Hi,
Since I have to detect the vulnerabilities in the given Airline Daml contract at the pre-deployment stage using my framework, I’d like to add 3-4 logical vulnerabilities to the Daml Contract.
The issue is the following: Using a.daml file, I can change Daml models or contracts. Unfortunately, Daml generates a web GUI that is built on React.js. As a result, when I update the Daml Model, the GUI does not update ( it’s somewhat static). Therefore the problem arises when I modify Daml models, such as to add new features or vulnerabilities. So, how does one test it if they are unfamiliar with React.js? To test the contract, I have to develop a React.js component manually and add it to the existing UI, which does not fit me because I don’t know even the basics of REACT.
So to test the contract while introducing logical errors, whether I have to use python dazl to communicate with ledger API directly. This means all GUI based work- I have to do using Commandline. And I have to write the code to replace GUI work with CL so that I can test the contract and later on automate this testing procedure etc.
ex-models/airline at master · digital-asset/ex-models · GitHub
*This is so far, I learned. The issue is the same, I am a .Net developer. I have so many troubles just introducing logical errors in Daml Contract, in order to ensure functional correctness of that contract using my framework. To add vulnerabilities and to ensure that the vulnerabilities, I have added are logical. I have to test the contract. So is there any other way to do so? or the concept I have learned using Python Dazl is correct? If it’s
correct then anyone offers help in developing the CLI for Airline Contract and how to communicate directly to ledger API using Python Dazl in order to test contract (either contract is running after introducing logical errors or not) *
You have a few different options for communicating directly with the ledger:
- You can talk to the HTTP JSON API either using the typescript bindings or using any HTTP client of your choice.
- You can talk to the gRPC Ledger API via the Java bindings or via DAZL or other gRPC clients.
1 Like
So it means I don’t need to build a command-line interface as an alternative to React.js based GUI. and I can directly test my contract .daml file using the abovementioned APIs?
If Yes, then can you guide me; how I can do it using DAZL?
Can you be a bit more specific? Do you have some DAZL code that is producing an error?
No, I don’t. I want to test the above-mentioned contract by making additions to it. Such as by introducing logical errors into the above contract. But to ensure that the vulnerability I have added to the code is logical, and the contract still working. I have to test it. But when I made changes in it the React.js Based UI as shown in the second screenshot will not get updated. So how I can test this contract.
What do you want to test? That you can create the contract?
Do you need a full ledger at all for this or would a Daml script + daml test be sufficient?
Airline contract is working fine. But I want to add some errors to it deliberately. These errors should be logical means (a logic error is a bug in a program that causes it to operate incorrectly but not to terminate abnormally. A logic error produces an unintended or undesired output or other behaviour, although it may not immediately be recognized as such. It is classified as a type of runtime error that can result in a program producing incorrect output. It can also cause the program to crash when running.)
So if I add errors I need to change values etc and need to check contract behaviour on the ledger as well. So to test all this I need to figure out how I can do without generating its Airline UI interface.
So you roughly need to follow the following steps:
- Build your DAR using
daml build.
- Upload your DAR to the ledger (you can restart your ledger but you don’t have to necessarily) via
daml ledger upload-dar
- Then perform whatever actions you deem adequate for testing your contracts using DAZL. The documentation contains some simple examples and more detailed API documentation.
1 Like
Hi @Iqra_Mustafa,
Here is a bit of Daml code with a logic error and a test that illustrates it by failing:
module Main where
import Daml.Script
import DA.Assert ((===))
template Money
with
issuer: Party
owner: Party
amount: Int
where
signatory issuer
observer owner
preconsuming choice Split : (ContractId Money, ContractId Money)
with
split: Int
controller owner
do
-- Logic bug: split is creating money
s1 <- create this with
amount = amount
s2 <- create this with
amount = split
return (s1, s2)
setup : Script ()
setup = script do
alice <- allocatePartyWithHint "Alice" (PartyIdHint "Alice")
bank <- allocatePartyWithHint "Bank" (PartyIdHint "Bank")
moneyBag <- submit bank do
createCmd Money with
issuer = bank
owner = alice
amount = 100
Some money <- queryContractId bank moneyBag
(s1, s2) <- submit alice do
exerciseCmd moneyBag (Split 10)
Some s1_payload <- queryContractId bank s1
Some s2_payload <- queryContractId bank s2
money.amount === (s1_payload.amount + s2_payload.amount)
You can get the test failure directly in the IDE, or by running daml test:
$ daml test
File: daml/Main.daml
Hidden: no
Range: 26:1-26:6
Source: Script
Severity: DsError
Message:
Scenario execution failed:
Unhandled exception:
DA.Exception.AssertionFailed:AssertionFailed@3f4deaf145a15cdcfa762c058005e2edb9baa75bb7f95a4f8f6f937378e86415
with
message = "Failure, expected 100 == 110"
[...]
$
2 Likes
setup : Script () is giving an error.
why it is giving an error. I try to resolve but couldn’t
You’ve hidden the actual error. Can you please show us the full terminal output?
That’s expected. If you look at Gary’s example, you can see the exact same error. This script is supposed to fail, it has a deliberate bug in that split isn’t working properly so the assertion at the end fails. Gary was using that as an example of a logic bug that you can test for.
After you fix the bug, the script passes:
preconsuming choice Split : (ContractId Money, ContractId Money)
with
split: Int
controller owner
do
s1 <- create this with
amount = amount - split
s2 <- create this with
amount = split
return (s1, s2)
2 Likes
Thanks now I got it. But can you tell why there is a red line under setup… SEE contract code.
Daml Studio runs your scripts automatically. Because of the bug you get an error and that’s what the red line indicates. After fixing the bug it goes away.
1 Like
