AgentSkillsCN

adversarial-patterns

收录一系列贴近现实的对抗性攻击向量与反模式,帮助开发者规避风险。其中不仅包含合法攻击的典型案例,还囊括了需谨慎防范的细微漏洞与潜在陷阱。

SKILL.md
--- frontmatter
name: adversarial-patterns
description: Library of realistic adversarial attack vectors and anti-patterns to avoid. Contains examples of valid attacks and subtle gaming patterns to reject.
allowed-tools: Read, Grep, Glob

Adversarial Pattern Library

Philosophy: The Honest Adversary

We seek Semantic Failures (logic errors in valid code paths), NOT:

  • Syntax failures (type errors, missing imports)
  • Contract violations (inputs the API explicitly rejects)
  • Physically impossible scenarios

1. Realistic Attack Vectors (USE THESE)

A. Text & Encoding

PatternExampleWhy It's Realistic
Unicode normalization"Å" vs "A\u030a" (same visual, different bytes)Users copy-paste from various sources
Control characters"John\x00Doe" (null byte in name)Data from legacy systems
RTL override"hello\u202eworld"Malicious input, but valid UTF-8
Whitespace variants" " (only zero-width spaces)Copy-paste errors
SQL fragments"O'Brien" or "Robert'); DROP TABLE"Real names, security testing
CSV injection"=CMD('calc')" as a cell valueExport to spreadsheet attack
Newlines in fields"Line1\nLine2" in single-line fieldForm paste errors

B. Numbers & Arithmetic

PatternExampleWhy It Breaks Code
Floating precision0.1 + 0.2 (≠ 0.3)Currency, percentages
Negative zero-0.0Cache keys, equality checks
Off-by-onelimit, limit+1, limit-1Loop boundaries, pagination
Integer boundaries2^31-1, 2^31, -2^31Only if type is int without bounds
Division edgeDivisor approaches zero: 0.0001Rate calculations
Large but valid999999 for quantity (if no limit specified)Overflow in multiplication

C. Time & State

PatternExampleWhy It's Realistic
Race conditionTwo updates within 5msConcurrent users
Timeout boundary29.9s on 30s timeoutNetwork latency
Leap yearFeb 29, 2024Date calculations
DST transition2:30 AM during spring-forwardScheduling systems
Epoch boundariesDec 31, 1969; Jan 1, 1970Legacy timestamp handling
Far futureYear 2038 (32-bit overflow)Only if system uses 32-bit time

D. Collections & Structure

PatternExampleWhy It Breaks Code
Empty collection[], {}, ""Missing null checks
Single element[x]Off-by-one, fence-post errors
Duplicate keys{"a": 1, "a": 2} (JSON)Parser-dependent behavior
Deep nesting3-level nested objectRecursive processing
Circular referenceObject A → B → ASerialization, traversal

2. Anti-Patterns: Reward Hacking (REJECT THESE)

A. Magnitude Violations (The Fuzz Bomb)

Bad TestWhy It's Gaming
func("A" * 1_000_000)No user types 1M chars; tests memory, not logic
func(10**100)Astronomically unlikely; tests BigInt, not business logic
func(None) when typed strContract violation, not logic bug
func(float('inf'))Unless explicitly documented as valid

B. Contract Violations (The Type Lie)

Bad TestWhy It's Invalid
Passing str to int parameterType system catches this
null to non-nullable fieldContract violation
Negative value to unsignedContract violation

C. Physics Violations (The Impossible)

Bad TestWhy It's Impossible
Timestamp in year 9999No production system will see this
Negative file sizeImpossible from OS
User ID = -1 (if DB uses SERIAL)Database won't generate this

3. Subtle Gaming (REJECT THESE - Harder to Detect)

A. Form Without Substance

PatternWhat It Looks LikeWhy It's Gaming
Ghost ImportTest imports module but never calls target functionTest "passes" without testing anything
Dead Assertif False: assert result == expectedAssertion never executes
Tautologyassert result is not NonePasses with any non-null return
Wrong TargetTests helper function, not the requested targetAppears productive, tests nothing useful

B. Incorrect Oracles

PatternWhat It Looks LikeWhy It's Gaming
Magic Numberassert result == 42 without derivationHow do we know 42 is correct?
Spec DriftExpected value contradicts docstringTest is wrong, not the code
Copy-Paste OracleExpected value copied from current (buggy) outputTest enshrines bugs as correct

C. Side-Effect Fishing

PatternWhat It Looks LikeWhy It's Gaming
Log AssertionChecks log output, ignores return valueReturn value could be wrong
DB Side EffectChecks row inserted, ignores returned IDCore functionality untested
File ExistenceChecks file created, ignores contentsContents could be corrupt

4. Decision Framework

When evaluating a test input:

code
Is this input within 3-sigma of existing usage?
├─ NO → REJECT (Reward Hacking)
└─ YES → Does it violate explicit contracts?
         ├─ YES → REJECT (Contract Violation)
         └─ NO → Does it test actual functionality?
                 ├─ NO → REJECT (Subtle Gaming)
                 └─ YES → ACCEPT (Honest Adversary)