Safe Haskell	Safe-Inferred
Language	Haskell2010

Convex.ThreatModel

Contents

Transaction modifiers
- Types
- Modifiers
Threat models
Wallet selection
Cardano API helpers
- Addresses
- Datums
Pretty printing

Description

The threat modelling framework allows you to write down and test properties of modifications of valid transactions.

A threat model is represented by a value in the ThreatModel monad, and is evaluated in the context of a single valid transaction and the chain state at the point it validated (a ThreatModelEnv). Transactions and chain states can most easily be obtained using a ContractModelResult from runContractModel, but they can in principle come from anywhere.

As an example, here is a ThreatModel that checks that any interaction with myScript requires theToken to be present:

    tokenThreatModel :: ThreatModel ()
    tokenThreatModel = do
      ensureHasInputAt myScript

      let hasToken out = theToken `leqValue` valueOf out
      i <- anyInputSuchThat  hasToken
      o <- anyOutputSuchThat hasToken

      shouldNotValidate $ changeValueOf i (valueOf i <> negateValue theToken)
                       <> changeValueOf o (valueOf o <> negateValue theToken)

For a more complex example see Test.QuickCheck.ThreatModel.DoubleSatisfaction.

Synopsis

data TxModifier
data Input = Input {
- inputTxOut :: TxOut CtxUTxO Era
- inputTxIn :: TxIn
}
data Output = Output {
- outputTxOut :: TxOut CtxTx Era
- outputIx :: TxIx
}
type Datum = TxOutDatum CtxTx Era
type Redeemer = ScriptData
class IsInputOrOutput t where
- changeAddressOf :: t -> AddressAny -> TxModifier
- changeValueOf :: t -> Value -> TxModifier
- changeDatumOf :: t -> Datum -> TxModifier
- changeRefScriptOf :: t -> ReferenceScript Era -> TxModifier
- addressOf :: t -> AddressAny
- valueOf :: t -> Value
- refScriptOf :: t -> ReferenceScript Era
addOutput :: AddressAny -> Value -> Datum -> ReferenceScript Era -> TxModifier
removeOutput :: Output -> TxModifier
addKeyInput :: AddressAny -> Value -> Datum -> ReferenceScript Era -> TxModifier
addPlutusScriptInput :: IsPlutusScriptInEra lang => PlutusScript lang -> Value -> Datum -> Redeemer -> ReferenceScript Era -> TxModifier
addSimpleScriptInput :: SimpleScript -> Value -> ReferenceScript Era -> TxModifier
addReferenceScriptInput :: ScriptHash -> Value -> Datum -> Redeemer -> TxModifier
addKeyReferenceInput :: AddressAny -> Value -> Datum -> ReferenceScript Era -> TxModifier
addPlutusScriptReferenceInput :: IsPlutusScriptInEra lang => PlutusScript lang -> Value -> Datum -> ReferenceScript Era -> TxModifier
addSimpleScriptReferenceInput :: SimpleScript -> Value -> ReferenceScript Era -> TxModifier
removeInput :: Input -> TxModifier
changeRedeemerOf :: Input -> Redeemer -> TxModifier
changeValidityRange :: (TxValidityLowerBound Era, TxValidityUpperBound Era) -> TxModifier
changeValidityLowerBound :: TxValidityLowerBound Era -> TxModifier
changeValidityUpperBound :: TxValidityUpperBound Era -> TxModifier
replaceTx :: Tx Era -> UTxO Era -> TxModifier
data ThreatModel a where
- Named :: String -> ThreatModel a -> ThreatModel a
data ThreatModelEnv = ThreatModelEnv {
- currentTx :: Tx Era
- currentUTxOs :: UTxO Era
- pparams :: LedgerProtocolParameters Era
}
data ThreatModelOutcome
- = TMPassed
- | TMFailed String
- | TMSkipped
- | TMError String
threatModelEnvs :: NodeParams Era -> [Tx Era] -> MockChainState Era -> [ThreatModelEnv]
