digital-asset/daml
1
1
Fork 0
mirror of https://github.com/digital-asset/daml.git synced 2024-09-20 01:07:18 +03:00
Code Issues Projects Releases Wiki Activity

Add security evidence to the simple trigger tests (#13231)

Browse Source 
changelog_begin
changelog_end
This commit is contained in:
Victor Peter Rouven Müller 2022-03-22 18:01:35 +01:00 committed by GitHub
parent f4580aeeff
commit dcd726e113
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 37 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
security-evidence.md
View File

@ -18,8 +18,15 @@
- create with non-signatory maintainers is rejected: [AuthorizationSpec.scala](daml-lf/engine/src/test/scala/com/digitalasset/daml/lf/engine/AuthorizationSpec.scala#L73) - create with non-signatory maintainers is rejected: [AuthorizationSpec.scala](daml-lf/engine/src/test/scala/com/digitalasset/daml/lf/engine/AuthorizationSpec.scala#L73)
- exercise with no controllers is rejected: [AuthorizationSpec.scala](daml-lf/engine/src/test/scala/com/digitalasset/daml/lf/engine/AuthorizationSpec.scala#L149) - exercise with no controllers is rejected: [AuthorizationSpec.scala](daml-lf/engine/src/test/scala/com/digitalasset/daml/lf/engine/AuthorizationSpec.scala#L149)
- fetch fails when readAs not authed, even if prior fetch succeeded: [AbstractHttpServiceIntegrationTest.scala](ledger-service/http-json/src/itlib/scala/http/AbstractHttpServiceIntegrationTest.scala#L1799) - fetch fails when readAs not authed, even if prior fetch succeeded: [AbstractHttpServiceIntegrationTest.scala](ledger-service/http-json/src/itlib/scala/http/AbstractHttpServiceIntegrationTest.scala#L1799)
- forbid a non-authorized party to check the status of a trigger: [TriggerServiceTest.scala](triggers/service/src/test/scala/com/digitalasset/daml/lf/engine/trigger/TriggerServiceTest.scala#L661)
- forbid a non-authorized party to list triggers: [TriggerServiceTest.scala](triggers/service/src/test/scala/com/digitalasset/daml/lf/engine/trigger/TriggerServiceTest.scala#L651)
- forbid a non-authorized party to start a trigger: [TriggerServiceTest.scala](triggers/service/src/test/scala/com/digitalasset/daml/lf/engine/trigger/TriggerServiceTest.scala#L640)
- forbid a non-authorized party to stop a trigger: [TriggerServiceTest.scala](triggers/service/src/test/scala/com/digitalasset/daml/lf/engine/trigger/TriggerServiceTest.scala#L677)
- forbid a non-authorized user to upload a DAR: [TriggerServiceTest.scala](triggers/service/src/test/scala/com/digitalasset/daml/lf/engine/trigger/TriggerServiceTest.scala#L693)
- multiple websocket requests over the same WebSocket connection are NOT allowed: [AbstractWebsocketServiceIntegrationTest.scala](ledger-service/http-json/src/itlib/scala/http/AbstractWebsocketServiceIntegrationTest.scala#L111) - multiple websocket requests over the same WebSocket connection are NOT allowed: [AbstractWebsocketServiceIntegrationTest.scala](ledger-service/http-json/src/itlib/scala/http/AbstractWebsocketServiceIntegrationTest.scala#L111)
- refresh a token after expiry on the server side: [TriggerServiceTest.scala](triggers/service/src/test/scala/com/digitalasset/daml/lf/engine/trigger/TriggerServiceTest.scala#L718)
- reject requests with missing auth header: [AbstractHttpServiceIntegrationTest.scala](ledger-service/http-json/src/itlib/scala/http/AbstractHttpServiceIntegrationTest.scala#L1234) - reject requests with missing auth header: [AbstractHttpServiceIntegrationTest.scala](ledger-service/http-json/src/itlib/scala/http/AbstractHttpServiceIntegrationTest.scala#L1234)
