@plures/pluresdb 1.4.0

package/legacy/tests/performance/load.test.ts

@@ -0,0 +1,290 @@
+// @ts-nocheck
+import { assertEquals, assertExists } from "jsr:@std/assert@1.0.14";
+import { GunDB } from "../../core/database.ts";
+
+interface PerformanceMetrics {
+  operation: string;
+  count: number;
+  totalTime: number;
+  averageTime: number;
+  operationsPerSecond: number;
+}
+
+function measureOperation(
+  operation: () => Promise<void>,
+  count: number,
+): Promise<PerformanceMetrics> {
+  return new Promise(async (resolve) => {
+    const startTime = performance.now();
+
+    for (let i = 0; i < count; i++) {
+      await operation();
+    }
+
+    const endTime = performance.now();
+    const totalTime = endTime - startTime;
+    const averageTime = totalTime / count;
+    const operationsPerSecond = (count / totalTime) * 1000;
+
+    resolve({
+      operation: "unknown",
+      count,
+      totalTime,
+      averageTime,
+      operationsPerSecond,
+    });
+  });
+}
+
+Deno.test("Performance - Bulk Insert Operations", async () => {
+  const db = new GunDB();
+  try {
+    const kvPath = await Deno.makeTempFile({
+      prefix: "kv_",
+      suffix: ".sqlite",
+    });
+    await db.ready(kvPath);
+
+    const count = 1000;
+    let currentCount = 0;
+
+    const metrics = await measureOperation(async () => {
+      await db.put(`perf:${currentCount++}`, {
+        id: currentCount,
+        data: `Performance test data ${currentCount}`,
+        timestamp: Date.now(),
+      });
+    }, count);
+
+    console.log(`Bulk Insert Performance:`, metrics);
+
+    // Verify all data was inserted
+    const allNodes = await db.getAll();
+    assertEquals(allNodes.length, count);
+
+    // Performance assertions
+    assertEquals(metrics.operationsPerSecond > 100, true); // At least 100 ops/sec
+    assertEquals(metrics.averageTime < 10, true); // Less than 10ms per operation
+  } finally {
+    await db.close();
+  }
+});
+
+Deno.test("Performance - Bulk Read Operations", async () => {
+  const db = new GunDB();
+  try {
+    const kvPath = await Deno.makeTempFile({
+      prefix: "kv_",
+      suffix: ".sqlite",
+    });
+    await db.ready(kvPath);
+
+    // Pre-populate with data
+    const count = 1000;
+    for (let i = 0; i < count; i++) {
+      await db.put(`read:${i}`, {
+        id: i,
+        data: `Read test data ${i}`,
+        timestamp: Date.now(),
+      });
+    }
+
+    let currentCount = 0;
+    const metrics = await measureOperation(async () => {
+      const data = await db.get(`read:${currentCount++}`);
+      assertExists(data);
+    }, count);
+
+    console.log(`Bulk Read Performance:`, metrics);
+
+    // Performance assertions
+    assertEquals(metrics.operationsPerSecond > 500, true); // At least 500 ops/sec
+    assertEquals(metrics.averageTime < 2, true); // Less than 2ms per operation
+  } finally {
+    await db.close();
+  }
+});
+
+Deno.test("Performance - Vector Search Operations", async () => {
+  const db = new GunDB();
+  try {
+    const kvPath = await Deno.makeTempFile({
+      prefix: "kv_",
+      suffix: ".sqlite",
+    });
+    await db.ready(kvPath);
+
+    // Pre-populate with documents for vector search
+    const count = 500;
+    for (let i = 0; i < count; i++) {
+      await db.put(`doc:${i}`, {
+        text:
+          `Document ${i} about machine learning and artificial intelligence`,
+        content:
+          `This is document number ${i} containing information about AI and ML algorithms`,
+      });
+    }
+
+    const searchQueries = [
+      "machine learning algorithms",
+      "artificial intelligence",
+      "neural networks",
+      "deep learning",
+      "data science",
+    ];
+
+    let queryCount = 0;
+    const metrics = await measureOperation(async () => {
+      const query = searchQueries[queryCount % searchQueries.length];
+      const results = await db.vectorSearch(query, 10);
+      assertExists(results);