runThreatModel :: ThreatModel a -> [ThreatModelEnv] -> Property
runThreatModelM :: (MonadMockchain Era m, MonadFail m, MonadIO m) => SigningWallet -> ThreatModel a -> [ThreatModelEnv] -> m Property
runThreatModelMQuiet :: (MonadMockchain Era m, MonadFail m, MonadIO m) => SigningWallet -> ThreatModel a -> [ThreatModelEnv] -> m Property
runThreatModelCheck :: (MonadMockchain Era m, MonadFail m, MonadIO m) => SigningWallet -> ThreatModel a -> [ThreatModelEnv] -> m ThreatModelOutcome
runThreatModelCheckTraced :: (MonadMockchain Era m, MonadFail m, MonadIO m) => SigningWallet -> ThreatModel a -> [ThreatModelEnv] -> m (ThreatModelOutcome, [ThreatModelCheckEntry])
data ThreatModelCheckEntry = ThreatModelCheckEntry {
- tmceEnvIndex :: !Int
- tmceModifications :: !TxModifier
- tmceOriginalTx :: !(Tx Era)
- tmceOriginalUtxo :: !(UTxO Era)
- tmceModifiedTx :: !(Maybe (Tx Era))
- tmceModifiedUtxo :: !(UTxO Era)
- tmceValidation :: !(Maybe ValidityReport)
}
assertThreatModel :: ThreatModel a -> LedgerProtocolParameters Era -> [(Tx Era, UTxO Era)] -> Property
getThreatModelName :: ThreatModel a -> Maybe String
threatPrecondition :: ThreatModel a -> ThreatModel a
inPrecondition :: ThreatModel Bool
ensure :: Bool -> ThreatModel ()
ensureHasInputAt :: AddressAny -> ThreatModel ()
failPrecondition :: String -> ThreatModel a
shouldValidate :: TxModifier -> ThreatModel ()
shouldNotValidate :: TxModifier -> ThreatModel ()
data ValidityReport = ValidityReport {
- valid :: Bool
- errors :: [String]
}
validate :: TxModifier -> ThreatModel ValidityReport
getThreatModelEnv :: ThreatModel ThreatModelEnv
originalTx :: ThreatModel (Tx Era)
getTxInputs :: ThreatModel [Input]
getTxReferenceInputs :: ThreatModel [Input]
getTxOutputs :: ThreatModel [Output]
getRedeemer :: Input -> ThreatModel (Maybe Redeemer)
getTxRequiredSigners :: ThreatModel [Hash PaymentKey]
forAllTM :: Show a => Gen a -> (a -> [a]) -> ThreatModel a
pickAny :: Show a => [a] -> ThreatModel a
anySigner :: ThreatModel (Hash PaymentKey)
anyInput :: ThreatModel Input
anyReferenceInput :: ThreatModel Input
anyOutput :: ThreatModel Output
anyInputSuchThat :: (Input -> Bool) -> ThreatModel Input
anyReferenceInputSuchThat :: (Input -> Bool) -> ThreatModel Input
anyOutputSuchThat :: (Output -> Bool) -> ThreatModel Output
counterexampleTM :: String -> ThreatModel ()
tabulateTM :: String -> [String] -> ThreatModel ()
collectTM :: Show a => a -> ThreatModel ()
classifyTM :: Bool -> String -> ThreatModel ()
monitorThreatModel :: (Property -> Property) -> ThreatModel ()
monitorLocalThreatModel :: (Property -> Property) -> ThreatModel ()
data SigningWallet
- = AutoSign
- | SignWith Wallet
projectAda :: Value -> Value
leqValue :: Value -> Value -> Bool
keyAddressAny :: Hash PaymentKey -> AddressAny
scriptAddressAny :: ScriptHash -> AddressAny
isKeyAddressAny :: AddressAny -> Bool
txOutDatum :: ScriptData -> TxOutDatum CtxTx Era
toScriptData :: ToData a => a -> ScriptData
datumOfTxOut :: TxOut ctx Era -> TxOutDatum ctx Era
paragraph :: [String] -> String
prettyAddress :: AddressAny -> Doc
prettyValue :: Value -> Doc
prettyDatum :: Datum -> Doc
prettyInput :: Input -> Doc
prettyOutput :: Output -> Doc
module Cardano.Api

Transaction modifiers

Types

data TxModifier Source #

The type of transaction modifiers. When combined using the monoid instance, individual modifications are applied in left-to-right order.