- request a fresh token after expiry on user request: [TriggerServiceTest.scala](triggers/service/src/test/scala/com/digitalasset/daml/lf/engine/trigger/TriggerServiceTest.scala#L703)
- websocket request with invalid protocol token should be denied: [AbstractWebsocketServiceIntegrationTest.scala](ledger-service/http-json/src/itlib/scala/http/AbstractWebsocketServiceIntegrationTest.scala#L91) - websocket request with invalid protocol token should be denied: [AbstractWebsocketServiceIntegrationTest.scala](ledger-service/http-json/src/itlib/scala/http/AbstractWebsocketServiceIntegrationTest.scala#L91)
- websocket request with valid protocol token should allow client subscribe to stream: [AbstractWebsocketServiceIntegrationTest.scala](ledger-service/http-json/src/itlib/scala/http/AbstractWebsocketServiceIntegrationTest.scala#L79) - websocket request with valid protocol token should allow client subscribe to stream: [AbstractWebsocketServiceIntegrationTest.scala](ledger-service/http-json/src/itlib/scala/http/AbstractWebsocketServiceIntegrationTest.scala#L79)
- websocket request without protocol token should be denied: [AbstractWebsocketServiceIntegrationTest.scala](ledger-service/http-json/src/itlib/scala/http/AbstractWebsocketServiceIntegrationTest.scala#L101) - websocket request without protocol token should be denied: [AbstractWebsocketServiceIntegrationTest.scala](ledger-service/http-json/src/itlib/scala/http/AbstractWebsocketServiceIntegrationTest.scala#L101)
@ -130,6 +137,12 @@
- contract keys should be evaluated after ensure clause: [ContractKeySpec.scala](daml-lf/engine/src/test/scala/com/digitalasset/daml/lf/engine/ContractKeySpec.scala#L188) - contract keys should be evaluated after ensure clause: [ContractKeySpec.scala](daml-lf/engine/src/test/scala/com/digitalasset/daml/lf/engine/ContractKeySpec.scala#L188)
- contract keys should be evaluated only when executing create: [ContractKeySpec.scala](daml-lf/engine/src/test/scala/com/digitalasset/daml/lf/engine/ContractKeySpec.scala#L149) - contract keys should be evaluated only when executing create: [ContractKeySpec.scala](daml-lf/engine/src/test/scala/com/digitalasset/daml/lf/engine/ContractKeySpec.scala#L149)
- fromStartupMode should not succeed for any input when the db connection is broken: [FailureTests.scala](ledger-service/http-json/src/failurelib/scala/http/FailureTests.scala#L421) - fromStartupMode should not succeed for any input when the db connection is broken: [FailureTests.scala](ledger-service/http-json/src/failurelib/scala/http/FailureTests.scala#L421)
- redirect to the configured callback URI after login: [TriggerServiceTest.scala](triggers/service/src/test/scala/com/digitalasset/daml/lf/engine/trigger/TriggerServiceTest.scala#L622)
- restart trigger on initialization failure due to failed connection: [TriggerServiceTest.scala](triggers/service/src/test/scala/com/digitalasset/daml/lf/engine/trigger/TriggerServiceTest.scala#L424)
- restart trigger on run-time failure due to dropped connection: [TriggerServiceTest.scala](triggers/service/src/test/scala/com/digitalasset/daml/lf/engine/trigger/TriggerServiceTest.scala#L444)
- restart triggers after shutdown: [TriggerServiceTest.scala](triggers/service/src/test/scala/com/digitalasset/daml/lf/engine/trigger/TriggerServiceTest.scala#L578)
- restart triggers with initialization errors: [TriggerServiceTest.scala](triggers/service/src/test/scala/com/digitalasset/daml/lf/engine/trigger/TriggerServiceTest.scala#L466)
- restart triggers with update errors: [TriggerServiceTest.scala](triggers/service/src/test/scala/com/digitalasset/daml/lf/engine/trigger/TriggerServiceTest.scala#L482)