+      queryCount++;
+    }, 100);
+
+    console.log(`Vector Search Performance:`, metrics);
+
+    // Performance assertions
+    assertEquals(metrics.operationsPerSecond > 50, true); // At least 50 ops/sec
+    assertEquals(metrics.averageTime < 20, true); // Less than 20ms per operation
+  } finally {
+    await db.close();
+  }
+});
+
+Deno.test("Performance - Concurrent Operations", async () => {
+  const db = new GunDB();
+  try {
+    const kvPath = await Deno.makeTempFile({
+      prefix: "kv_",
+      suffix: ".sqlite",
+    });
+    await db.ready(kvPath);
+
+    const concurrentCount = 100;
+    const operationsPerWorker = 10;
+
+    const startTime = performance.now();
+
+    // Run concurrent operations
+    const promises = Array.from({ length: concurrentCount }, async (_, i) => {
+      for (let j = 0; j < operationsPerWorker; j++) {
+        await db.put(`concurrent:${i}:${j}`, {
+          worker: i,
+          operation: j,
+          timestamp: Date.now(),
+        });
+      }
+    });
+
+    await Promise.all(promises);
+
+    const endTime = performance.now();
+    const totalTime = endTime - startTime;
+    const totalOperations = concurrentCount * operationsPerWorker;
+    const operationsPerSecond = (totalOperations / totalTime) * 1000;
+
+    console.log(`Concurrent Operations Performance:`, {
+      totalOperations,
+      totalTime,
+      operationsPerSecond,
+    });
+
+    // Verify all operations completed
+    const allNodes = await db.getAll();
+    assertEquals(allNodes.length, totalOperations);
+
+    // Performance assertions
+    assertEquals(operationsPerSecond > 200, true); // At least 200 ops/sec
+  } finally {
+    await db.close();
+  }
+});
+
+Deno.test("Performance - Memory Usage", async () => {
+  const db = new GunDB();
+  try {
+    const kvPath = await Deno.makeTempFile({
+      prefix: "kv_",
+      suffix: ".sqlite",
+    });
+    await db.ready(kvPath);
+
+    const initialMemory = (performance as any).memory?.usedJSHeapSize || 0;
+
+    // Insert large amount of data
+    const count = 10000;
+    for (let i = 0; i < count; i++) {
+      await db.put(`memory:${i}`, {
+        id: i,
+        largeData: "x".repeat(1000), // 1KB per record
+        timestamp: Date.now(),
+      });
+    }
+
+    const afterInsertMemory = (performance as any).memory?.usedJSHeapSize || 0;
+    const memoryIncrease = afterInsertMemory - initialMemory;
+
+    console.log(`Memory Usage:`, {
+      initialMemory,
+      afterInsertMemory,
+      memoryIncrease,
+      memoryPerRecord: memoryIncrease / count,
+    });
+
+    // Memory efficiency assertions
+    assertEquals(memoryIncrease < 50 * 1024 * 1024, true); // Less than 50MB increase
+    assertEquals(memoryIncrease / count < 5000, true); // Less than 5KB per record
+  } finally {
+    await db.close();
+  }
+});
+
+Deno.test("Performance - Subscription Performance", async () => {
+  const db = new GunDB();
+  try {
+    const kvPath = await Deno.makeTempFile({
+      prefix: "kv_",
+      suffix: ".sqlite",
+    });
+    await db.ready(kvPath);
+
+    const subscriptionCount = 1000;
+    const updateCount = 100;
+
+    // Set up many subscriptions
+    const subscriptions: Array<() => void> = [];
+    for (let i = 0; i < subscriptionCount; i++) {
+      const unsubscribe = db.on(`sub:${i}`, () => {});
+      subscriptions.push(unsubscribe);
+    }
+
+    const startTime = performance.now();
+
+    // Trigger updates
+    for (let i = 0; i < updateCount; i++) {
+      await db.put(`sub:${i % subscriptionCount}`, {
+        update: i,
+        timestamp: Date.now(),
+      });
+    }
+
+    const endTime = performance.now();
+    const totalTime = endTime - startTime;
+    const updatesPerSecond = (updateCount / totalTime) * 1000;
+
+    console.log(`Subscription Performance:`, {
+      subscriptionCount,
+      updateCount,
+      totalTime,
+      updatesPerSecond,
+    });
+
+    // Clean up subscriptions
