Hallucination Attacks in Feathersjs with Dynamodb

Hallucination attacks in a Feathersjs service that uses DynamoDB occur when an attacker manipulates inputs or query parameters to produce misleading or fabricated responses from the database layer. Because Feathersjs is a flexible framework that can abstract data sources, developers may inadvertently allow unbounded or overly permissive query construction when interfacing with DynamoDB. If input validation and authorization are weak, an attacker can inject expressions, crafted keys, or malformed filter structures that cause the service to return inconsistent, inferred, or hallucinated data rather than what is actually stored.

Specifically, DynamoDB’s schema-less design and expression-based query syntax can amplify risks when combined with Feathersjs’s dynamic query building. For example, if a Feathersjs hook dynamically builds a KeyConditionExpression or FilterExpression from user-supplied values without strict validation, an attacker may supply values that cause the service to traverse unintended index paths or project attributes that do not meaningfully exist. This can result in data leakage across logical boundaries (BOLA), or cause the service to synthesize plausible but incorrect results when partial or missing attributes are interpreted as valid outputs.

Another vector involves pagination and limit handling. Feathersjs services often expose query parameters such as $limit and $skip. If these are passed directly into DynamoDB’s query without capping or strict type checking, an attacker can induce excessive iterations or malformed scans that produce inconsistent page fragments. When combined with incomplete or missing authentication/authorization checks, these fragments may be stitched by the client into a hallucinated dataset that appears coherent but is not grounded in actual table contents.

LLM/AI Security checks are relevant here because an attacker could attempt prompt injection or data exfiltration through API inputs that influence Feathersjs query construction, especially if the service integrates with AI features that generate or interpret queries. Although middleBrick does not fix these issues, its LLM/AI Security probes can help detect whether API endpoints are susceptible to prompt-based manipulation that could indirectly affect DynamoDB query behavior.

To illustrate, consider a DynamoDB query built from user input without strict schema enforcement:

const params = {
  TableName: 'Items',
  KeyConditionExpression: 'userId = :uid AND status = :status',
  ExpressionAttributeValues: {
    ':uid': event.userId,
    ':status': event.status
  }
};

If event.status is attacker-controlled and not validated, they could attempt values like `null` or composite strings to coerce unexpected scan behaviors. In a Feathersjs hook, if this object is constructed dynamically with insufficient guards, the service might return items that do not match the intended logical intent, enabling hallucination through inconsistent filtering.

Remediation centers on strict input validation, canonical query construction, and explicit authorization checks before any DynamoDB operation. In Feathersjs, implement hooks that sanitize and constrain all incoming query parameters, and avoid dynamic concatenation of expression strings.

First, enforce whitelisting for filter fields and validate types before they reach DynamoDB. Use Joi or another schema validator to ensure that only expected keys and value formats are allowed:

import Joi from 'joi';

const querySchema = Joi.object({
  userId: Joi.string().required(),
  status: Joi.string().valid('active', 'inactive', 'pending').required(),
  limit: Joi.number().integer().min(1).max(100).default(10)
});

const validateQuery = (query) => {
  const { value, error } = querySchema.validate(query);
  if (error) {
    throw new Error('Invalid query parameters');
  }
  return value;
};

Second, construct DynamoDB parameters statically using validated inputs only. Do not concatenate expressions from raw user data. Instead, map validated fields to predefined structures:

const buildParams = (validated) => ({
  TableName: 'Items',
  KeyConditionExpression: 'userId = :uid AND status = :status',
  ExpressionAttributeValues: {
    ':uid': validated.userId,
    ':status': validated.status
  },
  Limit: validated.limit
});

Third, add explicit authorization within Feathersjs hooks to ensure the requesting user can only access their own data. Combine this with the validated query to enforce BOLA protections:

// In a Feathersjs before hook
export const ensureOwnData = context => {
  if (context.params.user.id !== context.data.userId) {
    throw new Error('Unauthorized');
  }
  return context;
};

Finally, avoid exposing internal attribute names directly in API responses. Define a clear projection that returns only intended fields, reducing the risk of misinterpretation or client-side hallucination:

const sanitizeResponse = (items) => {
  return items.map(({ userId, status, createdAt }) => ({
    userId,
    status,
    createdAt
  }));
};

By combining schema validation, static query building, per-request authorization, and controlled response shapes, the Feathersjs service interacting with DynamoDB becomes resilient against hallucination attacks that rely on malformed or malicious input.