Instances

Instances details

Monoid TxModifier Source #
Instance details Defined in Convex.ThreatModel.TxModifier Methods mempty :: TxModifier # mappend :: TxModifier -> TxModifier -> TxModifier # mconcat :: [TxModifier] -> TxModifier #
Semigroup TxModifier Source #
Instance details Defined in Convex.ThreatModel.TxModifier Methods (<>) :: TxModifier -> TxModifier -> TxModifier # sconcat :: NonEmpty TxModifier -> TxModifier # stimes :: Integral b => b -> TxModifier -> TxModifier #

data Input Source #

A transaction input reference togheter with the corresponding TxOut from the UTxO set.

Constructors

Input
Fields inputTxOut :: TxOut CtxUTxO Era inputTxIn :: TxIn

Instances

Instances details

Show Input Source #
Instance details Defined in Convex.ThreatModel.TxModifier Methods showsPrec :: Int -> Input -> ShowS # show :: Input -> String # showList :: [Input] -> ShowS #
IsInputOrOutput Input Source #
Instance details Defined in Convex.ThreatModel.TxModifier Methods changeAddressOf :: Input -> AddressAny -> TxModifier Source # changeValueOf :: Input -> Value -> TxModifier Source # changeDatumOf :: Input -> Datum -> TxModifier Source # changeRefScriptOf :: Input -> ReferenceScript Era -> TxModifier Source # addressOf :: Input -> AddressAny Source # valueOf :: Input -> Value Source # refScriptOf :: Input -> ReferenceScript Era Source #

data Output Source #

A transaction output paired with its index in the transaction.

Constructors

Output
Fields outputTxOut :: TxOut CtxTx Era outputIx :: TxIx

Instances

Instances details

Show Output Source #
Instance details Defined in Convex.ThreatModel.TxModifier Methods showsPrec :: Int -> Output -> ShowS # show :: Output -> String # showList :: [Output] -> ShowS #
IsInputOrOutput Output Source #
Instance details Defined in Convex.ThreatModel.TxModifier Methods changeAddressOf :: Output -> AddressAny -> TxModifier Source # changeValueOf :: Output -> Value -> TxModifier Source # changeDatumOf :: Output -> Datum -> TxModifier Source # changeRefScriptOf :: Output -> ReferenceScript Era -> TxModifier Source # addressOf :: Output -> AddressAny Source # valueOf :: Output -> Value Source # refScriptOf :: Output -> ReferenceScript Era Source #

type Datum = TxOutDatum CtxTx Era Source #

Type synonym for datums. The CtxTx context means that the actual datum value can be present, not just the hash.

type Redeemer = ScriptData Source #

Redeemers are plain ScriptData.

Modifiers

class IsInputOrOutput t where Source #

Functions common to both Inputs and Outputs.

Methods

changeAddressOf :: t -> AddressAny -> TxModifier Source #

Change the target address of an input or an output. For outputs this means redirecting an output to a different address, and for inputs it means modifying the UTxO set, changing the owner of the given input.

Note: Does not work for script inputs.

changeValueOf :: t -> Value -> TxModifier Source #

Change the value of an input or an output.

changeDatumOf :: t -> Datum -> TxModifier Source #

Change the datum on an input or an output.

changeRefScriptOf :: t -> ReferenceScript Era -> TxModifier Source #

Change the reference script on an input or an output

addressOf :: t -> AddressAny Source #

Get the address (pubkey or script address) of an input or an output.

valueOf :: t -> Value Source #

Get the value at an input or an output.

refScriptOf :: t -> ReferenceScript Era Source #

Get the reference script at an input or an output.

Instances

Instances details

IsInputOrOutput Input Source #
Instance details Defined in Convex.ThreatModel.TxModifier Methods changeAddressOf :: Input -> AddressAny -> TxModifier Source # changeValueOf :: Input -> Value -> TxModifier Source # changeDatumOf :: Input -> Datum -> TxModifier Source # changeRefScriptOf :: Input -> ReferenceScript Era -> TxModifier Source # addressOf :: Input -> AddressAny Source # valueOf :: Input -> Value Source # refScriptOf :: Input -> ReferenceScript Era Source #
IsInputOrOutput Output Source #
Instance details Defined in Convex.ThreatModel.TxModifier Methods changeAddressOf :: Output -> AddressAny -> TxModifier Source # changeValueOf :: Output -> Value -> TxModifier Source # changeDatumOf :: Output -> Datum -> TxModifier Source # changeRefScriptOf :: Output -> ReferenceScript Era -> TxModifier Source # addressOf :: Output -> AddressAny Source # valueOf :: Output -> Value Source # refScriptOf :: Output -> ReferenceScript Era Source #

addOutput :: AddressAny -> Value -> Datum -> ReferenceScript Era -> TxModifier Source #

