optirs_bench/security_auditor/

input_validation.rs

// Input validation analyzer for detecting malicious inputs
//
// This module provides comprehensive input validation testing capabilities
// to detect potential security vulnerabilities in optimization algorithms,
// including malformed input detection, boundary condition testing, and
// attack vector simulation.

use crate::error::Result;
use std::collections::HashMap;
use std::time::{Duration, Instant};

use super::types::*;

/// Input validation analyzer for detecting malicious inputs
#[derive(Debug)]
pub struct InputValidationAnalyzer {
    /// Test case registry
    test_cases: Vec<InputValidationTest>,
    /// Validation results
    results: Vec<ValidationTestResult>,
    /// Statistics on detected vulnerabilities
    vulnerability_stats: VulnerabilityStatistics,
}

impl InputValidationAnalyzer {
    /// Create a new input validation analyzer
    pub fn new() -> Self {
        Self {
            test_cases: Vec::new(),
            results: Vec::new(),
            vulnerability_stats: VulnerabilityStatistics::default(),
        }
    }

    /// Create analyzer with built-in test cases
    pub fn with_builtin_tests() -> Self {
        let mut analyzer = Self::new();
        analyzer.register_builtin_tests();
        analyzer
    }

    /// Register standard built-in validation tests
    pub fn register_builtin_tests(&mut self) {
        // Clear existing tests
        self.test_cases.clear();

        // NaN injection test
        self.test_cases.push(InputValidationTest {
            name: "NaN Injection Test".to_string(),
            description: "Tests resistance to NaN value injection".to_string(),
            category: ValidationCategory::MalformedInput,
            attack_vector: AttackVector::NaNInjection,
            expected_behavior: ExpectedBehavior::RejectWithError("Non-finite values".to_string()),
            payload_generator: PayloadType::NaNPayload,
        });

        // Infinity injection test
        self.test_cases.push(InputValidationTest {
            name: "Infinity Injection Test".to_string(),
            description: "Tests resistance to infinity value injection".to_string(),
            category: ValidationCategory::MalformedInput,
            attack_vector: AttackVector::ExtremeValues,
            expected_behavior: ExpectedBehavior::RejectWithError("Non-finite values".to_string()),
            payload_generator: PayloadType::InfinityPayload,
        });

        // Dimension mismatch test
        self.test_cases.push(InputValidationTest {
            name: "Dimension Mismatch Test".to_string(),
            description: "Tests handling of mismatched array dimensions".to_string(),
            category: ValidationCategory::BoundaryConditions,
            attack_vector: AttackVector::DimensionMismatch,
            expected_behavior: ExpectedBehavior::RejectWithError("Dimension mismatch".to_string()),
            payload_generator: PayloadType::DimensionMismatchPayload,
        });

        // Empty array test
        self.test_cases.push(InputValidationTest {
            name: "Empty Array Test".to_string(),
            description: "Tests handling of empty input arrays".to_string(),
            category: ValidationCategory::BoundaryConditions,
            attack_vector: AttackVector::EmptyArrays,
            expected_behavior: ExpectedBehavior::RejectWithError("Empty arrays".to_string()),
            payload_generator: PayloadType::ZeroSizedPayload,
        });

        // Negative learning rate test
        self.test_cases.push(InputValidationTest {
            name: "Negative Learning Rate Test".to_string(),
            description: "Tests handling of negative learning rates".to_string(),
            category: ValidationCategory::MalformedInput,
            attack_vector: AttackVector::ExtremeValues,
            expected_behavior: ExpectedBehavior::RejectWithError(
                "Negative learning rate".to_string(),
            ),
            payload_generator: PayloadType::NegativeLearningRate,
        });

        // Extreme value test
        self.test_cases.push(InputValidationTest {
            name: "Extreme Value Test".to_string(),
            description: "Tests handling of extremely large values".to_string(),
            category: ValidationCategory::BoundaryConditions,
            attack_vector: AttackVector::ExtremeValues,
            expected_behavior: ExpectedBehavior::HandleGracefully,
            payload_generator: PayloadType::ExtremeValuePayload(1e100),
        });