## Performance: ## Performance:
- Tail call optimization: Tail recursion does not blow the scala JVM stack.: [TailCallTest.scala](daml-lf/interpreter/src/test/scala/com/digitalasset/daml/lf/speedy/TailCallTest.scala#L16) - Tail call optimization: Tail recursion does not blow the scala JVM stack.: [TailCallTest.scala](daml-lf/interpreter/src/test/scala/com/digitalasset/daml/lf/speedy/TailCallTest.scala#L16)
@ -138,8 +151,13 @@
## Input Validation: ## Input Validation:
- TLS configuration is parsed correctly from the config file: [CliSpec.scala](ledger-service/http-json/src/test/scala/com/digitalasset/http/CliSpec.scala#L273) - TLS configuration is parsed correctly from the config file: [CliSpec.scala](ledger-service/http-json/src/test/scala/com/digitalasset/http/CliSpec.scala#L273)
- auth and auth-* should not be set together for the trigger service: [CliConfigTest.scala](triggers/service/src/test-suite/scala/com/daml/lf/engine/trigger/CliConfigTest.scala#L40)
- ensure builtin operators have the correct type: [TypingSpec.scala](daml-lf/validation/src/test/scala/com/digitalasset/daml/lf/validation/TypingSpec.scala#L47) - ensure builtin operators have the correct type: [TypingSpec.scala](daml-lf/validation/src/test/scala/com/digitalasset/daml/lf/validation/TypingSpec.scala#L47)
- ensure expression forms have the correct type: [TypingSpec.scala](daml-lf/validation/src/test/scala/com/digitalasset/daml/lf/validation/TypingSpec.scala#L107) - ensure expression forms have the correct type: [TypingSpec.scala](daml-lf/validation/src/test/scala/com/digitalasset/daml/lf/validation/TypingSpec.scala#L107)
- error on specifying both authCommonUri and authInternalUri/authExternalUri for the trigger service: [AuthorizationConfigTest.scala](triggers/service/src/test-suite/scala/com/daml/lf/engine/trigger/AuthorizationConfigTest.scala#L24)
- error on specifying only authInternalUri and no authExternalUri for the trigger service: [AuthorizationConfigTest.scala](triggers/service/src/test-suite/scala/com/daml/lf/engine/trigger/AuthorizationConfigTest.scala#L52)
- give a 'not found' response for a stop request on an unknown UUID in the trigger service: [TriggerServiceTest.scala](triggers/service/src/test/scala/com/digitalasset/daml/lf/engine/trigger/TriggerServiceTest.scala#L516)
- give a 'not found' response for a stop request with an unparseable UUID in the trigger service: [TriggerServiceTest.scala](triggers/service/src/test/scala/com/digitalasset/daml/lf/engine/trigger/TriggerServiceTest.scala#L501)
- ill-formed create command is rejected: [CommandPreprocessorSpec.scala](daml-lf/engine/src/test/scala/com/digitalasset/daml/lf/engine/CommandPreprocessorSpec.scala#L116) - ill-formed create command is rejected: [CommandPreprocessorSpec.scala](daml-lf/engine/src/test/scala/com/digitalasset/daml/lf/engine/CommandPreprocessorSpec.scala#L116)
- ill-formed create-and-exercise command is rejected: [CommandPreprocessorSpec.scala](daml-lf/engine/src/test/scala/com/digitalasset/daml/lf/engine/CommandPreprocessorSpec.scala#L137) - ill-formed create-and-exercise command is rejected: [CommandPreprocessorSpec.scala](daml-lf/engine/src/test/scala/com/digitalasset/daml/lf/engine/CommandPreprocessorSpec.scala#L137)
- ill-formed exception definitions are rejected: [TypingSpec.scala](daml-lf/validation/src/test/scala/com/digitalasset/daml/lf/validation/TypingSpec.scala#L1597) - ill-formed exception definitions are rejected: [TypingSpec.scala](daml-lf/validation/src/test/scala/com/digitalasset/daml/lf/validation/TypingSpec.scala#L1597)

2
triggers/service/src/test-suite/scala/com/daml/lf/engine/trigger/AuthorizationConfigTest.scala
View File

@ -21,6 +21,7 @@ class AuthorizationConfigTest extends AsyncWordSpec with Matchers {
} }
} }
// TEST_EVIDENCE: Input Validation: error on specifying both authCommonUri and authInternalUri/authExternalUri for the trigger service
"should error on specifying both authCommonUri and authInternalUri/authExternalUri" in { "should error on specifying both authCommonUri and authInternalUri/authExternalUri" in {
val invalidConfigs = List( val invalidConfigs = List(
""" """
@ -48,6 +49,7 @@ class AuthorizationConfigTest extends AsyncWordSpec with Matchers {
Succeeded Succeeded
} }
// TEST_EVIDENCE: Input Validation: error on specifying only authInternalUri and no authExternalUri for the trigger service
"should error on specifying only authInternalUri and no authExternalUri" in { "should error on specifying only authInternalUri and no authExternalUri" in {
ConfigSource ConfigSource
.string(""" .string("""

2
triggers/service/src/test-suite/scala/com/daml/lf/engine/trigger/CliConfigTest.scala
View File

@ -36,6 +36,8 @@ class CliConfigTest extends AnyWordSpec with Matchers with OptionValues {
Set("notcustom"), Set("notcustom"),
) should ===(None) ) should ===(None)
} }
// TEST_EVIDENCE: Input Validation: auth and auth-* should not be set together for the trigger service
"auth and auth-* should not be set together" in { "auth and auth-* should not be set together" in {
parse(baseOpts ++ Seq("--auth", "http://example.com"), Set()) should !==(None) parse(baseOpts ++ Seq("--auth", "http://example.com"), Set()) should !==(None)
parse( parse(

15
triggers/service/src/test/scala/com/digitalasset/daml/lf/engine/trigger/TriggerServiceTest.scala
View File