Add a new output of any type (public key or script)

removeOutput :: Output -> TxModifier Source #

Remove an output of any type.

addKeyInput :: AddressAny -> Value -> Datum -> ReferenceScript Era -> TxModifier Source #

Add a new public key input.

addPlutusScriptInput :: IsPlutusScriptInEra lang => PlutusScript lang -> Value -> Datum -> Redeemer -> ReferenceScript Era -> TxModifier Source #

Add a plutus V2 script input.

addSimpleScriptInput :: SimpleScript -> Value -> ReferenceScript Era -> TxModifier Source #

Add a simple script input.

addReferenceScriptInput :: ScriptHash -> Value -> Datum -> Redeemer -> TxModifier Source #

Add a reference script input

addKeyReferenceInput :: AddressAny -> Value -> Datum -> ReferenceScript Era -> TxModifier Source #

Add a new public key reference input.

addPlutusScriptReferenceInput :: IsPlutusScriptInEra lang => PlutusScript lang -> Value -> Datum -> ReferenceScript Era -> TxModifier Source #

Add a plutus script reference input.

addSimpleScriptReferenceInput :: SimpleScript -> Value -> ReferenceScript Era -> TxModifier Source #

Add a simple script reference input.

removeInput :: Input -> TxModifier Source #

Remove an input of any type.

changeRedeemerOf :: Input -> Redeemer -> TxModifier Source #

Change the redeemer of a script input.

changeValidityRange :: (TxValidityLowerBound Era, TxValidityUpperBound Era) -> TxModifier Source #

Change the validity range of the transaction.

changeValidityLowerBound :: TxValidityLowerBound Era -> TxModifier Source #

Change the validity lower bound of the transaction.

changeValidityUpperBound :: TxValidityUpperBound Era -> TxModifier Source #

Change the validity upper bound of the transaction.

replaceTx :: Tx Era -> UTxO Era -> TxModifier Source #

The most general transaction modifier. Simply replace the original transaction and UTxO set by the given values. In most cases the modifiers above should be sufficient.

Threat models

data ThreatModel a where Source #

The threat model monad is how you construct threat models. It works in the context of a given transaction and the UTxO set at the point where the transaction was validated (see ThreatModelEnv) and lets you construct properties about the validatity of modifications of the original transaction.

Constructors

Named
Fields :: String Threat model name -> ThreatModel a The wrapped threat model -> ThreatModel a

Instances

Instances details

MonadFail ThreatModel Source #
Instance details Defined in Convex.ThreatModel Methods fail :: String -> ThreatModel a #
Applicative ThreatModel Source #
Instance details Defined in Convex.ThreatModel Methods pure :: a -> ThreatModel a # (<>) :: ThreatModel (a -> b) -> ThreatModel a -> ThreatModel b # liftA2 :: (a -> b -> c) -> ThreatModel a -> ThreatModel b -> ThreatModel c # (>) :: ThreatModel a -> ThreatModel b -> ThreatModel b # (<*) :: ThreatModel a -> ThreatModel b -> ThreatModel a #
Functor ThreatModel Source #
Instance details Defined in Convex.ThreatModel Methods fmap :: (a -> b) -> ThreatModel a -> ThreatModel b # (<$) :: a -> ThreatModel b -> ThreatModel a #
Monad ThreatModel Source #
Instance details Defined in Convex.ThreatModel Methods (>>=) :: ThreatModel a -> (a -> ThreatModel b) -> ThreatModel b # (>>) :: ThreatModel a -> ThreatModel b -> ThreatModel b # return :: a -> ThreatModel a #

data ThreatModelEnv Source #

The context in which a ThreatModel is executed. Contains a transaction, its UTxO set and the protocol parameters. See getThreatModelEnv and originalTx to access this information in a threat model.

Constructors

ThreatModelEnv
Fields currentTx :: Tx Era currentUTxOs :: UTxO Era pparams :: LedgerProtocolParameters Era

data ThreatModelOutcome Source #

Structured outcome of running a threat model against a transaction.

Constructors

TMPassed	At least one transaction was tested, all checks passed
TMFailed String	A check failed, with error details
TMSkipped	Preconditions were never met (all transactions skipped)
TMError String	Threat model crashed with an exception

Instances

Instances details

Show ThreatModelOutcome Source #
Instance details Defined in Convex.ThreatModel Methods showsPrec :: Int -> ThreatModelOutcome -> ShowS # show :: ThreatModelOutcome -> String # showList :: [ThreatModelOutcome] -> ShowS #
Eq ThreatModelOutcome Source #
Instance details Defined in Convex.ThreatModel Methods (==) :: ThreatModelOutcome -> ThreatModelOutcome -> Bool # (/=) :: ThreatModelOutcome -> ThreatModelOutcome -> Bool #

threatModelEnvs :: NodeParams Era -> [Tx Era] -> MockChainState Era -> [ThreatModelEnv] Source #

Create ThreatModelEnvs by reapplying the given transactions in order, starting with the given chain state.

runThreatModel :: ThreatModel a -> [ThreatModelEnv] -> Property Source #

runThreatModelM :: (MonadMockchain Era m, MonadFail m, MonadIO m) => SigningWallet -> ThreatModel a -> [ThreatModelEnv] -> m Property Source #

Run threat model inside MockchainT with full Phase 1 + Phase 2 validation.

Unlike runThreatModel which only validates Phase 2 (script execution), this version uses re-balancing and re-signing for modified transactions, then performs full Phase 1 + Phase 2 validation via applyTransaction.

This catches vulnerabilities that would be masked by signature/fee failures in the simpler Phase 2-only validation.

The wallet parameter controls signing: - SignWith wallet - use the specified wallet for signing - AutoSign - detect the signing wallet from the transaction's witnesses

Usage: result <- runMockchain0IOWith utxos params $ do -- ... run your actions to get a transaction ... runThreatModelM (SignWith Wallet.w1) unprotectedScriptOutput [env] -- or auto-detect: runThreatModelM AutoSign unprotectedScriptOutput [env]

runThreatModelMQuiet :: (MonadMockchain Era m, MonadFail m, MonadIO m) => SigningWallet -> ThreatModel a -> [ThreatModelEnv] -> m Property Source #

Like runThreatModelM but suppresses verbose counterexample annotations.

This is useful for expectFailure tests where you want the test to fail (proving vulnerability exists) but don't want the lengthy counterexample output cluttering test results.

The property still succeedsfails correctly based on shouldValidateshouldNotValidate checks, but Monitor/MonitorLocal annotations (counterexampleTM, etc.) are ignored.

The wallet parameter controls signing (see runThreatModelM for details).

runThreatModelCheck :: (MonadMockchain Era m, MonadFail m, MonadIO m) => SigningWallet -> ThreatModel a -> [ThreatModelEnv] -> m ThreatModelOutcome Source #

Run a threat model and return a structured outcome instead of a Property. Coverage is still accumulated in MockChainState as a side effect.

Rebalancing failures (e.g., "No change output found") are treated as skipped because they indicate the transaction modification cannot be applied to this particular transaction, similar to a precondition failure.

The wallet parameter controls signing: - SignWith wallet - use the specified wallet for signing - AutoSign - detect the signing wallet from the transaction's witnesses

runThreatModelCheckTraced :: (MonadMockchain Era m, MonadFail m, MonadIO m) => SigningWallet -> ThreatModel a -> [ThreatModelEnv] -> m (ThreatModelOutcome, [ThreatModelCheckEntry]) Source #

Like runThreatModelCheck but additionally accumulates trace data. Each Validate call in the threat model produces a ThreatModelCheckEntry. Coverage is still accumulated in MockChainState as a side effect.

data ThreatModelCheckEntry Source #

A single trace entry from a threat model check against one ThreatModelEnv.

