mirror of
https://github.com/digital-asset/daml.git
synced 2024-09-20 01:07:18 +03:00
e24497635d
* Rework evidence security categories using the 7 industry standard security testing areas: * Authentication * Authorization * Confidentiality * Integrity * Availability * Non-Repudiation * Resilience CHANGELOG_BEGIN CHANGELOG_END * Replace category `Input Validation` * Replace category `Privacy` * Replace category `Semantics` * Replace category `Semantics` * Replace category `Performance` * Skip categories `NonRepudiation` and `Resilience` for now There are currently no tests for these categories. * Regenerate `security-evidence.md`
46 KiB
46 KiB
Security tests, by category
Authentication:
- TLS configuration is parsed correctly from the config file: CliSpec.scala
- connect normally with tls on: TlsTest.scala
- redirect to the configured callback URI after login: TriggerServiceTest.scala
- the /login endpoint should redirect and set the cookie: TestMiddleware.scala
- the /login endpoint should return OK and set cookie without redirectUri: TestMiddleware.scala
- the /login endpoint with an oauth server checking claims should redirect to the configured middleware callback URI: TestMiddleware.scala
- the /login endpoint with an oauth server checking claims should refuse requests when max capacity is reached: TestMiddleware.scala
- the /login endpoint with an oauth server checking claims should refuse requests when max capacity is reached: TestMiddleware.scala
- the TestMiddlewareClientAutoRedirectToLogin client should not redirect to /login for JSON request: TestMiddleware.scala
- the TestMiddlewareClientAutoRedirectToLogin client should redirect to /login for HTML request: TestMiddleware.scala
- the TestMiddlewareClientNoRedirectToLogin client should not redirect to /login: TestMiddleware.scala
- the TestMiddlewareClientYesRedirectToLogin client should redirect to /login: TestMiddleware.scala
Authorization:
- Updating the package service fails with insufficient authorization: AuthorizationTest.scala
- Updating the package service succeeds with sufficient authorization: AuthorizationTest.scala
- accept user tokens: TestMiddleware.scala
- auth and auth-* should not be set together for the trigger service: CliConfigTest.scala
- badly-authorized create is rejected: AuthorizationSpec.scala
- badly-authorized create is rejected: AbstractHttpServiceIntegrationTest.scala
- badly-authorized exercise is rejected: AuthorizationSpec.scala
- badly-authorized exercise/create (create is unauthorized) is rejected: AuthPropagationSpec.scala
- badly-authorized exercise/create (exercise is unauthorized) is rejected: AuthPropagationSpec.scala
- badly-authorized exercise/exercise (no implicit authority from outer exercise) is rejected: AuthPropagationSpec.scala
- badly-authorized fetch is rejected: AuthorizationSpec.scala
- badly-authorized lookup is rejected: AuthorizationSpec.scala
- create IOU should fail if overwritten actAs & readAs result in missing permission even if the user would have the rights: HttpServiceIntegrationTestUserManagement.scala
- create IOU should fail if user has no permission: HttpServiceIntegrationTestUserManagement.scala
- create IOU should work with correct user rights: HttpServiceIntegrationTestUserManagement.scala
- create with no signatories is rejected: AuthorizationSpec.scala
- create with non-signatory maintainers is rejected: AuthorizationSpec.scala
- error on specifying both authCommonUri and authInternalUri/authExternalUri for the trigger service: AuthorizationConfigTest.scala
- error on specifying only authInternalUri and no authExternalUri for the trigger service: AuthorizationConfigTest.scala
- exercise with no controllers is rejected: AuthorizationSpec.scala
- fetch fails when readAs not authed, even if prior fetch succeeded: AbstractHttpServiceIntegrationTest.scala
- forbid a non-authorized party to check the status of a trigger: TriggerServiceTest.scala
- forbid a non-authorized party to list triggers: TriggerServiceTest.scala
- forbid a non-authorized party to start a trigger: TriggerServiceTest.scala
- forbid a non-authorized party to stop a trigger: TriggerServiceTest.scala
- forbid a non-authorized user to upload a DAR: TriggerServiceTest.scala
- multiple websocket requests over the same WebSocket connection are NOT allowed: AbstractWebsocketServiceIntegrationTest.scala
- refresh a token after expiry on the server side: TriggerServiceTest.scala
- reject requests with missing auth header: AbstractHttpServiceIntegrationTest.scala
- request a fresh token after expiry on user request: TriggerServiceTest.scala
- return the token from a cookie: TestMiddleware.scala
