pluresdb 1.0.1

package/src/tests/security/input-validation.test.ts

@@ -0,0 +1,282 @@
+// @ts-nocheck
+import { assertEquals, assertExists, assertRejects } from "jsr:@std/assert@1.0.14";
+import { GunDB } from "../../core/database.ts";
+
+Deno.test("Security - SQL Injection Prevention", async () => {
+  const db = new GunDB();
+  try {
+    const kvPath = await Deno.makeTempFile({
+      prefix: "kv_",
+      suffix: ".sqlite",
+    });
+    await db.ready(kvPath);
+
+    // Test malicious SQL injection attempts
+    const maliciousInputs = [
+      "'; DROP TABLE users; --",
+      "' OR '1'='1",
+      "'; INSERT INTO users VALUES ('hacker', 'password'); --",
+      "'; UPDATE users SET password='hacked'; --",
+      "'; DELETE FROM users; --",
+    ];
+
+    for (const maliciousInput of maliciousInputs) {
+      // These should be treated as regular string data, not executed as SQL
+      await db.put("test:sql", {
+        malicious: maliciousInput,
+        safe: "normal data",
+      });
+
+      const result = await db.get("test:sql");
+      assertExists(result);
+      assertEquals((result as any).malicious, maliciousInput);
+      assertEquals((result as any).safe, "normal data");
+    }
+  } finally {
+    await db.close();
+  }
+});
+
+Deno.test("Security - XSS Prevention", async () => {
+  const db = new GunDB();
+  try {
+    const kvPath = await Deno.makeTempFile({
+      prefix: "kv_",
+      suffix: ".sqlite",
+    });
+    await db.ready(kvPath);
+
+    // Test XSS payloads
+    const xssPayloads = [
+      "<script>alert('xss')</script>",
+      "javascript:alert('xss')",
+      "<img src=x onerror=alert('xss')>",
+      "<svg onload=alert('xss')>",
+      "';alert('xss');//",
+    ];
+
+    for (const payload of xssPayloads) {
+      await db.put("test:xss", {
+        payload: payload,
+        content: "Safe content",
+      });
+
+      const result = await db.get("test:xss");
+      assertExists(result);
+      // Data should be stored as-is without interpretation
+      assertEquals((result as any).payload, payload);
+    }
+  } finally {
+    await db.close();
+  }
+});
+
+Deno.test("Security - Path Traversal Prevention", async () => {
+  const db = new GunDB();
+  try {
+    const kvPath = await Deno.makeTempFile({
+      prefix: "kv_",
+      suffix: ".sqlite",
+    });
+    await db.ready(kvPath);
+
+    // Test path traversal attempts
+    const pathTraversalAttempts = [
+      "../../../etc/passwd",
+      "..\\..\\..\\windows\\system32\\drivers\\etc\\hosts",
+      "/etc/passwd",
+      "C:\\Windows\\System32\\config\\SAM",
+      "....//....//....//etc//passwd",
+    ];
+
+    for (const path of pathTraversalAttempts) {
+      // These should be treated as regular key names, not file paths
+      await db.put(path, {
+        content: "This should not access filesystem",
+        path: path,
+      });
+
+      const result = await db.get(path);
+      assertExists(result);
+      assertEquals((result as any).path, path);
+    }
+  } finally {
+    await db.close();
+  }
+});
+
+Deno.test("Security - Large Payload Prevention", async () => {
+  const db = new GunDB();
+  try {
+    const kvPath = await Deno.makeTempFile({
+      prefix: "kv_",
+      suffix: ".sqlite",
+    });
+    await db.ready(kvPath);
+
+    // Test very large payloads
+    const largePayload = "x".repeat(10 * 1024 * 1024); // 10MB
+
+    await assertRejects(
+      async () => {
+        await db.put("test:large", {
+          data: largePayload,
