Commit Graph

7 Commits

Author SHA1 Message Date
Claudio Bley
e24497635d
Rework evidence security categories (#15226)
* Rework evidence security categories

using the 7 industry standard security testing areas:

* Authentication
* Authorization
* Confidentiality
* Integrity
* Availability
* Non-Repudiation
* Resilience

CHANGELOG_BEGIN
CHANGELOG_END

* Replace category `Input Validation`

* Replace category `Privacy`

* Replace category `Semantics`

* Replace category `Semantics`

* Replace category `Performance`

* Skip categories `NonRepudiation` and `Resilience` for now

There are currently no tests for these categories.

* Regenerate `security-evidence.md`
2022-10-13 09:55:45 +00:00
Victor Peter Rouven Müller
47ca2cb953
Add security evidence annotations to the integration tests of the json api (#13225)
changelog_begin
changelog_end
2022-03-21 15:58:23 +01:00
Moritz Kiefer
0d5443f8de
Drop direct dependencies on system-filepath (#12658)
That package has been deprecated for years and we don’t even use
it. The deps are just redundant.

changelog_begin
changelog_end
2022-01-31 10:04:07 +01:00
Gary Verhaegen
d2e2c21684
update copyright headers (#12240)
New year, new copyright, new expected unknown issues with various files
that won't be covered by the script and/or will be but shouldn't change.

I'll do the details on Jan 1, but would appreciate this being
preapproved so I can actually get it merged by then.

CHANGELOG_BEGIN
CHANGELOG_END
2022-01-03 16:36:51 +00:00
nickchapman-da
68f44325a6
Improve evidence of testing (#11428)
* fine grained test evidence for authorization

* fine grained test evidence for privacy

* fine grained test evidence for input-validation (typing)

* fix exit code of security/update.sh script (set -euo pipefail)

* add security evidence test category: Input Validation

* regenerate security-evidence.md

CHANGELOG_BEGIN
CHANGELOG_END

* fix bug in securoty evidence generation (must sort before group, or else we loose lines)

* evidence for input validation of commands

* address comments

* cleanup: remove backticks from evidence free text
2021-10-28 09:24:52 +00:00
nickchapman-da
03db0aa9f3
Auto run/check security evidence generation in ./fmt.sh (#11407)
CHANGELOG_BEGIN
CHANGELOG_END
2021-10-26 13:58:35 +01:00
nickchapman-da
a2a15716b4
Generate security evidence by documenting security testcases (#11306)
* Generate security evidence by documenting security testcases.

CHANGELOG_BEGIN
CHANGELOG_END

* move generated file to root of repo, so links work

* formatError function instead of Show instance

* dont use Show instances for generating Markdown

* magic comment: SECURITY_TEST --> TEST_EVIDENCE

* use megaparsec and Data.Text

* remove redundant T.pack

* use: Text.Megaparsec.Char.space
2021-10-26 09:07:59 +00:00