- return unauthorized on an expired token: TestMiddleware.scala
- return unauthorized on an invalid token: TestMiddleware.scala
- return unauthorized on insufficient app id claims: TestMiddleware.scala
- return unauthorized without cookie: TestMiddleware.scala
- the /auth endpoint given claim token should return unauthorized on insufficient party claims: TestMiddleware.scala
- the /login endpoint with an oauth server checking claims should not authorize disallowed admin claims: TestMiddleware.scala
- the /login endpoint with an oauth server checking claims should not authorize unauthorized parties: TestMiddleware.scala
- the /refresh endpoint should fail on an invalid refresh token: TestMiddleware.scala
- the /refresh endpoint should return a new access token: TestMiddleware.scala
- websocket request with invalid protocol token should be denied: AbstractWebsocketServiceIntegrationTest.scala
- websocket request with valid protocol token should allow client subscribe to stream: AbstractWebsocketServiceIntegrationTest.scala
- websocket request without protocol token should be denied: AbstractWebsocketServiceIntegrationTest.scala
- well-authorized create is accepted: AuthorizationSpec.scala
- well-authorized exercise is accepted: AuthorizationSpec.scala
- well-authorized exercise/create is accepted: AuthPropagationSpec.scala
- well-authorized exercise/exercise is accepted: AuthPropagationSpec.scala
- well-authorized fetch is accepted: AuthorizationSpec.scala
- well-authorized lookup is accepted: AuthorizationSpec.scala
Availability:
- /v1/query GET succeeds after reconnect: FailureTests.scala
- /v1/query POST succeeds after reconnect: FailureTests.scala
- /v1/query POST succeeds after reconnect to DB: FailureTests.scala
- /v1/stream/query can reconnect: FailureTests.scala
- Command submission succeeds after reconnect: FailureTests.scala
- Tail call optimization: Tail recursion does not blow the scala JVM stack.: TailCallTest.scala
- archiving a large number of contracts should succeed: AbstractHttpServiceIntegrationTest.scala
- command submission timeout is applied: FailureTests.scala
- creating and listing 20K users should be possible: HttpServiceIntegrationTestUserManagement.scala
- fromStartupMode should not succeed for any input when the db connection is broken: FailureTests.scala
- restart trigger on initialization failure due to failed connection: TriggerServiceTest.scala
- restart trigger on run-time failure due to dropped connection: TriggerServiceTest.scala
- restart triggers after shutdown: TriggerServiceTest.scala
- restart triggers with initialization errors: TriggerServiceTest.scala
- restart triggers with update errors: TriggerServiceTest.scala
Confidentiality:
- ensure correct privacy for create node: BlindingSpec.scala
- ensure correct privacy for exercise node (consuming): BlindingSpec.scala
- ensure correct privacy for exercise node (non-consuming): BlindingSpec.scala
- ensure correct privacy for exercise subtree: BlindingSpec.scala
- ensure correct privacy for fetch node: BlindingSpec.scala
- ensure correct privacy for lookup-by-key node (found): BlindingSpec.scala
- ensure correct privacy for lookup-by-key node (not-found): BlindingSpec.scala
- ensure correct privacy for rollback subtree: BlindingSpec.scala
- give a 'not found' response for a stop request on an unknown UUID in the trigger service: TriggerServiceTest.scala
- give a 'not found' response for a stop request with an unparseable UUID in the trigger service: TriggerServiceTest.scala
Integrity:
- Evaluation order of create with authorization failure: EvaluationOrderTest.scala
- Evaluation order of create with contract ID in contract key: EvaluationOrderTest.scala
- Evaluation order of create with contract key exceeding max nesting: EvaluationOrderTest.scala
- Evaluation order of create with create argument exceeding max nesting: EvaluationOrderTest.scala
- Evaluation order of create with duplicate contract key: EvaluationOrderTest.scala
- Evaluation order of create with empty contract key maintainers: EvaluationOrderTest.scala
- Evaluation order of create with failed precondition: EvaluationOrderTest.scala
- Evaluation order of create_interface with authorization failure: EvaluationOrderTest.scala
- Evaluation order of create_interface with contract ID in contract key: EvaluationOrderTest.scala
- Evaluation order of create_interface with contract key exceeding max nesting: EvaluationOrderTest.scala
- Evaluation order of create_interface with create argument exceeding max nesting: EvaluationOrderTest.scala
- Evaluation order of create_interface with duplicate contract key: EvaluationOrderTest.scala
- Evaluation order of create_interface with empty contract key maintainers: EvaluationOrderTest.scala
- Evaluation order of create_interface with failed precondition: EvaluationOrderTest.scala
- Evaluation order of exercise by interface of a cached global contract that does not implement the interface.: EvaluationOrderTest.scala
- Evaluation order of exercise by interface of an inactive global contract: EvaluationOrderTest.scala
- Evaluation order of exercise by interface of cached global contract with failed authorization: EvaluationOrderTest.scala
- Evaluation order of exercise of a cached global contract with failure authorization: EvaluationOrderTest.scala
- Evaluation order of exercise of a non-cached global contract with failure authorization: EvaluationOrderTest.scala
- Evaluation order of exercise of a non-cached global contract with inconsistent key: EvaluationOrderTest.scala
- Evaluation order of exercise of a wrongly typed cached global contract: EvaluationOrderTest.scala
- Evaluation order of exercise of a wrongly typed non-cached global contract: EvaluationOrderTest.scala
- Evaluation order of exercise of an inactive global contract: EvaluationOrderTest.scala
- Evaluation order of exercise of an inactive local contract: EvaluationOrderTest.scala
- Evaluation order of exercise of an unknown contract: EvaluationOrderTest.scala
- Evaluation order of exercise of an wrongly typed local contract: EvaluationOrderTest.scala
- Evaluation order of exercise of cached global contract with failure authorization: EvaluationOrderTest.scala
- Evaluation order of exercise with argument exceeding max nesting: EvaluationOrderTest.scala
- Evaluation order of exercise with output exceeding max nesting: EvaluationOrderTest.scala
- Evaluation order of exercise-by-key of a cached global contract with visibility failure: EvaluationOrderTest.scala
- Evaluation order of exercise-by-key of a non-cached global contract with visibility failure: EvaluationOrderTest.scala
- Evaluation order of exercise_by_key of a cached global contract with failure authorization: EvaluationOrderTest.scala
- Evaluation order of exercise_by_key of a local contract with visibility failure: EvaluationOrderTest.scala
- Evaluation order of exercise_by_key of a non-cached global contract with failure authorization: EvaluationOrderTest.scala
- Evaluation order of exercise_by_key of a wrongly typed cached global contract: EvaluationOrderTest.scala
- Evaluation order of exercise_by_key of an inactive global contract: EvaluationOrderTest.scala
- Evaluation order of exercise_by_key of an inactive local contract: EvaluationOrderTest.scala
- Evaluation order of exercise_by_key of an unknown contract: EvaluationOrderTest.scala
- Evaluation order of exercise_by_key of cached global contract with failure authorization: EvaluationOrderTest.scala
- Evaluation order of exercise_by_key with argument exceeding max nesting: EvaluationOrderTest.scala
- Evaluation order of exercise_by_key with contract ID in contract key: EvaluationOrderTest.scala
- Evaluation order of exercise_by_key with result exceeding max nesting: EvaluationOrderTest.scala
- Evaluation order of exercise_interface of a cached local contract with failed authorization: EvaluationOrderTest.scala
- Evaluation order of exercise_interface of a non-cached global contract with failed authorization: EvaluationOrderTest.scala
- Evaluation order of exercise_interface of an inactive local contract: EvaluationOrderTest.scala
- Evaluation order of exercise_interface of an local contract not implementing the interface: EvaluationOrderTest.scala
- Evaluation order of exercise_vy_key with empty contract key maintainers: EvaluationOrderTest.scala
- Evaluation order of fetch of a cached global contract with failure authorization: EvaluationOrderTest.scala
- Evaluation order of fetch of a non-cached global contract with failure authorization: EvaluationOrderTest.scala
- Evaluation order of fetch of a non-cached global contract with inconsistent key: EvaluationOrderTest.scala
- Evaluation order of fetch of a wrongly typed cached global contract: EvaluationOrderTest.scala
- Evaluation order of fetch of a wrongly typed disclosed contract: EvaluationOrderTest.scala
- Evaluation order of fetch of a wrongly typed non-cached global contract: EvaluationOrderTest.scala
- Evaluation order of fetch of an inactive global contract: EvaluationOrderTest.scala
- Evaluation order of fetch of an inactive local contract: EvaluationOrderTest.scala
- Evaluation order of fetch of an unknown contract: EvaluationOrderTest.scala
- Evaluation order of fetch of an wrongly typed local contract: EvaluationOrderTest.scala
- Evaluation order of fetch of cached global contract with failure authorization: EvaluationOrderTest.scala
- Evaluation order of fetch-by-key of a cached global contract with visibility failure: EvaluationOrderTest.scala
- Evaluation order of fetch-by-key of a non-cached global contract with visibility failure: EvaluationOrderTest.scala
- Evaluation order of fetch_by_key of a cached global contract with authorization failure: EvaluationOrderTest.scala
- Evaluation order of fetch_by_key of a local contract with authorization failure: EvaluationOrderTest.scala
- Evaluation order of fetch_by_key of a non-cached global contract with authorization failure: EvaluationOrderTest.scala
- Evaluation order of fetch_by_key of an inactive global contract: EvaluationOrderTest.scala
- Evaluation order of fetch_by_key of an inactive global contract: EvaluationOrderTest.scala
- Evaluation order of fetch_by_key of an unknown contract key: EvaluationOrderTest.scala
- Evaluation order of fetch_by_key with contract ID in contract key: EvaluationOrderTest.scala
- Evaluation order of fetch_by_key with contract key exceeding max nesting: EvaluationOrderTest.scala
- Evaluation order of fetch_by_key with empty contract key maintainers: EvaluationOrderTest.scala
- Evaluation order of fetch_interface of a cached global contract not implementing the interface.: EvaluationOrderTest.scala
- Evaluation order of fetch_interface of a cached global contract with failure authorization: EvaluationOrderTest.scala
- Evaluation order of fetch_interface of a non-cached global contract that doesn't implement interface.: EvaluationOrderTest.scala
- Evaluation order of fetch_interface of a non-cached global contract with failed authorization: EvaluationOrderTest.scala
- Evaluation order of fetch_interface of an inactive global contract: EvaluationOrderTest.scala
- Evaluation order of fetch_interface of an inactive local contract: EvaluationOrderTest.scala
- Evaluation order of fetch_interface of an local contract not implementing the interface: EvaluationOrderTest.scala
- Evaluation order of fetch_interface of an unknown contract: EvaluationOrderTest.scala
- Evaluation order of fetch_interface of cached global contract with failure authorization: EvaluationOrderTest.scala
- Evaluation order of lookup of a cached global contract with visibility failure: EvaluationOrderTest.scala
- Evaluation order of lookup of a non-cached global contract with visibility failure: EvaluationOrderTest.scala
- Evaluation order of lookup_by_key of a cached global contract with authorization failure: EvaluationOrderTest.scala
- Evaluation order of lookup_by_key of a local contract with authorization failure: EvaluationOrderTest.scala
- Evaluation order of lookup_by_key of a local contract with failure authorization: EvaluationOrderTest.scala
- Evaluation order of lookup_by_key of a non-cached global contract with authorization failure: EvaluationOrderTest.scala
- Evaluation order of lookup_by_key of an inactive global contract: EvaluationOrderTest.scala
- Evaluation order of lookup_by_key of an inactive local contract: EvaluationOrderTest.scala
- Evaluation order of lookup_by_key of an unknown contract key: EvaluationOrderTest.scala
- Evaluation order of lookup_by_key with contract ID in contract key: EvaluationOrderTest.scala
- Evaluation order of lookup_by_key with contract key exceeding max nesting: EvaluationOrderTest.scala
- Evaluation order of lookup_by_key with empty contract key maintainers: EvaluationOrderTest.scala
- Evaluation order of successful create: EvaluationOrderTest.scala
- Evaluation order of successful create_interface: EvaluationOrderTest.scala
- Evaluation order of successful exercise by interface of a non-cached global contract: EvaluationOrderTest.scala
- Evaluation order of successful exercise of a cached global contract: EvaluationOrderTest.scala
- Evaluation order of successful exercise of a local contract: EvaluationOrderTest.scala
- Evaluation order of successful exercise of a non-cached global contract: EvaluationOrderTest.scala
- Evaluation order of successful exercise_by_key of a cached global contract: EvaluationOrderTest.scala
- Evaluation order of successful exercise_by_key of a local contract: EvaluationOrderTest.scala
- Evaluation order of successful exercise_by_key of a non-cached global contract: EvaluationOrderTest.scala
- Evaluation order of successful exercise_interface of a cached global contract: EvaluationOrderTest.scala
- Evaluation order of successful exercise_interface of a local contract: EvaluationOrderTest.scala
- Evaluation order of successful fetch of a cached global contract: EvaluationOrderTest.scala
- Evaluation order of successful fetch of a local contract: EvaluationOrderTest.scala
- Evaluation order of successful fetch of a non-cached global contract: EvaluationOrderTest.scala
- Evaluation order of successful fetch_by_key of a cached global contract: EvaluationOrderTest.scala
- Evaluation order of successful fetch_by_key of a local contract: EvaluationOrderTest.scala
- Evaluation order of successful fetch_by_key of a non-cached global contract: EvaluationOrderTest.scala
- Evaluation order of successful fetch_interface of a cached global contract: EvaluationOrderTest.scala
- Evaluation order of successful fetch_interface of a local contract: EvaluationOrderTest.scala
- Evaluation order of successful fetch_interface of a non-cached global contract: EvaluationOrderTest.scala
- Evaluation order of successful lookup_by_key of a cached global contract: EvaluationOrderTest.scala
- Evaluation order of successful lookup_by_key of a local contract: EvaluationOrderTest.scala
- Evaluation order of successful lookup_by_key of a non-cached global contract: EvaluationOrderTest.scala
- Exceptions, throw/catch.: ExceptionTest.scala
- Rollback creates cannot be exercise: EngineTest.scala
- This checks that type checking in exercise_interface is done after checking activeness.: EvaluationOrderTest.scala
- This checks that type checking is done after checking activeness.: EvaluationOrderTest.scala
- This checks that type checking is done after checking activeness.: EvaluationOrderTest.scala
- contract key behaviour (non-unique mode): ContractKeySpec.scala
- contract key behaviour (unique mode): ContractKeySpec.scala
- contract keys must have a non-empty set of maintainers: ContractKeySpec.scala
- contract keys should be evaluated after ensure clause: ContractKeySpec.scala
- contract keys should be evaluated only when executing create: ContractKeySpec.scala
- ensure builtin operators have the correct type: TypingSpec.scala
- ensure expression forms have the correct type: TypingSpec.scala
- exercise-by-interface command is rejected for a: ApiCommandPreprocessorSpec.scala
- exercise_interface with a contract instance that does not implement the interface fails.: EvaluationOrderTest.scala
- ill-formed create API command is rejected: ApiCommandPreprocessorSpec.scala
- ill-formed create replay command is rejected: ReplayCommandPreprocessorSpec.scala
- ill-formed create-and-exercise API command is rejected: ApiCommandPreprocessorSpec.scala
- ill-formed exception definitions are rejected: TypingSpec.scala
- ill-formed exercise API command is rejected: ApiCommandPreprocessorSpec.scala
- ill-formed exercise replay command is rejected: ReplayCommandPreprocessorSpec.scala
- ill-formed exercise-by-key API command is rejected: ApiCommandPreprocessorSpec.scala
- ill-formed exercise-by-key replay command is rejected: ReplayCommandPreprocessorSpec.scala
- ill-formed expressions are rejected: TypingSpec.scala
- ill-formed fetch command is rejected: ReplayCommandPreprocessorSpec.scala
- ill-formed fetch-by-key command is rejected: ReplayCommandPreprocessorSpec.scala
- ill-formed interfaces are rejected: TypingSpec.scala
- ill-formed kinds are rejected: TypingSpec.scala
- ill-formed lookup command is rejected: ReplayCommandPreprocessorSpec.scala
- ill-formed records are rejected: TypingSpec.scala
- ill-formed templates are rejected: TypingSpec.scala
- ill-formed type synonyms applications are rejected: TypingSpec.scala
- ill-formed type synonyms definitions are rejected: TypingSpec.scala
- ill-formed types are rejected: TypingSpec.scala
- ill-formed variants are rejected: TypingSpec.scala
- well formed create API command is accepted: ApiCommandPreprocessorSpec.scala
- well formed create replay command is accepted: ReplayCommandPreprocessorSpec.scala
- well formed create-and-exercise API command is accepted: ApiCommandPreprocessorSpec.scala
- well formed exercise API command is accepted: ApiCommandPreprocessorSpec.scala
- well formed exercise replay command is accepted: ReplayCommandPreprocessorSpec.scala
- well formed exercise-by-interface command is accepted: ApiCommandPreprocessorSpec.scala
- well formed exercise-by-key API command is accepted: ApiCommandPreprocessorSpec.scala
- well formed exercise-by-key command is accepted: ReplayCommandPreprocessorSpec.scala
- well formed fetch replay command is accepted: ReplayCommandPreprocessorSpec.scala
- well formed fetch-by-key replay command is accepted: ReplayCommandPreprocessorSpec.scala
- well formed lookup replay command is accepted: ReplayCommandPreprocessorSpec.scala