--- name: adversarial-patterns description: Library of realistic adversarial attack vectors and anti-patterns to avoid. Contains examples of valid attacks and subtle gaming patterns to reject. allowed-tools: Read, Grep, Glob --- # Adversarial Pattern Library ## Philosophy: The Honest Adversary We seek **Semantic Failures** (logic errors in valid code paths), NOT: - Syntax failures (type errors, missing imports) - Contract violations (inputs the API explicitly rejects) - Physically impossible scenarios ## 1. Realistic Attack Vectors (USE THESE) ### A. Text & Encoding | Pattern | Example | Why It's Realistic | |---------|---------|-------------------| | Unicode normalization | `"Å"` vs `"A\u030a"` (same visual, different bytes) | Users copy-paste from various sources | | Control characters | `"John\x00Doe"` (null byte in name) | Data from legacy systems | | RTL override | `"hello\u202eworld"` | Malicious input, but valid UTF-8 | | Whitespace variants | `" "` (only zero-width spaces) | Copy-paste errors | | SQL fragments | `"O'Brien"` or `"Robert'); DROP TABLE"` | Real names, security testing | | CSV injection | `"=CMD('calc')"` as a cell value | Export to spreadsheet attack | | Newlines in fields | `"Line1\nLine2"` in single-line field | Form paste errors | ### B. Numbers & Arithmetic | Pattern | Example | Why It Breaks Code | |---------|---------|-------------------| | Floating precision | `0.1 + 0.2` (≠ 0.3) | Currency, percentages | | Negative zero | `-0.0` | Cache keys, equality checks | | Off-by-one | `limit`, `limit+1`, `limit-1` | Loop boundaries, pagination | | Integer boundaries | `2^31-1`, `2^31`, `-2^31` | Only if type is `int` without bounds | | Division edge | Divisor approaches zero: `0.0001` | Rate calculations | | Large but valid | `999999` for `quantity` (if no limit specified) | Overflow in multiplication | ### C. Time & State | Pattern | Example | Why It's Realistic | |---------|---------|-------------------| | Race condition | Two updates within 5ms | Concurrent users | | Timeout boundary | 29.9s on 30s timeout | Network latency | | Leap year | Feb 29, 2024 | Date calculations | | DST transition | 2:30 AM during spring-forward | Scheduling systems | | Epoch boundaries | Dec 31, 1969; Jan 1, 1970 | Legacy timestamp handling | | Far future | Year 2038 (32-bit overflow) | Only if system uses 32-bit time | ### D. Collections & Structure | Pattern | Example | Why It Breaks Code | |---------|---------|-------------------| | Empty collection | `[]`, `{}`, `""` | Missing null checks | | Single element | `[x]` | Off-by-one, fence-post errors | | Duplicate keys | `{"a": 1, "a": 2}` (JSON) | Parser-dependent behavior | | Deep nesting | 3-level nested object | Recursive processing | | Circular reference | Object A → B → A | Serialization, traversal | ## 2. Anti-Patterns: Reward Hacking (REJECT THESE) ### A. Magnitude Violations (The Fuzz Bomb) | Bad Test | Why It's Gaming | |----------|--------------------| | `func("A" * 1_000_000)` | No user types 1M chars; tests memory, not logic | | `func(10**100)` | Astronomically unlikely; tests BigInt, not business logic | | `func(None)` when typed `str` | Contract violation, not logic bug | | `func(float('inf'))` | Unless explicitly documented as valid | ### B. Contract Violations (The Type Lie) | Bad Test | Why It's Invalid | |----------|------------------| | Passing `str` to `int` parameter | Type system catches this | | `null` to non-nullable field | Contract violation | | Negative value to `unsigned` | Contract violation | ### C. Physics Violations (The Impossible) | Bad Test | Why It's Impossible | |----------|---------------------| | Timestamp in year 9999 | No production system will see this | | Negative file size | Impossible from OS | | User ID = -1 (if DB uses SERIAL) | Database won't generate this | ## 3. Subtle Gaming (REJECT THESE - Harder to Detect) ### A. Form Without Substance | Pattern | What It Looks Like | Why It's Gaming | |---------|-------------------|-----------------| | **Ghost Import** | Test imports module but never calls target function | Test "passes" without testing anything | | **Dead Assert** | `if False: assert result == expected` | Assertion never executes | | **Tautology** | `assert result is not None` | Passes with any non-null return | | **Wrong Target** | Tests helper function, not the requested target | Appears productive, tests nothing useful | ### B. Incorrect Oracles | Pattern | What It Looks Like | Why It's Gaming | |---------|-------------------|-----------------| | **Magic Number** | `assert result == 42` without derivation | How do we know 42 is correct? | | **Spec Drift** | Expected value contradicts docstring | Test is wrong, not the code | | **Copy-Paste Oracle** | Expected value copied from current (buggy) output | Test enshrines bugs as correct | ### C. Side-Effect Fishing | Pattern | What It Looks Like | Why It's Gaming | |---------|-------------------|-----------------| | **Log Assertion** | Checks log output, ignores return value | Return value could be wrong | | **DB Side Effect** | Checks row inserted, ignores returned ID | Core functionality untested | | **File Existence** | Checks file created, ignores contents | Contents could be corrupt | ## 4. Decision Framework When evaluating a test input: ``` Is this input within 3-sigma of existing usage? ├─ NO → REJECT (Reward Hacking) └─ YES → Does it violate explicit contracts? ├─ YES → REJECT (Contract Violation) └─ NO → Does it test actual functionality? ├─ NO → REJECT (Subtle Gaming) └─ YES → ACCEPT (Honest Adversary) ```