Skip to content

Test: Malicious Vector Data and Input Sanitization #212

New issue
New issue
Open
Open
Test: Malicious Vector Data and Input Sanitization#212
Labels
phase-3securitytesting
@nickna

Description

@nickna
nickna
opened on Jun 27, 2025

Description

Test database security against malicious vector data, extreme values, and input that could cause crashes or unexpected behavior.

Phase

Phase 3: Security and Input Validation

Epic

Related to #202

Acceptance Criteria

  • Test with vectors containing NaN, Infinity, and extreme float values
  • Validate behavior with zero-dimensional and negative-dimensional vectors
  • Test extremely large vectors (millions of dimensions)
  • Verify handling of null and malformed vector data
  • Ensure no buffer overflows or memory corruption

Malicious Input Scenarios

  1. Extreme Float Values - NaN, PositiveInfinity, NegativeInfinity, MaxValue
  2. Dimension Attacks - Zero, negative, and extremely large dimension counts
  3. Memory Exhaustion - Vectors designed to consume excessive memory
  4. Serialization Attacks - Malformed binary data that could crash deserialization
  5. Embedding Injection - Malicious text designed to break embedding generation

Test Structure

[Test]
[Category("Security")]
public void Vector_WithNaNValues_HandledSafely()
{
    // Arrange
    var maliciousValues = new float[] { float.NaN, float.PositiveInfinity, float.NegativeInfinity, float.MaxValue };
    
    // Act & Assert: Should either reject gracefully or handle safely
    var database = new VectorDatabase();
    
    foreach (var value in maliciousValues)
    {
        var maliciousVector = new Vector(new float[] { value, 1.0f, 2.0f });
        
        // Should not crash the database
        Assert.DoesNotThrow(() => database.Vectors.Add(maliciousVector));
        
        // Search operations should not crash
        Assert.DoesNotThrow(() => database.Search(maliciousVector, 5, SearchAlgorithm.Linear));
    }
    
    // Database should remain stable
    Assert.That(database.Count, Is.EqualTo(maliciousValues.Length));
}

[Test]
[Category("Security")]
public void Vector_WithExtremeDimensions_RejectedSafely()
{
    // Test vectors with extreme dimension counts
    var database = new VectorDatabase();
    
    // Zero dimensions
    Assert.Throws<ArgumentException>(() => new Vector(new float[0]));
    
    // Negative dimensions (if possible through unsafe code)
    // Extremely large dimensions (could cause OutOfMemoryException)
    Assert.Throws<OutOfMemoryException>(() => new Vector(new float[int.MaxValue]));
}

Security Validation

  • Input sanitization for all public APIs
  • Bounds checking for array operations
  • Safe handling of floating-point edge cases
  • Prevention of deserialization attacks

Metadata

Metadata

Assignees

No one assigned

    Labels

    phase-3securitytesting

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions