mirror of
https://github.com/digital-asset/daml.git
synced 2024-09-20 01:07:18 +03:00
68f44325a6
* fine grained test evidence for authorization * fine grained test evidence for privacy * fine grained test evidence for input-validation (typing) * fix exit code of security/update.sh script (set -euo pipefail) * add security evidence test category: Input Validation * regenerate security-evidence.md CHANGELOG_BEGIN CHANGELOG_END * fix bug in securoty evidence generation (must sort before group, or else we loose lines) * evidence for input validation of commands * address comments * cleanup: remove backticks from evidence free text
8.4 KiB
8.4 KiB
Security tests, by category
Authorization:
- badly-authorized create is rejected: AuthorizationSpec.scala
- badly-authorized exercise is rejected: AuthorizationSpec.scala
- badly-authorized exercise/create (create is unauthorized) is rejected: AuthPropagationSpec.scala
- badly-authorized exercise/create (exercise is unauthorized) is rejected: AuthPropagationSpec.scala
- badly-authorized exercise/exercise (no implicit authority from outer exercise) is rejected: AuthPropagationSpec.scala
- badly-authorized fetch is rejected: AuthorizationSpec.scala
- badly-authorized lookup is rejected: AuthorizationSpec.scala
- create with no signatories is rejected: AuthorizationSpec.scala
- create with non-signatory maintainers is rejected: AuthorizationSpec.scala
- exercise with no controllers is rejected: AuthorizationSpec.scala
- well-authorized create is accepted: AuthorizationSpec.scala
- well-authorized exercise is accepted: AuthorizationSpec.scala
- well-authorized exercise/create is accepted: AuthPropagationSpec.scala
- well-authorized exercise/exercise is accepted: AuthPropagationSpec.scala
- well-authorized fetch is accepted: AuthorizationSpec.scala
- well-authorized lookup is accepted: AuthorizationSpec.scala
Privacy:
- ensure correct privacy for create node: BlindingSpec.scala
- ensure correct privacy for exercise node (consuming): BlindingSpec.scala
- ensure correct privacy for exercise node (non-consuming): BlindingSpec.scala
- ensure correct privacy for exercise subtree: BlindingSpec.scala
- ensure correct privacy for fetch node: BlindingSpec.scala
- ensure correct privacy for lookup-by-key node (found): BlindingSpec.scala
- ensure correct privacy for lookup-by-key node (not-found): BlindingSpec.scala
- ensure correct privacy for rollback subtree: BlindingSpec.scala
Semantics:
- Exceptions, throw/catch.: ExceptionTest.scala
Performance:
- Tail call optimization: Tail recursion does not blow the scala JVM stack.: TailCallTest.scala
Input Validation:
- ensure builtin operators have the correct type: TypingSpec.scala
- ensure expression forms have the correct type: TypingSpec.scala
- ill-formed create command is rejected: CommandPreprocessorSpec.scala
- ill-formed create-and-exercise command is rejected: CommandPreprocessorSpec.scala
- ill-formed exception definitions are rejected: TypingSpec.scala
- ill-formed exercise command is rejected: CommandPreprocessorSpec.scala
- ill-formed exercise-by-key command is rejected: CommandPreprocessorSpec.scala
- ill-formed expressions are rejected: TypingSpec.scala
- ill-formed fetch command is rejected: CommandPreprocessorSpec.scala
- ill-formed fetch-by-key command is rejected: CommandPreprocessorSpec.scala
- ill-formed kinds are rejected: TypingSpec.scala
- ill-formed lookup command is rejected: CommandPreprocessorSpec.scala
- ill-formed records are rejected: TypingSpec.scala
- ill-formed templates are rejected: TypingSpec.scala
- ill-formed type synonyms applications are rejected: TypingSpec.scala
- ill-formed type synonyms definitions are rejected: TypingSpec.scala
- ill-formed types are rejected: TypingSpec.scala
- ill-formed variants are rejected: TypingSpec.scala
- well formed create command is accepted: CommandPreprocessorSpec.scala
- well formed create-and-exercise command is accepted: CommandPreprocessorSpec.scala
- well formed exercise command is accepted: CommandPreprocessorSpec.scala
- well formed exercise-by-key command is accepted: CommandPreprocessorSpec.scala
- well formed fetch command is accepted: CommandPreprocessorSpec.scala
- well formed fetch-by-key command is accepted: CommandPreprocessorSpec.scala
- well formed lookup command is accepted: CommandPreprocessorSpec.scala