Skip to content

fix(connector-fabric): address CVEs: CVE-2022-21190, CVE-2021-3918 #1616

fix(connector-fabric): address CVEs: CVE-2022-21190, CVE-2021-3918

fix(connector-fabric): address CVEs: CVE-2022-21190, CVE-2021-3918 #1616

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: CC-BY-4.0
# This is a basic workflow to help you get started with Actions
name: Test Asset Exchange Corda
# Controls when the workflow will run
on:
# Triggers the workflow on push or pull request events but only for the main branch
push:
branches: [ main ]
pull_request:
branches: [ main ]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
check_code_changed:
outputs:
status: ${{ steps.changes.outputs.weaver_code_changed }}
runs-on: ubuntu-latest
steps:
- uses: actions/[email protected]
- uses: dorny/[email protected]
id: changes
with:
filters: |
weaver_code_changed:
- './weaver/**!(*.md|*.css|*.html|*.jpg|*.jpeg|*.png)'
- '.github/workflows/test_weaver-asset-exchange-corda.yaml'
asset-exchange-corda:
needs: check_code_changed
if: ${{ false && needs.check_code_changed.outputs.status == 'true' }}
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/[email protected]
- name: Set up JDK 8
uses: actions/[email protected]
with:
java-version: '8'
distribution: 'adopt'
# CORDA NETWORK
- name: Generate github.properties
run: |
echo "Using ${GITHUB_ACTOR} user."
echo "username=${GITHUB_ACTOR}" >> github.properties
echo "password=${{ secrets.GITHUB_TOKEN }}" >> github.properties
echo "url=https://maven.pkg.github.com/${GITHUB_ACTOR}/cacti" >> github.properties
echo "Using ${GITHUB_ACTOR} user."
echo "username=${GITHUB_ACTOR}" >> github.main.properties
echo "password=${{ secrets.GITHUB_TOKEN }}" >> github.main.properties
echo "url=https://maven.pkg.github.com/hyperledger/cacti" >> github.main.properties
./scripts/get-cordapps.sh || mv github.main.properties github.properties
cat github.properties
working-directory: weaver/tests/network-setups/corda
# CORDA NETWORK
- name: Start Corda Network
run: |
make start-network1 PROFILE=3-nodes
sleep 100
docker logs corda_partya_1
docker logs corda_partyb_1
working-directory: weaver/tests/network-setups/corda
# FABRIC CLI
- name: Setup Corda CLI init
run: ./scripts/initAsset.sh 1
working-directory: weaver/samples/corda/corda-simple-application
- name: Asset Exchange Corda CLI Tests
run: |
COUNT=0
TOTAL=5
# Lock 50 tokens
CORDA_PORT=10009 ./clients/build/install/clients/bin/clients lock-asset -f -h64 ivHErp1x4bJDKuRo6L5bApO/DdoyD/dG0mAZrzLZEIs= -t 180 -r "O=PartyA,L=London,C=GB" -p t1:50 1> tmp.out
cat tmp.out | grep "HTLC Lock State created with contract ID Right" && COUNT=$(( COUNT + 1 )) && echo "PASS"
cat tmp.out
CID=$(cat tmp.out | grep "HTLC Lock State created with contract ID Right" | sed -e 's/.*Right(b=\(.*\))\./\1/')
# Is Asset locked
CORDA_PORT=10009 ./clients/build/install/clients/bin/clients is-asset-locked -cid $CID 1> tmp.out
cat tmp.out | grep "Is Asset Locked Response: true" && COUNT=$(( COUNT + 1 )) && echo "PASS"
cat tmp.out
# Claim asset
CORDA_PORT=10006 ./clients/build/install/clients/bin/clients claim-asset -cid $CID -s secrettext 1> tmp.out
cat tmp.out | grep "Asset Claim Response: Right" && COUNT=$(( COUNT + 1 )) && echo "PASS"
cat tmp.out
# Timeout
CORDA_PORT=10006 ./clients/build/install/clients/bin/clients lock-asset -f -h64 ivHErp1x4bJDKuRo6L5bApO/DdoyD/dG0mAZrzLZEIs= -t 5 -r "O=PartyB,L=London,C=GB" -p t1:50 1> tmp.out
CID=$(cat tmp.out | grep "HTLC Lock State created with contract ID Right" | sed -e 's/.*Right(b=\(.*\))\./\1/')
sleep 5
cat tmp.out
## Is asset lock false
CORDA_PORT=10009 ./clients/build/install/clients/bin/clients is-asset-locked -cid $CID 1> tmp.out
cat tmp.out | grep "Is Asset Locked Response: false" && COUNT=$(( COUNT + 1 )) && echo "PASS"
cat tmp.out
## Unlock asset
CORDA_PORT=10006 ./clients/build/install/clients/bin/clients unlock-asset -cid $CID 1> tmp.out
cat tmp.out | grep "Asset Unlock Response: Right" && COUNT=$(( COUNT + 1 )) && echo "PASS"
cat tmp.out
# RESULT
echo "Passed $COUNT/$TOTAL Tests."
