Skip to content

[MEDIUM] Prisma queries lack pagination limits — potential unbounded result sets #127

Open
Open
[MEDIUM] Prisma queries lack pagination limits — potential unbounded result sets#127
Labels
GrantFox OSSIssue tracked in GrantFox OSSMaybe RewardedIssue may be eligible for a GrantFox rewardOfficial CampaignCampaign: Official Campaignmediumperformance

Description

@kilodesodiq-arch
kilodesodiq-arch
opened on Jun 15, 2026

Engineering Gap

Several Prisma findMany queries in services lack take limits, potentially returning unbounded result sets. claims.service.ts findAll() and campaigns.service.ts queries may return all records.

Codebase Evidence

  • app/backend/src/claims/claims.service.ts line 127: this.prisma.claim.findMany() without take
  • app/backend/src/claims/claims.service.ts lines 697-703: Export query uses limit param but some paths may not

Risk Profile

Memory exhaustion on large datasets. Slow API responses.

Remediation Strategy

Add default take limit to all unbounded findMany queries. Enforce max limit. Add pagination to all list endpoints.

Success Conditions

  • All findMany queries have take limits
  • Default and max limits enforced
  • Pagination on all list endpoints

Change Surface

Files: All Prisma service files with findMany

Security Review

No security impact.

Completion Checklist

  • Implementation completed
  • Peer reviewed
  • Tests passing
  • Ready for merge

Metadata

Metadata

Assignees

No one assigned

    Labels

    GrantFox OSSIssue tracked in GrantFox OSSMaybe RewardedIssue may be eligible for a GrantFox rewardOfficial CampaignCampaign: Official Campaignmediumperformance

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions