Hallucination Attacks in Feathersjs with Cockroachdb
Hallucination Attacks in Feathersjs with Cockroachdb — how this specific combination creates or exposes the vulnerability
Hallucination attacks in a Feathersjs service using Cockroachdb occur when an attacker manipulates query inputs or context so that the service returns fabricated or misleading data that appears authoritative. Because Feathersjs is a flexible framework that can plug any database adapter, developers might assume strong consistency from Cockroachdb eliminates inconsistency risks; however, the framework layer can still produce hallucinations through unchecked query parameters, dynamic $select or $fields expansion, or incomplete result validation before serialization.
With Cockroachdb, specific vectors include:
- Unvalidated $where clauses that allow deeply nested JSON path traversal, causing the query to return rows or fields that should be restricted, effectively hallucinating a broader dataset.
- Dynamic projection with $select or custom fields that pull columns from joined or computed expressions, enabling an attacker to request sensitive columns that are omitted in normal responses.
- Row-level security (RLS) misconfiguration combined with Feathersjs hooks that merge user context into query filters, resulting in records being returned that should be filtered out.
- Pagination manipulation (e.g., $skip and $limit) that exposes adjacent data pages due to non-deterministic ordering, creating the impression of a consistent dataset while leaking unrelated records.
These issues are not inherent to Cockroachdb’s SQL compliance, but arise from how Feathersjs builds and executes queries. If the service does not enforce strict allowlists for selectable fields, validate pagination tokens, or bind tenant context before query construction, the database will faithfully execute an unsafe query and return data that the application logic incorrectly treats as verified.
An example scenario: a Feathersjs hook constructs a WHERE clause by directly interpolating user-supplied JSON into a Cockroachdb condition. An attacker provides {"id": {"$gt": 0}} for an id filter, and due to missing schema validation the service appends additional unchecked filters, causing rows outside the tenant partition to be returned. The service then presents these rows as part of the user’s data set, effectively hallucinating access to unauthorized records.
Another pattern involves computed or default columns in Cockroachdb that are exposed through Feathersjs $select. If the service does not explicitly define which columns are safe to return, an attacker can request internal columns (e.g., internal_version, computed_flags) and infer system behavior or sensitive metadata, turning a consistency feature into an information leak.
Cockroachdb-Specific Remediation in Feathersjs — concrete code fixes
Remediation centers on strict input validation, explicit field allowlists, and deterministic query construction within Feathersjs hooks. Do not rely on Cockroachdb’s strong consistency to prevent logical exposure; enforce boundaries at the framework level.
1) Validate and restrict $select/projection using an allowlist in a before hook:
app.service('records').hooks({
before: {
create: [validatePayload],
update: [validatePayload],
patch: [validatePayload],
find: [context => {
const allowedFields = new Set(['id', 'name', 'email', 'status', 'createdAt']);
if (context.params.query && context.params.query.$select) {
const requested = Array.isArray(context.params.query.$select) ? context.params.query.$select : [context.params.query.$select];
const invalid = requested.filter(f => !allowedFields.has(f));
if (invalid.length) {
throw new Error('Invalid $select fields');
}
}
return context;
}]
}
});
2) Enforce tenant isolation by injecting a hard-tenant filter before query execution, avoiding reliance on client-supplied tenant_id:
app.service('records').hooks({
before: {
all: [async context => {
context.params.query = context.params.query || {};
// Assume authenticated user id is resolved earlier and stored in context.user.id
context.params.query.tenant_id = context.user.tenantId;
// Ensure no override by client
delete context.params.query.raw_tenant;
return context;
}]
}
});
3) Normalize ordering to prevent pagination data leakage by appending a deterministic order when missing:
app.service('records').hooks({
before: {
find: context => {
const query = context.params.query || {};
if (!query.$sort) {
query.$sort = { createdAt: 1, id: 1 };
}
// Validate $skip and $limit ranges
const maxLimit = 100;
query.$limit = Math.min(query.$limit != null ? Number(query.$limit) : 10, maxLimit);
query.$skip = Math.max(query.$skip != null ? Number(query.$skip) : 0, 0);
context.params.query = query;
return context;
}
}
});
4) Use parameterized SQL conditions via the Feathersjs adapter to avoid injection through dynamic $where, and never directly interpolate user objects into raw SQL fragments:
// Correct: using adapter methods that parameterize inputs
app.service('records').find({
query: {
tenant_id: context.user.tenantId,
status: 'active',
$limit: 25
}
}).then(results => {
// results are safe
});
5) Disable or strictly control exposure of internal Cockroachdb columns (e.g., row timestamps, computed flags) by explicitly defining the fields returned and avoiding pass-through of database metadata:
const safeTransform = data => {
if (Array.isArray(data)) {
return data.map(({ id, name, email, status, createdAt }) => ({ id, name, email, status, createdAt }));
}
const { id, name, email, status, createdAt } = data;
return { id, name, email, status, createdAt };
};
app.service('records').hooks({
after: {
all: [context => {
context.result.data = safeTransform(context.result.data);
return context;
}]
}
});
Related CWEs: llmSecurity
| CWE ID | Name | Severity |
|---|---|---|
| CWE-754 | Improper Check for Unusual or Exceptional Conditions | MEDIUM |