Search docs
Docs searchValidation category
Data / Query Risk
Review implemented validation rules for tenant-filter evidence, broad projection, unbounded reads, N+1 patterns, in-memory processing, and repeated query flows.
Why it matters
Data / Query Risk findings focus on database access patterns that affect tenant safety, data exposure, and operational scale.
What this category covers
- Tenant-scoped and bounded database access.
- Explicit projections instead of broad entity loading.
- Batching and request flow design that avoid N+1 or repeated query patterns.
Implemented rules
These are the currently implemented rules in this category. Cloud stores and displays the uploaded findings from local validation; it does not add future or speculative rules.
| Rule ID | Rule title | Category | Severity | Short explanation | Example violation | Remediation guidance |
|---|---|---|---|---|---|---|
| AP-DQR-001 | Missing tenant filter evidence in multi-tenant SQL | Data / Query Risk | warning | Flags query paths where multi-tenant SQL lacks clear tenant-filter evidence. | SELECT * FROM invoices WHERE status = 'open' | Add an explicit tenant filter to the query. Pass tenant context through repository/service boundaries. Document intentional shared queries and add tests that prove tenant isolation. |
| AP-DQR-002 | Broad SELECT * usage in query path | Data / Query Risk | warning | Flags broad SELECT * usage in paths where explicit projection is safer. | SELECT * FROM account_summary | Replace SELECT * with explicit columns. Keep sensitive columns out of read models unless required. Update tests or snapshots that assumed the broad result shape. |
| AP-DQR-003 | Unbounded query risk without limit/pagination evidence | Data / Query Risk | warning | Flags list/query paths without obvious limit or pagination controls. | findMany({ where: { organizationId } }) | Add limit and pagination parameters. Set a maximum page size. For exports, move heavy reads to an explicit export workflow with operational safeguards. |
| AP-DQR-004 | Cross-module direct database access bypasses module boundary | Data / Query Risk | warning | Flags database access that reaches into another module's owned data boundary directly. | risk imports payments ledger tables directly for scoring. | Use the owning module's public API or service boundary. Add a supported read model or event feed. Document temporary migration exceptions and remove them after the migration window. |
| AP-DQR-005 | N+1 query evidence in collection loop | Data / Query Risk | warning | Flags collection workflows that appear to query inside a loop. | for each repository, query latest snapshot separately. | Batch-load related records. Use include/select or joins where appropriate. Add tests or traces for collection-size behavior. |
| AP-DQR-006 | Large collection loaded then processed in memory | Data / Query Risk | warning | Flags query flows that load broad collections and filter or aggregate them in memory. | findMany(...) loads all findings, then filters open findings in JavaScript. | Push filtering, projection, and aggregation into the query. Apply limits before loading records. Move large exports to explicit batch workflows. |
| AP-DQR-007 | Missing projection/select for partial entity use | Data / Query Risk | warning | Flags queries that load full entities when only a small subset of fields is used. | Load full user records to render only name and email. | Add select/projection for required fields. Keep sensitive fields out of read paths by default. Update response mapping tests after narrowing the shape. |
| AP-DQR-008 | Repeated query pattern in one request flow | Data / Query Risk | warning | Flags request flows that repeat the same or similar query multiple times. | A request loads organization membership in auth, service, and repository helpers separately. | Fetch shared context once and pass it through. Batch similar queries. Add request-level caching only when it matches consistency needs. |
Related pages
Next steps