if [ $COUNT == $TOTAL ]; then
exit 0
else
exit 1
fi
working-directory: weaver/samples/corda/corda-simple-application
asset-exchange-corda-local:
needs: check_code_changed
if: needs.check_code_changed.outputs.status == 'true'
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/[email protected]
- name: Set up JDK 8
uses: actions/[email protected]
with:
java-version: '8'
distribution: 'adopt'
- name: Build Java Protos
run: make build
working-directory: weaver/common/protos-java-kt
# Build Dependencies
- name: Build Corda Interop App
run: make build-local
working-directory: weaver/core/network/corda-interop-app
- name: Build Corda Interop SDK
run: make build
working-directory: weaver/sdks/corda
- name: Build Corda SimpleApplication
run: make build-local
working-directory: weaver/samples/corda/corda-simple-application
# CORDA NETWORK
- name: Start Corda Network
run: |
make start-network1-local PROFILE=3-nodes
sleep 100
docker logs corda_partya_1
docker logs corda_partyb_1
working-directory: weaver/tests/network-setups/corda
# FABRIC CLI
- name: Setup Corda CLI init
run: ./scripts/initAsset.sh 1
working-directory: weaver/samples/corda/corda-simple-application
- name: Asset Exchange Corda CLI Tests
run: |
COUNT=0
TOTAL=5
# Lock 50 tokens
CORDA_PORT=10009 ./clients/build/install/clients/bin/clients lock-asset -f -h64 ivHErp1x4bJDKuRo6L5bApO/DdoyD/dG0mAZrzLZEIs= -t 180 -r "O=PartyA,L=London,C=GB" -p t1:50 1> tmp.out
cat tmp.out | grep "HTLC Lock State created with contract ID Right" && COUNT=$(( COUNT + 1 )) && echo "PASS"
cat tmp.out
CID=$(cat tmp.out | grep "HTLC Lock State created with contract ID Right" | sed -e 's/.*Right(b=\(.*\))\./\1/')
# Is Asset locked
CORDA_PORT=10009 ./clients/build/install/clients/bin/clients is-asset-locked -cid $CID 1> tmp.out
cat tmp.out | grep "Is Asset Locked Response: true" && COUNT=$(( COUNT + 1 )) && echo "PASS"
cat tmp.out
# Claim asset
CORDA_PORT=10006 ./clients/build/install/clients/bin/clients claim-asset -cid $CID -s secrettext 1> tmp.out
cat tmp.out | grep "Asset Claim Response: Right" && COUNT=$(( COUNT + 1 )) && echo "PASS"
cat tmp.out
# Timeout
CORDA_PORT=10006 ./clients/build/install/clients/bin/clients lock-asset -f -h64 ivHErp1x4bJDKuRo6L5bApO/DdoyD/dG0mAZrzLZEIs= -t 5 -r "O=PartyB,L=London,C=GB" -p t1:50 1> tmp.out
CID=$(cat tmp.out | grep "HTLC Lock State created with contract ID Right" | sed -e 's/.*Right(b=\(.*\))\./\1/')
sleep 5
cat tmp.out
## Is asset lock false
CORDA_PORT=10009 ./clients/build/install/clients/bin/clients is-asset-locked -cid $CID 1> tmp.out
cat tmp.out | grep "Is Asset Locked Response: false" && COUNT=$(( COUNT + 1 )) && echo "PASS"
cat tmp.out
## Unlock asset
CORDA_PORT=10006 ./clients/build/install/clients/bin/clients unlock-asset -cid $CID 1> tmp.out
cat tmp.out | grep "Asset Unlock Response: Right" && COUNT=$(( COUNT + 1 )) && echo "PASS"
cat tmp.out
# RESULT
echo "Passed $COUNT/$TOTAL Tests."