        // Negative dimensions test
        self.test_cases.push(InputValidationTest {
            name: "Negative Dimensions Test".to_string(),
            description: "Tests handling of negative array dimensions".to_string(),
            category: ValidationCategory::BoundaryConditions,
            attack_vector: AttackVector::NegativeDimensions,
            expected_behavior: ExpectedBehavior::RejectWithError("Negative dimensions".to_string()),
            payload_generator: PayloadType::DimensionMismatchPayload,
        });

        // Malformed gradients test
        self.test_cases.push(InputValidationTest {
            name: "Malformed Gradients Test".to_string(),
            description: "Tests handling of malformed gradient arrays".to_string(),
            category: ValidationCategory::TypeConfusion,
            attack_vector: AttackVector::MalformedGradients,
            expected_behavior: ExpectedBehavior::SanitizeInput,
            payload_generator: PayloadType::NaNPayload,
        });
    }

    /// Add a custom validation test
    pub fn add_test(&mut self, test: InputValidationTest) {
        self.test_cases.push(test);
    }

    /// Remove all test cases
    pub fn clear_tests(&mut self) {
        self.test_cases.clear();
    }

    /// Get the number of registered tests
    pub fn test_count(&self) -> usize {
        self.test_cases.len()
    }

    /// Run all validation tests
    pub fn run_all_tests(&mut self) -> Result<Vec<ValidationTestResult>> {
        self.results.clear();

        for test in &self.test_cases.clone() {
            let result = self.execute_validation_test(test)?;
            self.results.push(result);
        }

        self.update_vulnerability_statistics();
        Ok(self.results.clone())
    }

    /// Run specific validation test
    pub fn run_test(&mut self, test_name: &str) -> Result<Option<ValidationTestResult>> {
        if let Some(test) = self.test_cases.iter().find(|t| t.name == test_name) {
            let result = self.execute_validation_test(test)?;
            self.results.push(result.clone());
            self.update_vulnerability_statistics();
            Ok(Some(result))
        } else {
            Ok(None)
        }
    }

    /// Execute a single validation test
    fn execute_validation_test(&self, test: &InputValidationTest) -> Result<ValidationTestResult> {
        let start_time = Instant::now();

        // Simulate test execution based on attack vector and payload
        let (status, vulnerability, error_message) = match &test.attack_vector {
            AttackVector::NaNInjection => self.simulate_nan_injection_test(),
            AttackVector::ExtremeValues => self.simulate_extreme_values_test(),
            AttackVector::DimensionMismatch => self.simulate_dimension_mismatch_test(),
            AttackVector::EmptyArrays => self.simulate_empty_arrays_test(),
            AttackVector::NegativeDimensions => self.simulate_negative_dimensions_test(),
            AttackVector::MalformedGradients => self.simulate_malformed_gradients_test(),
            AttackVector::PrivacyParameterAttack => self.simulate_privacy_parameter_attack_test(),
            AttackVector::MemoryExhaustionAttack => self.simulate_memory_exhaustion_test(),
        };

        let execution_time = start_time.elapsed();

        // Determine severity based on vulnerability
        let severity = if let Some(ref vuln) = vulnerability {
            SeverityLevel::from_cvss_score(vuln.cvss_score)
        } else {
            SeverityLevel::Low
        };

        let recommendation = if vulnerability.is_some() {
            self.generate_validation_recommendation(test)
        } else {
            None
        };

        Ok(ValidationTestResult {
            test_name: test.name.clone(),
            status,
            vulnerability_detected: vulnerability,
            error_message,
            execution_time,
            severity,
            recommendation,
        })
    }

