mirror of
https://github.com/digital-asset/daml.git
synced 2024-09-20 01:07:18 +03:00
Revised test cases for authorization and added security annotations. (#15759)
CHANGELOG_BEGIN CHANGELOG_END
This commit is contained in:
parent
6bafad6b20
commit
44dc483387
@ -64,6 +64,7 @@ da_scala_test_suite(
|
||||
"@maven//:org_scalatest_scalatest_shouldmatchers",
|
||||
"@maven//:org_scalatest_scalatest_wordspec",
|
||||
"@maven//:org_scalaz_scalaz_core",
|
||||
"@maven//:com_lihaoyi_sourcecode",
|
||||
],
|
||||
scalacopts = lf_scalacopts,
|
||||
deps = [
|
||||
@ -79,6 +80,8 @@ da_scala_test_suite(
|
||||
"//daml-lf/transaction-test-lib",
|
||||
"//libs-scala/contextualized-logging",
|
||||
"//libs-scala/logging-entries",
|
||||
"//libs-scala/test-evidence/scalatest:test-evidence-scalatest",
|
||||
"//libs-scala/test-evidence/tag:test-evidence-tag",
|
||||
"@maven//:com_google_protobuf_protobuf_java",
|
||||
"@maven//:org_scalatest_scalatest_compatible",
|
||||
],
|
||||
|
@ -36,6 +36,14 @@ import com.daml.lf.engine.Error.Interpretation.DamlException
|
||||
import com.daml.lf.language.{LanguageVersion, PackageInterface, StablePackage}
|
||||
import com.daml.lf.transaction.test.TransactionBuilder.assertAsVersionedContract
|
||||
import com.daml.logging.LoggingContext
|
||||
import com.daml.test.evidence.scalatest.ScalaTestSupport.Implicits.tagToContainer
|
||||
import com.daml.test.evidence.tag.Security.SecurityTest.Property.Authorization
|
||||
import com.daml.test.evidence.tag.Security.{
|
||||
Attack,
|
||||
SecurityTest,
|
||||
SecurityTestLayer,
|
||||
SecurityTestSuite,
|
||||
}
|
||||
import org.scalactic.Equality
|
||||
import org.scalatest.prop.TableDrivenPropertyChecks
|
||||
import org.scalatest.{Assertion, EitherValues}
|
||||
@ -58,10 +66,13 @@ class EngineTest
|
||||
extends AnyWordSpec
|
||||
with Matchers
|
||||
with TableDrivenPropertyChecks
|
||||
with EitherValues {
|
||||
with EitherValues
|
||||
with SecurityTestSuite {
|
||||
|
||||
import EngineTest._
|
||||
|
||||
override def securityTestLayer = SecurityTestLayer.LedgerModel
|
||||
|
||||
"minimal create command" should {
|
||||
val id = Identifier(basicTestsPkgId, "BasicTests:Simple")
|
||||
val let = Time.Timestamp.now()
|
||||
@ -1194,6 +1205,13 @@ class EngineTest
|
||||
(Some[Name]("fetcher"), ValueParty(clara)),
|
||||
)
|
||||
|
||||
val fetcher3Cid = toContractId("4")
|
||||
val fetcher3TArgs = ImmArray(
|
||||
(Some[Name]("sig"), ValueParty(clara)),
|
||||
(Some[Name]("obs"), ValueParty(alice)),
|
||||
(Some[Name]("fetcher"), ValueParty(party)),
|
||||
)
|
||||
|
||||
def makeContract(
|
||||
tid: Ref.QualifiedName,
|
||||
targs: ImmArray[(Option[Name], Value)],
|
||||
@ -1211,6 +1229,7 @@ class EngineTest
|
||||
case `fetchedCid` => Some(makeContract(fetchedStrTid, fetchedTArgs))
|
||||
case `fetcher1Cid` => Some(makeContract(fetcherStrTid, fetcher1TArgs))
|
||||
case `fetcher2Cid` => Some(makeContract(fetcherStrTid, fetcher2TArgs))
|
||||
case `fetcher3Cid` => Some(makeContract(fetcherStrTid, fetcher3TArgs))
|
||||
case _ => None
|
||||
}
|
||||
}
|
||||
@ -1265,16 +1284,49 @@ class EngineTest
|
||||
|
||||
}
|
||||
|
||||
"propagate the parent's signatories and actors (but not observers) when stakeholders" in {
|
||||
"propagate the parent's signatories and actors (but not observers) when stakeholders" taggedAs SecurityTest(
|
||||
Authorization,
|
||||
"ledger",
|
||||
Attack(
|
||||
"ledger api user",
|
||||