+        });
+      },
+      Error,
+      "Value too large",
+    );
+  } finally {
+    await db.close();
+  }
+});
+
+Deno.test("Security - Malformed JSON Handling", async () => {
+  const db = new GunDB();
+  try {
+    const kvPath = await Deno.makeTempFile({
+      prefix: "kv_",
+      suffix: ".sqlite",
+    });
+    await db.ready(kvPath);
+
+    // Test malformed JSON inputs
+    const malformedInputs = [
+      "{ invalid json }",
+      '{ "incomplete": ',
+      '{ "nested": { "broken": } }',
+      '{ "array": [1, 2, } }',
+      '{ "string": "unclosed }',
+    ];
+
+    for (const malformed of malformedInputs) {
+      await db.put("test:malformed", {
+        json: malformed,
+      });
+      const stored = await db.get("test:malformed");
+      assertExists(stored);
+      assertEquals((stored as any).json, malformed);
+    }
+  } finally {
+    await db.close();
+  }
+});
+
+Deno.test("Security - Type Confusion Prevention", async () => {
+  const db = new GunDB();
+  try {
+    const kvPath = await Deno.makeTempFile({
+      prefix: "kv_",
+      suffix: ".sqlite",
+    });
+    await db.ready(kvPath);
+
+    // Test type confusion attempts
+    const typeConfusionAttempts = [
+      { __proto__: { isAdmin: true } },
+      { constructor: { prototype: { isAdmin: true } } },
+      { toString: () => "hacked" },
+      { valueOf: () => 999999 },
+    ];
+
+    for (const attempt of typeConfusionAttempts) {
+      await db.put("test:type", attempt);
+
+      const result = await db.get("test:type");
+      assertExists(result);
+
+      // Should not have inherited properties
+      assertEquals((result as any).isAdmin, undefined);
+      assertEquals(typeof (result as any).toString, "string");
+    }
+  } finally {
+    await db.close();
+  }
+});
+
+Deno.test("Security - Vector Search Injection", async () => {
+  const db = new GunDB();
+  try {
+    const kvPath = await Deno.makeTempFile({
+      prefix: "kv_",
+      suffix: ".sqlite",
+    });
+    await db.ready(kvPath);
+
+    // Test vector search with malicious inputs
+    const maliciousQueries = [
+      "'; DROP TABLE nodes; --",
+      "<script>alert('xss')</script>",
+      "../../../etc/passwd",
+      "'; INSERT INTO nodes VALUES ('hacked', 'data'); --",
+    ];
+
+    for (const query of maliciousQueries) {
+      // Vector search should handle these safely
+      const results = await db.vectorSearch(query, 5);
+      assertEquals(Array.isArray(results), true);
+      // Should not throw errors or execute malicious code
+    }
+  } finally {
+    await db.close();
+  }
+});
+
+Deno.test("Security - Subscription Injection", async () => {
+  const db = new GunDB();
+  try {
+    const kvPath = await Deno.makeTempFile({
+      prefix: "kv_",
+      suffix: ".sqlite",
+    });
+    await db.ready(kvPath);
+
+    // Test subscription with malicious IDs
+    const maliciousIds = [
+      "'; DROP TABLE nodes; --",
+      "<script>alert('xss')</script>",
+      "../../../etc/passwd",
+      "'; INSERT INTO nodes VALUES ('hacked', 'data'); --",
+    ];
+
+    for (const id of maliciousIds) {
+      // Subscriptions should handle these safely
+      const unsubscribe = db.on(id, () => {});
+      assertExists(unsubscribe);
+
+      // Should be able to unsubscribe safely
+      unsubscribe();
+    }
+  } finally {
+    await db.close();
+  }
+});
+
+Deno.test("Security - Memory Exhaustion Prevention", async () => {
+  const db = new GunDB();
+  try {