    /// Simulate NaN injection test
    fn simulate_nan_injection_test(&self) -> (TestStatus, Option<Vulnerability>, Option<String>) {
        // In a real implementation, this would inject NaN values and test the target
        // For simulation, assume vulnerability is detected 30% of the time
        if self.should_detect_vulnerability(0.3) {
            let vulnerability = Vulnerability {
                vulnerability_type: VulnerabilityType::InputValidationBypass,
                cvss_score: 6.5,
                description: "Application accepts NaN values without validation".to_string(),
                proof_of_concept: "Injected f64::NAN into input parameters".to_string(),
                impact: ImpactAssessment {
                    confidentiality: ImpactLevel::Low,
                    integrity: ImpactLevel::Medium,
                    availability: ImpactLevel::Medium,
                    privacy: ImpactLevel::Low,
                },
                exploitability: ExploitabilityAssessment {
                    attack_complexity: ComplexityLevel::Low,
                    privileges_required: PrivilegeLevel::None,
                    user_interaction: false,
                    attack_vector: AccessibilityLevel::Network,
                },
            };
            (
                TestStatus::Failed,
                Some(vulnerability),
                Some("NaN values accepted without validation".to_string()),
            )
        } else {
            (TestStatus::Passed, None, None)
        }
    }

    /// Simulate extreme values test
    fn simulate_extreme_values_test(&self) -> (TestStatus, Option<Vulnerability>, Option<String>) {
        if self.should_detect_vulnerability(0.25) {
            let vulnerability = Vulnerability {
                vulnerability_type: VulnerabilityType::NumericalInstability,
                cvss_score: 5.5,
                description: "Application vulnerable to extreme value overflow".to_string(),
                proof_of_concept: "Injected values > 1e100 causing numerical overflow".to_string(),
                impact: ImpactAssessment {
                    confidentiality: ImpactLevel::None,
                    integrity: ImpactLevel::Medium,
                    availability: ImpactLevel::High,
                    privacy: ImpactLevel::Low,
                },
                exploitability: ExploitabilityAssessment {
                    attack_complexity: ComplexityLevel::Low,
                    privileges_required: PrivilegeLevel::None,
                    user_interaction: false,
                    attack_vector: AccessibilityLevel::Network,
                },
            };
            (
                TestStatus::Failed,
                Some(vulnerability),
                Some("Extreme values cause numerical overflow".to_string()),
            )
        } else {
            (TestStatus::Passed, None, None)
        }
    }

    /// Simulate dimension mismatch test
    fn simulate_dimension_mismatch_test(
        &self,
    ) -> (TestStatus, Option<Vulnerability>, Option<String>) {
        if self.should_detect_vulnerability(0.4) {
            let vulnerability = Vulnerability {
                vulnerability_type: VulnerabilityType::BufferOverflow,
                cvss_score: 7.2,
                description: "Dimension validation bypass leading to buffer overflow".to_string(),
                proof_of_concept: "Provided mismatched array dimensions bypassing validation"
                    .to_string(),
                impact: ImpactAssessment {
                    confidentiality: ImpactLevel::Medium,
                    integrity: ImpactLevel::High,
                    availability: ImpactLevel::High,
                    privacy: ImpactLevel::Medium,
                },
                exploitability: ExploitabilityAssessment {
                    attack_complexity: ComplexityLevel::Medium,
                    privileges_required: PrivilegeLevel::Low,
                    user_interaction: false,
                    attack_vector: AccessibilityLevel::Network,
                },
            };
            (
                TestStatus::Failed,
                Some(vulnerability),
                Some("Dimension mismatch not properly validated".to_string()),
            )
        } else {
            (TestStatus::Passed, None, None)
        }
    }

    /// Simulate empty arrays test
    fn simulate_empty_arrays_test(&self) -> (TestStatus, Option<Vulnerability>, Option<String>) {
        if self.should_detect_vulnerability(0.2) {
            let vulnerability = Vulnerability {
                vulnerability_type: VulnerabilityType::DenialOfService,
                cvss_score: 4.0,
                description: "Empty arrays cause application crash".to_string(),
                proof_of_concept: "Provided zero-length arrays causing division by zero"
                    .to_string(),
                impact: ImpactAssessment {
                    confidentiality: ImpactLevel::None,
                    integrity: ImpactLevel::Low,
                    availability: ImpactLevel::High,
                    privacy: ImpactLevel::None,
                },
                exploitability: ExploitabilityAssessment {
                    attack_complexity: ComplexityLevel::Low,
                    privileges_required: PrivilegeLevel::None,
                    user_interaction: false,
                    attack_vector: AccessibilityLevel::Network,
                },
            };
            (
                TestStatus::Failed,
                Some(vulnerability),
                Some("Empty arrays not handled gracefully".to_string()),
            )
        } else {
            (TestStatus::Passed, None, None)
        }
    }

