fix(attack-paths): Use Findings.all_objects to avoid the custom manager (#9869)

api/CHANGELOG.md

@@ -10,6 +10,7 @@ All notable changes to the **Prowler API** are documented in this file.
 - Deleting providers don't try to delete a `None` Neo4j database when an Attack Paths scan is scheduled [(#9858)](https://github.com/prowler-cloud/prowler/pull/9858)
 - Use replica database for reading Findings to add them to the Attack Paths graph [(#9861)](https://github.com/prowler-cloud/prowler/pull/9861)
 - Attack paths findings loading query to use streaming generator for O(batch_size) memory instead of O(total_findings) [(#9862)](https://github.com/prowler-cloud/prowler/pull/9862)
+- Use `Findings.all_objects` to avoid the `ActiveProviderPartitionedManager` [(#9869)](https://github.com/prowler-cloud/prowler/pull/9869)
 
 ## [1.18.0] (Prowler v5.17.0)
 

api/src/backend/tasks/jobs/attack_paths/prowler.py

@@ -2,7 +2,6 @@ from collections import defaultdict
 from typing import Generator
 
 import neo4j
-
 from cartography.client.core.tx import run_write_query
 from cartography.config import Config as CartographyConfig
 from celery.utils.log import get_task_logger
@@ -129,7 +128,10 @@ def get_provider_last_scan_findings(
         iteration += 1
 
         with rls_transaction(prowler_api_provider.tenant_id, using=READ_REPLICA_ALIAS):
-            qs = Finding.objects.filter(scan_id=scan_id).order_by("id")
+            # Use all_objects to avoid the ActiveProviderManager's implicit JOIN
+            # through Scan -> Provider (to check is_deleted=False).
+            # The provider is already validated as active in this context.
+            qs = Finding.all_objects.filter(scan_id=scan_id).order_by("id")
             if last_id is not None:
                 qs = qs.filter(id__gt=last_id)