+    const kvPath = await Deno.makeTempFile({
+      prefix: "kv_",
+      suffix: ".sqlite",
+    });
+    await db.ready(kvPath);
+
+    // Test creating many subscriptions to exhaust memory
+    const subscriptions: Array<() => void> = [];
+
+    try {
+      for (let i = 0; i < 100000; i++) {
+        const unsubscribe = db.on(`memory:${i}`, () => {});
+        subscriptions.push(unsubscribe);
+      }
+    } catch (error) {
+      // Should fail gracefully with memory limit
+      assertEquals(error.message.includes("Memory limit"), true);
+    }
+
+    // Clean up any created subscriptions
+    subscriptions.forEach((unsubscribe) => unsubscribe());
+  } finally {
+    await db.close();
+  }
+});

package/src/tests/unit/core.test.ts

@@ -0,0 +1,216 @@
+// @ts-nocheck
+import { assertEquals, assertExists, assertRejects } from "jsr:@std/assert@1.0.14";
+import { GunDB } from "../../core/database.ts";
+import { mergeNodes } from "../../core/crdt.ts";
+import type { NodeRecord } from "../../types/index.ts";
+
+Deno.test("Core Database - Basic CRUD Operations", async () => {
+  const db = new GunDB();
+  try {
+    const kvPath = await Deno.makeTempFile({
+      prefix: "kv_",
+      suffix: ".sqlite",
+    });
+    await db.ready(kvPath);
+
+    // Test put and get
+    const user = { name: "Alice", age: 30, email: "alice@example.com" };
+    await db.put("user:alice", user as unknown as Record<string, unknown>);
+    const got = await db.get<typeof user>("user:alice");
+
+    assertEquals(got?.name, "Alice");
+    assertEquals(got?.age, 30);
+    assertEquals(got?.email, "alice@example.com");
+
+    // Test update
+    await db.put("user:alice", { ...user, age: 31 });
+    const updated = await db.get<typeof user>("user:alice");
+    assertEquals(updated?.age, 31);
+
+    // Test delete
+    await db.delete("user:alice");
+    const deleted = await db.get<typeof user>("user:alice");
+    assertEquals(deleted, null);
+  } finally {
+    await db.close();
+  }
+});
+
+Deno.test("Core Database - Vector Clock Increments", async () => {
+  const db = new GunDB();
+  try {
+    const kvPath = await Deno.makeTempFile({
+      prefix: "kv_",
+      suffix: ".sqlite",
+    });
+    await db.ready(kvPath);
+
+    const id = "vc:test";
+    await db.put(id, { value: 1 });
+    await db.put(id, { value: 2 });
+    await db.put(id, { value: 3 });
+
+    // Inspect underlying record
+    const { KvStorage } = await import("../../storage/kv-storage.ts");
+    const kv = new KvStorage();
+    await kv.open(kvPath);
+    const node = await kv.getNode(id);
+    await kv.close();
+
+    assertExists(node);
+    const clockValues = Object.values(node.vectorClock);
+    assertEquals(clockValues.length, 1);
+    assertEquals(clockValues[0], 3);
+  } finally {
+    await db.close();
+  }
+});
+
+Deno.test("Core Database - Type System", async () => {
+  const db = new GunDB();
+  try {
+    const kvPath = await Deno.makeTempFile({
+      prefix: "kv_",
+      suffix: ".sqlite",
+    });
+    await db.ready(kvPath);
+
+    // Test setType and instancesOf
+    await db.put("person:1", { name: "Alice" });
+    await db.setType("person:1", "Person");
+
+    await db.put("company:1", { name: "Acme Corp" });
+    await db.setType("company:1", "Company");
+
+    const people = await db.instancesOf("Person");
+    assertEquals(people.length, 1);
+    assertEquals(people[0].id, "person:1");
+
+    const companies = await db.instancesOf("Company");
+    assertEquals(companies.length, 1);