    /// Simulate negative dimensions test
    fn simulate_negative_dimensions_test(
        &self,
    ) -> (TestStatus, Option<Vulnerability>, Option<String>) {
        if self.should_detect_vulnerability(0.35) {
            let vulnerability = Vulnerability {
                vulnerability_type: VulnerabilityType::InputValidationBypass,
                cvss_score: 5.8,
                description: "Negative dimensions bypass validation checks".to_string(),
                proof_of_concept: "Provided negative array dimensions causing unexpected behavior"
                    .to_string(),
                impact: ImpactAssessment {
                    confidentiality: ImpactLevel::Low,
                    integrity: ImpactLevel::Medium,
                    availability: ImpactLevel::Medium,
                    privacy: ImpactLevel::Low,
                },
                exploitability: ExploitabilityAssessment {
                    attack_complexity: ComplexityLevel::Low,
                    privileges_required: PrivilegeLevel::None,
                    user_interaction: false,
                    attack_vector: AccessibilityLevel::Network,
                },
            };
            (
                TestStatus::Failed,
                Some(vulnerability),
                Some("Negative dimensions not validated".to_string()),
            )
        } else {
            (TestStatus::Passed, None, None)
        }
    }

    /// Simulate malformed gradients test
    fn simulate_malformed_gradients_test(
        &self,
    ) -> (TestStatus, Option<Vulnerability>, Option<String>) {
        if self.should_detect_vulnerability(0.3) {
            let vulnerability = Vulnerability {
                vulnerability_type: VulnerabilityType::MemoryCorruption,
                cvss_score: 8.1,
                description: "Malformed gradients cause memory corruption".to_string(),
                proof_of_concept: "Injected malformed gradient arrays with invalid pointers"
                    .to_string(),
                impact: ImpactAssessment {
                    confidentiality: ImpactLevel::High,
                    integrity: ImpactLevel::High,
                    availability: ImpactLevel::High,
                    privacy: ImpactLevel::Medium,
                },
                exploitability: ExploitabilityAssessment {
                    attack_complexity: ComplexityLevel::High,
                    privileges_required: PrivilegeLevel::Low,
                    user_interaction: false,
                    attack_vector: AccessibilityLevel::Network,
                },
            };
            (
                TestStatus::Failed,
                Some(vulnerability),
                Some("Malformed gradients cause memory corruption".to_string()),
            )
        } else {
            (TestStatus::Passed, None, None)
        }
    }

    /// Simulate privacy parameter attack test
    fn simulate_privacy_parameter_attack_test(
        &self,
    ) -> (TestStatus, Option<Vulnerability>, Option<String>) {
        if self.should_detect_vulnerability(0.4) {
            let vulnerability = Vulnerability {
                vulnerability_type: VulnerabilityType::PrivacyViolation,
                cvss_score: 7.5,
                description: "Privacy parameters can be manipulated to reduce protection"
                    .to_string(),
                proof_of_concept: "Modified epsilon/delta parameters bypassing privacy guarantees"
                    .to_string(),
                impact: ImpactAssessment {
                    confidentiality: ImpactLevel::High,
                    integrity: ImpactLevel::Medium,
                    availability: ImpactLevel::Low,
                    privacy: ImpactLevel::High,
                },
                exploitability: ExploitabilityAssessment {
                    attack_complexity: ComplexityLevel::Medium,
                    privileges_required: PrivilegeLevel::Low,
                    user_interaction: false,
                    attack_vector: AccessibilityLevel::Network,
                },
            };
            (
                TestStatus::Failed,
                Some(vulnerability),
                Some("Privacy parameters not properly validated".to_string()),
            )
        } else {
            (TestStatus::Passed, None, None)
        }
    }