if [ $COUNT == $TOTAL ]; then
exit 0
else
exit 1
fi
working-directory: weaver/samples/corda/corda-simple-application
house-token-exchange-corda:
needs: check_code_changed
if: ${{ false && needs.check_code_changed.outputs.status == 'true' }}
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/[email protected]
- uses: dorny/[email protected]
id: changes
with:
filters: |
weaver_code_changed:
- './weaver/**!(*.md|*.css|*.html|*.jpg|*.jpeg|*.png)'
- '.github/workflows/test_weaver-asset-exchange-corda.yaml'
- name: Set up JDK 8
uses: actions/[email protected]
with:
java-version: '8'
distribution: 'adopt'
# CORDA NETWORK
- name: Generate github.properties
run: |
echo "Using ${GITHUB_ACTOR} user."
echo "username=${GITHUB_ACTOR}" >> github.properties
echo "password=${{ secrets.GITHUB_TOKEN }}" >> github.properties
echo "url=https://maven.pkg.github.com/${GITHUB_ACTOR}/cacti" >> github.properties
echo "Using ${GITHUB_ACTOR} user."
echo "username=${GITHUB_ACTOR}" >> github.main.properties
echo "password=${{ secrets.GITHUB_TOKEN }}" >> github.main.properties
echo "url=https://maven.pkg.github.com/hyperledger/cacti" >> github.main.properties
./scripts/get-cordapps.sh || mv github.main.properties github.properties
cat github.properties
working-directory: weaver/tests/network-setups/corda
# CORDA NETWORK
- name: Start Corda Network
run: |
make start-network1 APP_NAME=house PROFILE=3-nodes
sleep 100
docker logs corda_partya_1
docker logs corda_partyb_1
docker logs corda_partyc_1
working-directory: weaver/tests/network-setups/corda
# CORDA CLI
- name: Build CLI
run: |
cp ../../../tests/network-setups/corda/github.properties .
make build-cli
working-directory: weaver/samples/corda/corda-simple-application
- name: Setup Corda CLI init
run: ./scripts/initHouseToken.sh 1
working-directory: weaver/samples/corda/corda-simple-application
- name: House Token Exchange Corda CLI Tests
run: |
COUNT=0
TOTAL=5
# Lock 50 tokens
CORDA_PORT=10009 ./clients/build/install/clients/bin/clients house-token lock -f -h64 ivHErp1x4bJDKuRo6L5bApO/DdoyD/dG0mAZrzLZEIs= -t 180 -r "O=PartyA,L=London,C=GB" -o "O=PartyC,L=London,C=GB" -p house:10 1> tmp.out
cat tmp.out | grep "HTLC Lock State created with contract ID Right" && COUNT=$(( COUNT + 1 )) && echo "PASS"
cat tmp.out
CID=$(cat tmp.out | grep "HTLC Lock State created with contract ID Right" | sed -e 's/.*Right(b=\(.*\))\./\1/')
# Is Asset locked
CORDA_PORT=10009 ./clients/build/install/clients/bin/clients house-token is-locked -cid $CID 1> tmp.out
cat tmp.out | grep "Is Asset Locked Response: true" && COUNT=$(( COUNT + 1 )) && echo "PASS"
cat tmp.out
# Claim asset
CORDA_PORT=10006 ./clients/build/install/clients/bin/clients house-token claim -cid $CID -s secrettext 1> tmp.out
cat tmp.out | grep "Asset Claim Response: Right" && COUNT=$(( COUNT + 1 )) && echo "PASS"
cat tmp.out
# Timeout
CORDA_PORT=10006 ./clients/build/install/clients/bin/clients house-token lock -f -h64 ivHErp1x4bJDKuRo6L5bApO/DdoyD/dG0mAZrzLZEIs= -t 10 -r "O=PartyB,L=London,C=GB" -p house:20 1> tmp.out
CID=$(cat tmp.out | grep "HTLC Lock State created with contract ID Right" | sed -e 's/.*Right(b=\(.*\))\./\1/')
sleep 10
cat tmp.out
## Is asset lock false
CORDA_PORT=10009 ./clients/build/install/clients/bin/clients house-token is-locked -cid $CID 1> tmp.out
cat tmp.out | grep "Is Asset Locked Response: false" && COUNT=$(( COUNT + 1 )) && echo "PASS"
cat tmp.out
## Unlock asset
CORDA_PORT=10006 ./clients/build/install/clients/bin/clients house-token unlock -cid $CID 1> tmp.out
cat tmp.out | grep "Asset Unlock Response: Right" && COUNT=$(( COUNT + 1 )) && echo "PASS"
cat tmp.out
# RESULT
echo "Passed $COUNT/$TOTAL Tests."
if [ $COUNT == $TOTAL ]; then
exit 0
else
exit 1
fi
working-directory: weaver/samples/corda/corda-simple-application