+    assertEquals(companies[0].id, "company:1");
+  } finally {
+    await db.close();
+  }
+});
+
+Deno.test("Core Database - Vector Search", async () => {
+  const db = new GunDB();
+  try {
+    const kvPath = await Deno.makeTempFile({
+      prefix: "kv_",
+      suffix: ".sqlite",
+    });
+    await db.ready(kvPath);
+
+    // Add documents with text content
+    await db.put("doc:1", { text: "Machine learning and artificial intelligence" });
+    await db.put("doc:2", { text: "Cooking recipes and food preparation" });
+    await db.put("doc:3", { text: "Deep learning neural networks" });
+
+    // Test vector search
+    const results = await db.vectorSearch("machine learning", 2);
+    assertExists(results);
+    assertEquals(results.length, 2);
+
+    // Should find the most relevant documents
+    const docIds = results.map((r) => r.id);
+    assertExists(docIds.includes("doc:1"));
+    assertExists(docIds.includes("doc:3"));
+  } finally {
+    await db.close();
+  }
+});
+
+Deno.test("CRDT Merge - Equal Timestamps", () => {
+  const timestamp = Date.now();
+  const local: NodeRecord = {
+    id: "test:1",
+    data: { a: 1, shared: 1, nested: { x: 1, y: 1 } },
+    vector: [0.1, 0.2],
+    type: "TestType",
+    timestamp,
+    vectorClock: { peerA: 2 },
+  };
+
+  const incoming: NodeRecord = {
+    id: "test:1",
+    data: { b: 2, shared: 2, nested: { y: 2, z: 3 } },
+    timestamp,
+    vectorClock: { peerB: 3 },
+  } as unknown as NodeRecord;
+
+  const merged = mergeNodes(local, incoming);
+
+  assertEquals(merged.id, "test:1");
+  assertEquals(merged.timestamp, timestamp);
+  assertEquals(merged.data, {
+    a: 1,
+    shared: 2,
+    b: 2,
+    nested: { x: 1, y: 2, z: 3 },
+  });
+  assertEquals(merged.type, "TestType");
+  assertEquals(merged.vector, [0.1, 0.2]);
+  assertEquals(merged.vectorClock.peerA, 2);
+  assertEquals(merged.vectorClock.peerB, 3);
+});
+
+Deno.test("CRDT Merge - LWW on Different Timestamps", () => {
+  const t1 = 1000;
+  const t2 = 2000;
+
+  const older: NodeRecord = {
+    id: "test:2",
+    data: { a: 1, b: 1 },
+    timestamp: t1,
+    vectorClock: { p1: 1 },
+  } as unknown as NodeRecord;
+
+  const newer: NodeRecord = {
+    id: "test:2",
+    data: { a: 999, b: 2, c: 3 },
+    timestamp: t2,
+    vectorClock: { p2: 1 },
+  } as unknown as NodeRecord;
+
+  const merged = mergeNodes(older, newer);
+
+  assertEquals(merged.data, { a: 999, b: 2, c: 3 });
+  assertEquals(merged.timestamp, t2);
+});
+
+Deno.test("Core Database - Error Handling", async () => {
+  const db = new GunDB();
+
+  // Test operations before ready
+  await assertRejects(() => db.put("test", { value: 1 }), Error, "Database not ready");
+
+  await assertRejects(() => db.get("test"), Error, "Database not ready");
+
+  await assertRejects(() => db.delete("test"), Error, "Database not ready");
+});
+
+Deno.test("Core Database - Persistence Across Restarts", async () => {
+  const kvPath = await Deno.makeTempFile({
+    prefix: "kv_",
+    suffix: ".sqlite",
+  });
+  const id = "persist:test";
+
+  // First session
+  const db1 = new GunDB();
+  await db1.ready(kvPath);
+  await db1.put(id, { value: 123, text: "persistent data" });
+  await db1.close();
+
+  // Second session
+  const db2 = new GunDB();
+  await db2.ready(kvPath);
+  const got = await db2.get<{ value: number; text: string }>(id);
+  await db2.close();
+
+  assertExists(got);
+  assertEquals(got.value, 123);
+  assertEquals(got.text, "persistent data");
+});