    /// Simulate memory exhaustion test
    fn simulate_memory_exhaustion_test(
        &self,
    ) -> (TestStatus, Option<Vulnerability>, Option<String>) {
        if self.should_detect_vulnerability(0.2) {
            let vulnerability = Vulnerability {
                vulnerability_type: VulnerabilityType::DenialOfService,
                cvss_score: 6.0,
                description: "Memory exhaustion attack successful".to_string(),
                proof_of_concept: "Allocated excessive memory causing system slowdown".to_string(),
                impact: ImpactAssessment {
                    confidentiality: ImpactLevel::None,
                    integrity: ImpactLevel::Low,
                    availability: ImpactLevel::High,
                    privacy: ImpactLevel::None,
                },
                exploitability: ExploitabilityAssessment {
                    attack_complexity: ComplexityLevel::Low,
                    privileges_required: PrivilegeLevel::None,
                    user_interaction: false,
                    attack_vector: AccessibilityLevel::Network,
                },
            };
            (
                TestStatus::Failed,
                Some(vulnerability),
                Some("Memory exhaustion protection insufficient".to_string()),
            )
        } else {
            (TestStatus::Passed, None, None)
        }
    }

    /// Simple randomized vulnerability detection for simulation
    fn should_detect_vulnerability(&self, probability: f64) -> bool {
        // Simple deterministic "randomness" based on test count for simulation
        let seed = (self.test_cases.len() + self.results.len()) as f64;
        (seed * 0.1234567).fract() < probability
    }

    /// Update vulnerability statistics based on current results
    fn update_vulnerability_statistics(&mut self) {
        let total_tests = self.results.len();
        let tests_passed = self
            .results
            .iter()
            .filter(|r| r.status == TestStatus::Passed)
            .count();
        let tests_failed = self
            .results
            .iter()
            .filter(|r| r.status == TestStatus::Failed)
            .count();

        let mut vulnerabilities_by_severity = HashMap::new();
        let mut vulnerabilities_by_type = HashMap::new();
        let mut total_cvss = 0.0;
        let mut vuln_count = 0;
        let mut total_detection_time = Duration::from_secs(0);

        for result in &self.results {
            if let Some(vuln) = &result.vulnerability_detected {
                *vulnerabilities_by_severity
                    .entry(result.severity.clone())
                    .or_insert(0) += 1;
                *vulnerabilities_by_type
                    .entry(format!("{:?}", vuln.vulnerability_type))
                    .or_insert(0) += 1;
                total_cvss += vuln.cvss_score;
                vuln_count += 1;
                total_detection_time += result.execution_time;
            }
        }

        let average_cvss_score = if vuln_count > 0 {
            total_cvss / vuln_count as f64
        } else {
            0.0
        };

        let average_detection_time = if vuln_count > 0 {
            total_detection_time / vuln_count as u32
        } else {
            Duration::from_secs(0)
        };

        self.vulnerability_stats = VulnerabilityStatistics {
            total_tests,
            tests_passed,
            tests_failed,
            vulnerabilities_by_severity,
            vulnerabilities_by_type,
            average_cvss_score,
            average_detection_time,
        };
    }

    /// Generate recommendation for validation test
    fn generate_validation_recommendation(&self, test: &InputValidationTest) -> Option<String> {
        match test.attack_vector {
            AttackVector::NaNInjection => {
                Some("Implement NaN/Infinity checks in input validation".to_string())
            }
            AttackVector::ExtremeValues => Some("Add bounds checking for input values".to_string()),
            AttackVector::DimensionMismatch => {
                Some("Validate array dimensions before processing".to_string())
            }
            AttackVector::EmptyArrays => {
                Some("Check for empty arrays and handle appropriately".to_string())
            }
            AttackVector::NegativeDimensions => {
                Some("Validate dimensions are non-negative before use".to_string())
            }
            AttackVector::MalformedGradients => {
                Some("Implement gradient validation and sanitization".to_string())
            }
            AttackVector::PrivacyParameterAttack => {
                Some("Validate privacy parameters before use".to_string())
            }
            AttackVector::MemoryExhaustionAttack => {
                Some("Implement memory usage limits and monitoring".to_string())
            }
        }
    }