@ -421,6 +421,7 @@ trait AbstractTriggerServiceTest
} yield succeed } yield succeed
} }
// TEST_EVIDENCE: Semantics: restart trigger on initialization failure due to failed connection
it should "restart trigger on initialization failure due to failed connection" inClaims withTriggerService( it should "restart trigger on initialization failure due to failed connection" inClaims withTriggerService(
List(dar) List(dar)
) { uri: Uri => ) { uri: Uri =>
@ -440,6 +441,7 @@ trait AbstractTriggerServiceTest
} yield succeed } yield succeed
} }
// TEST_EVIDENCE: Semantics: restart trigger on run-time failure due to dropped connection
it should "restart trigger on run-time failure due to dropped connection" inClaims withTriggerService( it should "restart trigger on run-time failure due to dropped connection" inClaims withTriggerService(
List(dar) List(dar)
) { uri: Uri => ) { uri: Uri =>
@ -461,6 +463,7 @@ trait AbstractTriggerServiceTest
} yield succeed } yield succeed
} }
// TEST_EVIDENCE: Semantics: restart triggers with initialization errors
it should "restart triggers with initialization errors" in withTriggerService(List(dar)) { it should "restart triggers with initialization errors" in withTriggerService(List(dar)) {
uri: Uri => uri: Uri =>
for { for {
@ -476,6 +479,7 @@ trait AbstractTriggerServiceTest
} yield succeed } yield succeed
} }
// TEST_EVIDENCE: Semantics: restart triggers with update errors
it should "restart triggers with update errors" inClaims withTriggerService(List(dar)) { it should "restart triggers with update errors" inClaims withTriggerService(List(dar)) {
uri: Uri => uri: Uri =>
for { for {
@ -494,6 +498,7 @@ trait AbstractTriggerServiceTest
} yield succeed } yield succeed
} }
// TEST_EVIDENCE: Input Validation: give a 'not found' response for a stop request with an unparseable UUID in the trigger service
it should "give a 'not found' response for a stop request with an unparseable UUID" in withTriggerService( it should "give a 'not found' response for a stop request with an unparseable UUID" in withTriggerService(
Nil Nil
) { uri: Uri => ) { uri: Uri =>
@ -508,6 +513,7 @@ trait AbstractTriggerServiceTest
} yield succeed } yield succeed
} }
// TEST_EVIDENCE: Input Validation: give a 'not found' response for a stop request on an unknown UUID in the trigger service
it should "give a 'not found' response for a stop request on an unknown UUID" in withTriggerService( it should "give a 'not found' response for a stop request on an unknown UUID" in withTriggerService(
Nil Nil
) { uri: Uri => ) { uri: Uri =>
@ -569,6 +575,7 @@ trait AbstractTriggerServiceTestWithDatabase extends AbstractTriggerServiceTest
} }
} yield succeed) } yield succeed)
// TEST_EVIDENCE: Semantics: restart triggers after shutdown
it should "restart triggers after shutdown" inClaims (for { it should "restart triggers after shutdown" inClaims (for {
_ <- withTriggerService(List(dar)) { uri: Uri => _ <- withTriggerService(List(dar)) { uri: Uri =>
for { for {
@ -612,6 +619,7 @@ trait AbstractTriggerServiceTestAuthMiddleware
behavior of "authenticated service" behavior of "authenticated service"
// TEST_EVIDENCE: Semantics: redirect to the configured callback URI after login
it should "redirect to the configured callback URI after login" in withTriggerService( it should "redirect to the configured callback URI after login" in withTriggerService(
Nil, Nil,
authCallback = Some("http://localhost/TRIGGER_CALLBACK"), authCallback = Some("http://localhost/TRIGGER_CALLBACK"),
@ -629,6 +637,7 @@ trait AbstractTriggerServiceTestAuthMiddleware
} yield succeed } yield succeed
} }
// TEST_EVIDENCE: Authorization: forbid a non-authorized party to start a trigger
it should "forbid a non-authorized party to start a trigger" inClaims withTriggerService( it should "forbid a non-authorized party to start a trigger" inClaims withTriggerService(
List(dar) List(dar)
) { uri: Uri => ) { uri: Uri =>
@ -639,6 +648,7 @@ trait AbstractTriggerServiceTestAuthMiddleware
} yield succeed } yield succeed
} }
// TEST_EVIDENCE: Authorization: forbid a non-authorized party to list triggers
it should "forbid a non-authorized party to list triggers" inClaims withTriggerService(Nil) { it should "forbid a non-authorized party to list triggers" inClaims withTriggerService(Nil) {
uri: Uri => uri: Uri =>
authServer.revokeParty(eve) authServer.revokeParty(eve)
@ -648,6 +658,7 @@ trait AbstractTriggerServiceTestAuthMiddleware
} yield succeed } yield succeed
} }
// TEST_EVIDENCE: Authorization: forbid a non-authorized party to check the status of a trigger
it should "forbid a non-authorized party to check the status of a trigger" inClaims withTriggerService( it should "forbid a non-authorized party to check the status of a trigger" inClaims withTriggerService(
List(dar) List(dar)
) { uri: Uri => ) { uri: Uri =>
@ -663,6 +674,7 @@ trait AbstractTriggerServiceTestAuthMiddleware
} yield succeed } yield succeed
} }
// TEST_EVIDENCE: Authorization: forbid a non-authorized party to stop a trigger
it should "forbid a non-authorized party to stop a trigger" inClaims withTriggerService( it should "forbid a non-authorized party to stop a trigger" inClaims withTriggerService(
List(dar) List(dar)
) { uri: Uri => ) { uri: Uri =>
@ -678,6 +690,7 @@ trait AbstractTriggerServiceTestAuthMiddleware
} yield succeed } yield succeed
} }
// TEST_EVIDENCE: Authorization: forbid a non-authorized user to upload a DAR
it should "forbid a non-authorized user to upload a DAR" inClaims withTriggerService(Nil) { it should "forbid a non-authorized user to upload a DAR" inClaims withTriggerService(Nil) {
uri: Uri => uri: Uri =>
authServer.revokeAdmin() authServer.revokeAdmin()
@ -687,6 +700,7 @@ trait AbstractTriggerServiceTestAuthMiddleware
} yield succeed } yield succeed
} }
// TEST_EVIDENCE: Authorization: request a fresh token after expiry on user request
it should "request a fresh token after expiry on user request" in withTriggerService(Nil) { it should "request a fresh token after expiry on user request" in withTriggerService(Nil) {
uri: Uri => uri: Uri =>
for { for {
@ -701,6 +715,7 @@ trait AbstractTriggerServiceTestAuthMiddleware
} yield succeed } yield succeed
} }
// TEST_EVIDENCE: Authorization: refresh a token after expiry on the server side
it should "refresh a token after expiry on the server side" inClaims withTriggerService( it should "refresh a token after expiry on the server side" inClaims withTriggerService(
List(dar) List(dar)
) { uri: Uri => ) { uri: Uri =>