ensure that your resolvers support this pagination mechanism and that they handle the 'nextToken' appropriately to fetch the subsequent set of results.

Graphqlgo

Implement pagination in your GraphQL queries by using cursor-based or offset-based methods. This can be achieved by adding arguments such as 'first', 'last', 'before', and 'after' for cursor-based pagination, or 'limit' and 'offset' for offset-based pagination, to your GraphQL schema. Ensure that your Go framework's resolver functions are designed to handle these arguments and return the appropriate subset of data. This will help manage large datasets efficiently and prevent performance issues.

Graphqlruby

Implement pagination in your GraphQL queries by using the graphql-ruby gem's built-in features. Define a max_page_size to limit the number of records returned in a single request and use after and before cursors to navigate between pages. This will help prevent performance issues and potential denial-of-service attacks due to large, unpaginated result sets.

Hasura

Implement pagination in your Hasura queries by using the 'limit' and 'offset' arguments to control the number of records returned and to skip over records of a set. This will help in managing and optimizing the data load, especially for large datasets. Additionally, consider using cursor-based pagination with 'where' conditions for more efficient and performant data fetching.

REST Specific

Asp_net

Implement pagination in your API endpoints by using Skip and Take methods in LINQ queries or leveraging the built-in pagination support in Entity Framework. This will help manage and limit the amount of data returned in a single request, improving performance and reducing server load.

Ruby_on_rails

Implement pagination using gems like 'kaminari' or 'will_paginate' to break the dataset into manageable chunks and return it page by page.

Next_js

Implement server-side pagination in your API by using query parameters such as 'page' and 'limit' to return a subset of results per request. In Next.js, you can handle this logic within your API routes or when fetching data in 'getServerSideProps' or 'getStaticProps'.

Laravel

Implement pagination in Laravel by using the 'paginate' method on the Eloquent query, which automatically handles large datasets and provides a simple way to access paginated data.

Express_js

Implement pagination in your Express.js routes by using query parameters such as 'page' and 'limit' to control the amount of data returned per request. Utilize middleware or a library like 'mongoose-paginate' for MongoDB to handle the pagination logic efficiently.

Django

Implement pagination in your Django views by using Django's Paginator class. This will help to split the large data set into manageable pages and reduce server load.

Symfony

Implement pagination in your Symfony application by using the Pagerfanta bundle or the KnpPaginatorBundle to efficiently handle large datasets and limit the amount of data returned per request. Adjust your queries to fetch only a subset of data based on the page number and size parameters.

Spring_boot

Implement pagination in the Spring Boot application by using Pageable interface in the repository methods and applying @PageableDefault or @RequestParam to controller endpoints to handle page size, number, and sorting.

Flask

Implement pagination in your Flask route by using request arguments to define page number and limit, and apply these to your database query to return a subset of data.

Nuxt

Implement pagination in your Nuxt.js application by using the 'fetch' or 'asyncData' methods to retrieve data in chunks. Utilize query parameters such as 'page' and 'limit' to request specific subsets of data from the API.

Fastapi

Implement pagination in FastAPI by using query parameters such as 'skip' and 'limit' to control the number of records returned in a single request. This can help manage large datasets and improve API performance.

Configuration

Identifier: resource_limitation/pagination_missing

Options

  • threshold_low : Maximum number of nodes returned before raising a low level alert.
  • threshold_medium : Maximum number of nodes returned before raising a low level alert.
  • threshold_high : Maximum number of nodes returned before raising a low level alert.

Examples

Increase the threshold

checks:
  resource_limitation/pagination_missing:
    skip: true
    threshold_low: 1000
    threshold_medium: 2000
    threshold_high: 5000

Ignore this check

checks:
  resource_limitation/pagination_missing:
    skip: true

Score

  • Escape Severity: LOW

Compliance

  • OWASP: API8:2023

  • pci: 6.5.10

  • gdpr: Article-32

  • soc2: CC1

  • psd2: Article-95

  • iso27001: A.18.1

  • nist: SP800-53

  • fedramp: AC-4

Classification

  • CWE: 770

Score

  • CVSS_VECTOR: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVSS_SCORE: 3.7

References