"try to authorize an action through exercise observers", // i.e. bob
|
||||
"only record signatories and actors as fetch actors",
|
||||
),
|
||||
) in {
|
||||
|
||||
// fetch stakeholders: alice, bob, clara
|
||||
|
||||
// alice: parent signatory
|
||||
// bob: parent observer
|
||||
// clara: parent actor
|
||||
|
||||
val Right((tx, _)) = runExample(fetcher1Cid, clara)
|
||||
txFetchActors(tx.transaction) shouldBe Set(alice, clara)
|
||||
}
|
||||
|
||||
"not propagate the parent's signatories nor actors when not stakeholders" in {
|
||||
"not propagate the parent's signatories nor actors when not stakeholders" taggedAs SecurityTest(
|
||||
Authorization,
|
||||
"ledger",
|
||||
Attack(
|
||||
"ledger api user",
|
||||
"try to fetch a contract without authorization from a stakeholder of the fetched contract",
|
||||
"only record stakeholders of the fetched contract as fetch actors", // i.e., clara
|
||||
),
|
||||
) in {
|
||||
|
||||
val Right((tx, _)) = runExample(fetcher2Cid, clara)
|
||||
txFetchActors(tx.transaction) shouldBe Set(clara)
|
||||
// fetch stakeholders: alice, bob, clara
|
||||
|
||||
// party: parent signatory
|
||||
// alice: parent observer
|
||||
// clara: parent actor
|
||||
val Right((tx1, _)) = runExample(fetcher2Cid, clara)
|
||||
txFetchActors(tx1.transaction) shouldBe Set(clara)
|
||||
|
||||
// clara: parent signatory
|
||||
// alice: parent observer
|
||||
// party: parent actor
|
||||
val Right((tx2, _)) = runExample(fetcher3Cid, party)
|
||||
txFetchActors(tx2.transaction) shouldBe Set(clara)
|
||||
}
|
||||
|
||||
"be retained when reinterpreting single fetch nodes" in {
|
||||
|
@ -415,7 +415,7 @@ template Fetcher
|
||||
fetcher : Party
|
||||
where
|
||||
signatory sig
|
||||
observer fetcher
|
||||
observer obs
|
||||
choice DoFetch : Fetched
|
||||
with cid : ContractId Fetched
|
||||
controller fetcher
|
||||
|
@ -149,7 +149,7 @@
|
||||
- Evaluation order of successful lookup_by_key of a local contract: [EvaluationOrderTest.scala](daml-lf/interpreter/src/test/scala/com/digitalasset/daml/lf/speedy/EvaluationOrderTest.scala#L2925)
|
||||
- Evaluation order of successful lookup_by_key of a non-cached global contract: [EvaluationOrderTest.scala](daml-lf/interpreter/src/test/scala/com/digitalasset/daml/lf/speedy/EvaluationOrderTest.scala#L2773)
|
||||
- Exceptions, throw/catch.: [ExceptionTest.scala](daml-lf/interpreter/src/test/scala/com/digitalasset/daml/lf/speedy/ExceptionTest.scala#L26)
|
||||
- Rollback creates cannot be exercise: [EngineTest.scala](daml-lf/engine/src/test/scala/com/digitalasset/daml/lf/engine/EngineTest.scala#L2080)
|
||||
- Rollback creates cannot be exercise: [EngineTest.scala](daml-lf/engine/src/test/scala/com/digitalasset/daml/lf/engine/EngineTest.scala#L2132)
|
||||
- This checks that type checking in exercise_interface is done after checking activeness.: [EvaluationOrderTest.scala](daml-lf/interpreter/src/test/scala/com/digitalasset/daml/lf/speedy/EvaluationOrderTest.scala#L1860)
|
||||
- This checks that type checking is done after checking activeness.: [EvaluationOrderTest.scala](daml-lf/interpreter/src/test/scala/com/digitalasset/daml/lf/speedy/EvaluationOrderTest.scala#L1750)
|
||||
- This checks that type checking is done after checking activeness.: [EvaluationOrderTest.scala](daml-lf/interpreter/src/test/scala/com/digitalasset/daml/lf/speedy/EvaluationOrderTest.scala#L2717)
|
||||
|
Loading…
Reference in New Issue
Block a user