+    subscriptions.forEach((unsubscribe) => unsubscribe());
+
+    // Performance assertions
+    assertEquals(updatesPerSecond > 50, true); // At least 50 updates/sec
+  } finally {
+    await db.close();
+  }
+});

package/legacy/tests/security/input-validation.test.ts

@@ -0,0 +1,286 @@
+// @ts-nocheck
+import {
+  assertEquals,
+  assertExists,
+  assertRejects,
+} from "jsr:@std/assert@1.0.14";
+import { GunDB } from "../../core/database.ts";
+
+Deno.test("Security - SQL Injection Prevention", async () => {
+  const db = new GunDB();
+  try {
+    const kvPath = await Deno.makeTempFile({
+      prefix: "kv_",
+      suffix: ".sqlite",
+    });
+    await db.ready(kvPath);
+
+    // Test malicious SQL injection attempts
+    const maliciousInputs = [
+      "'; DROP TABLE users; --",
+      "' OR '1'='1",
+      "'; INSERT INTO users VALUES ('hacker', 'password'); --",
+      "'; UPDATE users SET password='hacked'; --",
+      "'; DELETE FROM users; --",
+    ];
+
+    for (const maliciousInput of maliciousInputs) {
+      // These should be treated as regular string data, not executed as SQL
+      await db.put("test:sql", {
+        malicious: maliciousInput,
+        safe: "normal data",
+      });
+
+      const result = await db.get("test:sql");
+      assertExists(result);
+      assertEquals((result as any).malicious, maliciousInput);
+      assertEquals((result as any).safe, "normal data");
+    }
+  } finally {
+    await db.close();
+  }
+});
+
+Deno.test("Security - XSS Prevention", async () => {
+  const db = new GunDB();
+  try {
+    const kvPath = await Deno.makeTempFile({
+      prefix: "kv_",
+      suffix: ".sqlite",
+    });
+    await db.ready(kvPath);
+
+    // Test XSS payloads
+    const xssPayloads = [
+      "<script>alert('xss')</script>",
+      "javascript:alert('xss')",
+      "<img src=x onerror=alert('xss')>",
+      "<svg onload=alert('xss')>",
+      "';alert('xss');//",
+    ];
+
+    for (const payload of xssPayloads) {
+      await db.put("test:xss", {
+        payload: payload,
+        content: "Safe content",
+      });
+
+      const result = await db.get("test:xss");
+      assertExists(result);
+      // Data should be stored as-is without interpretation
+      assertEquals((result as any).payload, payload);
+    }
+  } finally {
+    await db.close();
+  }
+});
+
+Deno.test("Security - Path Traversal Prevention", async () => {
+  const db = new GunDB();
+  try {
+    const kvPath = await Deno.makeTempFile({
+      prefix: "kv_",
+      suffix: ".sqlite",
+    });
+    await db.ready(kvPath);
+
+    // Test path traversal attempts
+    const pathTraversalAttempts = [
+      "../../../etc/passwd",
+      "..\\..\\..\\windows\\system32\\drivers\\etc\\hosts",
+      "/etc/passwd",
+      "C:\\Windows\\System32\\config\\SAM",
+      "....//....//....//etc//passwd",
+    ];
+
+    for (const path of pathTraversalAttempts) {
+      // These should be treated as regular key names, not file paths
+      await db.put(path, {
+        content: "This should not access filesystem",
+        path: path,
+      });
+
+      const result = await db.get(path);
+      assertExists(result);
+      assertEquals((result as any).path, path);
+    }
+  } finally {
+    await db.close();
+  }
+});
+
+Deno.test("Security - Large Payload Prevention", async () => {
+  const db = new GunDB();
+  try {
+    const kvPath = await Deno.makeTempFile({
+      prefix: "kv_",
+      suffix: ".sqlite",
+    });
+    await db.ready(kvPath);
+
+    // Test very large payloads
+    const largePayload = "x".repeat(10 * 1024 * 1024); // 10MB
+
+    await assertRejects(
+      async () => {
+        await db.put("test:large", {
+          data: largePayload,
+        });
+      },
+      Error,
+      "Value too large",
+    );
+  } finally {
+    await db.close();
+  }
+});
+
+Deno.test("Security - Malformed JSON Handling", async () => {
+  const db = new GunDB();
+  try {
