Metastatic.Analysis.BusinessLogic.MissingThrottle
(Metastatic v0.10.4)
View Source
Detects expensive operations without rate limiting or throttling.
Universal pattern: resource-intensive endpoints without rate limits.
Examples
Python (Flask API without rate limiting):
@app.route('/api/search', methods=['POST'])
def search(): # Should add rate limiter decorator
results = expensive_search(request.json['query'])
return jsonify(results)JavaScript (Express API without rate limit):
app.post('/api/search', async (req, res) => { # Should use express-rate-limit
const results = await expensiveSearch(req.body.query);
res.json(results);
});Elixir (Phoenix action without rate limiting):
def create(conn, params) do # Should add Plug.RateLimit or similar
result = expensive_operation(params)
json(conn, result)
endC# (ASP.NET endpoint without throttling):
[HttpPost("api/search")]
public IActionResult Search([FromBody] SearchRequest req) { # Should add [RateLimit] attribute
var results = ExpensiveSearch(req.Query);
return Ok(results);
}Go (HTTP handler without rate limiting):
func searchHandler(w http.ResponseWriter, r *http.Request) { # Should use rate.Limiter
results := expensiveSearch(r.Body)
json.NewEncoder(w).Encode(results)
}Java (Spring endpoint without rate limit):
@PostMapping("/api/search")
public ResponseEntity search(@RequestBody SearchRequest req) { # Should add Bucket4j or similar
List results = expensiveSearch(req.getQuery());
return ResponseEntity.ok(results);
}Ruby (Rails action without throttling):
def create # Should use rack-attack or similar
results = expensive_search(params[:query])
render json: results
endPython (FastAPI without rate limit):
@app.post("/api/search")
async def search(request: SearchRequest): # Should use slowapi
results = await expensive_search(request.query)
return results