    /// Get vulnerability statistics
    pub fn get_statistics(&self) -> &VulnerabilityStatistics {
        &self.vulnerability_stats
    }

    /// Get all test results
    pub fn get_results(&self) -> &[ValidationTestResult] {
        &self.results
    }

    /// Get test results by status
    pub fn get_results_by_status(&self, status: TestStatus) -> Vec<&ValidationTestResult> {
        self.results.iter().filter(|r| r.status == status).collect()
    }

    /// Get test results by severity
    pub fn get_results_by_severity(&self, severity: SeverityLevel) -> Vec<&ValidationTestResult> {
        self.results
            .iter()
            .filter(|r| r.severity == severity)
            .collect()
    }

    /// Clear all results
    pub fn clear_results(&mut self) {
        self.results.clear();
        self.vulnerability_stats = VulnerabilityStatistics::default();
    }

    /// Get test case by name
    pub fn get_test(&self, name: &str) -> Option<&InputValidationTest> {
        self.test_cases.iter().find(|t| t.name == name)
    }

    /// Get all test cases
    pub fn get_tests(&self) -> &[InputValidationTest] {
        &self.test_cases
    }
}

impl Default for InputValidationAnalyzer {
    fn default() -> Self {
        Self::new()
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_new_analyzer() {
        let analyzer = InputValidationAnalyzer::new();
        assert_eq!(analyzer.test_count(), 0);
        assert_eq!(analyzer.get_results().len(), 0);
    }

    #[test]
    fn test_builtin_tests() {
        let analyzer = InputValidationAnalyzer::with_builtin_tests();
        assert!(analyzer.test_count() > 0);

        // Check for specific tests
        assert!(analyzer.get_test("NaN Injection Test").is_some());
        assert!(analyzer.get_test("Dimension Mismatch Test").is_some());
        assert!(analyzer.get_test("Empty Array Test").is_some());
    }

    #[test]
    fn test_add_custom_test() {
        let mut analyzer = InputValidationAnalyzer::new();
        let custom_test = InputValidationTest {
            name: "Custom Test".to_string(),
            description: "A custom test".to_string(),
            category: ValidationCategory::MalformedInput,
            attack_vector: AttackVector::NaNInjection,
            expected_behavior: ExpectedBehavior::HandleGracefully,
            payload_generator: PayloadType::NaNPayload,
        };

        analyzer.add_test(custom_test);
        assert_eq!(analyzer.test_count(), 1);
        assert!(analyzer.get_test("Custom Test").is_some());
    }

    #[test]
    fn test_run_all_tests() {
        let mut analyzer = InputValidationAnalyzer::with_builtin_tests();
        let initial_count = analyzer.test_count();

        let results = analyzer.run_all_tests().expect("unwrap failed");
        assert_eq!(results.len(), initial_count);
        assert_eq!(analyzer.get_results().len(), initial_count);
    }

    #[test]
    fn test_clear_operations() {
        let mut analyzer = InputValidationAnalyzer::with_builtin_tests();
        let _ = analyzer.run_all_tests().expect("unwrap failed");

        assert!(analyzer.test_count() > 0);
        assert!(!analyzer.get_results().is_empty());

        analyzer.clear_tests();
        assert_eq!(analyzer.test_count(), 0);

        analyzer.clear_results();
        assert_eq!(analyzer.get_results().len(), 0);
    }

    #[test]
    fn test_statistics_update() {
        let mut analyzer = InputValidationAnalyzer::with_builtin_tests();
        let _ = analyzer.run_all_tests().expect("unwrap failed");

        let stats = analyzer.get_statistics();
        assert!(stats.total_tests > 0);
        assert_eq!(stats.total_tests, stats.tests_passed + stats.tests_failed);
    }
}