package/src/tests/unit/subscriptions.test.ts

@@ -0,0 +1,135 @@
+// @ts-nocheck
+import { assertEquals, assertThrows } from "jsr:@std/assert@1.0.14";
+import { GunDB } from "../../core/database.ts";
+
+Deno.test("Subscriptions - Basic Update Events", async () => {
+  const db = new GunDB();
+  try {
+    const kvPath = await Deno.makeTempFile({
+      prefix: "kv_",
+      suffix: ".sqlite",
+    });
+    await db.ready(kvPath);
+
+    const id = "user:test";
+    let updateCount = 0;
+    let lastData: any = null;
+
+    const unsubscribe = db.on(id, (node) => {
+      updateCount++;
+      lastData = node?.data;
+    });
+
+    // Test initial put
+    await db.put(id, { name: "Alice", age: 30 });
+    await new Promise((resolve) => setTimeout(resolve, 100));
+    assertEquals(updateCount, 1);
+    assertEquals(lastData?.name, "Alice");
+
+    // Test update
+    await db.put(id, { name: "Alice", age: 31 });
+    await new Promise((resolve) => setTimeout(resolve, 100));
+    assertEquals(updateCount, 2);
+    assertEquals(lastData?.age, 31);
+
+    // Test unsubscribe
+    unsubscribe();
+    await db.put(id, { name: "Alice", age: 32 });
+    await new Promise((resolve) => setTimeout(resolve, 100));
+    assertEquals(updateCount, 2); // Should not increment
+  } finally {
+    await db.close();
+  }
+});
+
+Deno.test("Subscriptions - Delete Events", async () => {
+  const db = new GunDB();
+  try {
+    const kvPath = await Deno.makeTempFile({
+      prefix: "kv_",
+      suffix: ".sqlite",
+    });
+    await db.ready(kvPath);
+
+    const id = "user:delete";
+    let deleteReceived = false;
+
+    const unsubscribe = db.on(id, (node) => {
+      if (node === null) {
+        deleteReceived = true;
+      }
+    });
+
+    await db.put(id, { name: "Bob" });
+    await db.delete(id);
+    await new Promise((resolve) => setTimeout(resolve, 100));
+
+    assertEquals(deleteReceived, true);
+    unsubscribe();
+  } finally {
+    await db.close();
+  }
+});
+
+Deno.test("Subscriptions - Multiple Subscribers", async () => {
+  const db = new GunDB();
+  try {
+    const kvPath = await Deno.makeTempFile({
+      prefix: "kv_",
+      suffix: ".sqlite",
+    });
+    await db.ready(kvPath);
+
+    const id = "user:multi";
+    let subscriber1Count = 0;
+    let subscriber2Count = 0;
+
+    const unsubscribe1 = db.on(id, () => subscriber1Count++);
+    const unsubscribe2 = db.on(id, () => subscriber2Count++);
+
+    await db.put(id, { name: "Charlie" });
+    await new Promise((resolve) => setTimeout(resolve, 100));
+
+    assertEquals(subscriber1Count, 1);
+    assertEquals(subscriber2Count, 1);
+
+    unsubscribe1();
+    unsubscribe2();
+  } finally {
+    await db.close();
+  }
+});
+
+Deno.test("Subscriptions - Error Handling", async () => {
+  const db = new GunDB();
+
+  // Test subscription before ready
+  assertThrows(() => db.on("test", () => {}), Error, "Database not ready");
+});
+
+Deno.test("Subscriptions - Off Method", async () => {
+  const db = new GunDB();
+  try {
+    const kvPath = await Deno.makeTempFile({
+      prefix: "kv_",
+      suffix: ".sqlite",
+    });
+    await db.ready(kvPath);
+
+    const id = "user:off";
+    let called = false;
+
+    const callback = () => {
+      called = true;
+    };
+    db.on(id, callback);
+    db.off(id, callback);
+
+    await db.put(id, { name: "Dave" });
+    await new Promise((resolve) => setTimeout(resolve, 100));
+
+    assertEquals(called, false);
+  } finally {
+    await db.close();
+  }
+});