+    const kvPath = await Deno.makeTempFile({
+      prefix: "kv_",
+      suffix: ".sqlite",
+    });
+    await db.ready(kvPath);
+
+    // Test malformed JSON inputs
+    const malformedInputs = [
+      "{ invalid json }",
+      '{ "incomplete": ',
+      '{ "nested": { "broken": } }',
+      '{ "array": [1, 2, } }',
+      '{ "string": "unclosed }',
+    ];
+
+    for (const malformed of malformedInputs) {
+      await db.put("test:malformed", {
+        json: malformed,
+      });
+      const stored = await db.get("test:malformed");
+      assertExists(stored);
+      assertEquals((stored as any).json, malformed);
+    }
+  } finally {
+    await db.close();
+  }
+});
+
+Deno.test("Security - Type Confusion Prevention", async () => {
+  const db = new GunDB();
+  try {
+    const kvPath = await Deno.makeTempFile({
+      prefix: "kv_",
+      suffix: ".sqlite",
+    });
+    await db.ready(kvPath);
+
+    // Test type confusion attempts
+    const typeConfusionAttempts = [
+      { __proto__: { isAdmin: true } },
+      { constructor: { prototype: { isAdmin: true } } },
+      { toString: () => "hacked" },
+      { valueOf: () => 999999 },
+    ];
+
+    for (const attempt of typeConfusionAttempts) {
+      await db.put("test:type", attempt);
+
+      const result = await db.get("test:type");
+      assertExists(result);
+
+      // Should not have inherited properties
+      assertEquals((result as any).isAdmin, undefined);
+      assertEquals(typeof (result as any).toString, "string");
+    }
+  } finally {
+    await db.close();
+  }
+});
+
+Deno.test("Security - Vector Search Injection", async () => {
+  const db = new GunDB();
+  try {
+    const kvPath = await Deno.makeTempFile({
+      prefix: "kv_",
+      suffix: ".sqlite",
+    });
+    await db.ready(kvPath);
+
+    // Test vector search with malicious inputs
+    const maliciousQueries = [
+      "'; DROP TABLE nodes; --",
+      "<script>alert('xss')</script>",
+      "../../../etc/passwd",
+      "'; INSERT INTO nodes VALUES ('hacked', 'data'); --",
+    ];
+
+    for (const query of maliciousQueries) {
+      // Vector search should handle these safely
+      const results = await db.vectorSearch(query, 5);
+      assertEquals(Array.isArray(results), true);
+      // Should not throw errors or execute malicious code
+    }
+  } finally {
+    await db.close();
+  }
+});
+
+Deno.test("Security - Subscription Injection", async () => {
+  const db = new GunDB();
+  try {
+    const kvPath = await Deno.makeTempFile({
+      prefix: "kv_",
+      suffix: ".sqlite",
+    });
+    await db.ready(kvPath);
+
+    // Test subscription with malicious IDs
+    const maliciousIds = [
+      "'; DROP TABLE nodes; --",
+      "<script>alert('xss')</script>",
+      "../../../etc/passwd",
+      "'; INSERT INTO nodes VALUES ('hacked', 'data'); --",
+    ];
+
+    for (const id of maliciousIds) {
+      // Subscriptions should handle these safely
+      const unsubscribe = db.on(id, () => {});
+      assertExists(unsubscribe);
+
+      // Should be able to unsubscribe safely
+      unsubscribe();
+    }
+  } finally {
+    await db.close();
+  }
+});
+
+Deno.test("Security - Memory Exhaustion Prevention", async () => {
+  const db = new GunDB();
+  try {
+    const kvPath = await Deno.makeTempFile({
+      prefix: "kv_",
+      suffix: ".sqlite",
+    });
+    await db.ready(kvPath);
+
+    // Test creating many subscriptions to exhaust memory
+    const subscriptions: Array<() => void> = [];
+
+    try {
+      for (let i = 0; i < 100000; i++) {
+        const unsubscribe = db.on(`memory:${i}`, () => {});
+        subscriptions.push(unsubscribe);
+      }
+    } catch (error) {
+      // Should fail gracefully with memory limit
+      assertEquals(error.message.includes("Memory limit"), true);
+    }
+
+    // Clean up any created subscriptions
+    subscriptions.forEach((unsubscribe) => unsubscribe());
+  } finally {
+    await db.close();
+  }
+});