Constructors

ThreatModelCheckEntry

Fields

tmceEnvIndex :: !Int
Which env (tx) was tested
tmceModifications :: !TxModifier
The modifications applied
tmceOriginalTx :: !(Tx Era)
The original transaction
tmceOriginalUtxo :: !(UTxO Era)
The original UTxO
tmceModifiedTx :: !(Maybe (Tx Era))
The rebalanced modified tx (Nothing if rebalancing failed)
tmceModifiedUtxo :: !(UTxO Era)
The modified UTxO
tmceValidation :: !(Maybe ValidityReport)
Nothing if rebalancing failed (skipped)

assertThreatModel :: ThreatModel a -> LedgerProtocolParameters Era -> [(Tx Era, UTxO Era)] -> Property Source #

Evaluate a ThreatModel on a list of transactions.

getThreatModelName :: ThreatModel a -> Maybe String Source #

Extract the name from a threat model, if it was defined with Named.

Preconditions

threatPrecondition :: ThreatModel a -> ThreatModel a Source #

Check a precondition. If the argument threat model fails, the evaluation of the current transaction is skipped. If all transactions in an evaluation of runThreatModel are skipped it is considered a discarded test for QuickCheck.

Having the argument to threatPrecondition be a threat model computation instead of a plain boolean allows you do express preconditions talking about the validation of modified transactions (using shouldValidate and shouldNotValidate). See ensure for the boolean version.

inPrecondition :: ThreatModel Bool Source #

Returns True if evaluated under a threatPrecondition and False otherwise.

ensure :: Bool -> ThreatModel () Source #

Same as threatPrecondition but takes a boolean and skips the test if the argument is False.

ensureHasInputAt :: AddressAny -> ThreatModel () Source #

Precondition that check that the original transaction has an input at a given address. Useful, for example, to ensure that you only consider transactions that trie to spend a script output from the script under test.

failPrecondition :: String -> ThreatModel a Source #

Validation

shouldValidate :: TxModifier -> ThreatModel () Source #

Check that a given modification of the original transaction validates. The modified transaction is printed in counterexample when this fails, or if it succeeds in a precondition and the test fails later.

shouldNotValidate :: TxModifier -> ThreatModel () Source #

Check that a given modification of the original transaction does not validate. The modified transaction is printed in counterexample when it does validate, or if it doesn't in a satisfied precondition and the test fails later.

data ValidityReport Source #

The result of validating a transaction. In case of failure, it includes a list of reasons.

Constructors

ValidityReport
Fields valid :: Bool errors :: [String]

Instances

Instances details

Show ValidityReport Source #
Instance details Defined in Convex.ThreatModel.Cardano.Api Methods showsPrec :: Int -> ValidityReport -> ShowS # show :: ValidityReport -> String # showList :: [ValidityReport] -> ShowS #
Eq ValidityReport Source #
Instance details Defined in Convex.ThreatModel.Cardano.Api Methods (==) :: ValidityReport -> ValidityReport -> Bool # (/=) :: ValidityReport -> ValidityReport -> Bool #
Ord ValidityReport Source #
Instance details Defined in Convex.ThreatModel.Cardano.Api Methods compare :: ValidityReport -> ValidityReport -> Ordering # (<) :: ValidityReport -> ValidityReport -> Bool # (<=) :: ValidityReport -> ValidityReport -> Bool # (>) :: ValidityReport -> ValidityReport -> Bool # (>=) :: ValidityReport -> ValidityReport -> Bool # max :: ValidityReport -> ValidityReport -> ValidityReport # min :: ValidityReport -> ValidityReport -> ValidityReport #

validate :: TxModifier -> ThreatModel ValidityReport Source #

The most low-level way to validate a modified transaction. In most cases shouldValidate and shouldNotValidate are preferred.

Querying the environment

getThreatModelEnv :: ThreatModel ThreatModelEnv Source #

Get the current context.

originalTx :: ThreatModel (Tx Era) Source #

Get the original transaction from the context.

getTxInputs :: ThreatModel [Input] Source #

Get the inputs from the original transaction.

getTxReferenceInputs :: ThreatModel [Input] Source #

Get the reference inputs from the original transaction.

getTxOutputs :: ThreatModel [Output] Source #

Get the outputs from the original transaction.

getRedeemer :: Input -> ThreatModel (Maybe Redeemer) Source #

Get the redeemer (if any) for an input of the original transaction.

getTxRequiredSigners :: ThreatModel [Hash PaymentKey] Source #

Get the required signers from the original transaction body.

Random generation

forAllTM :: Show a => Gen a -> (a -> [a]) -> ThreatModel a Source #

Generate a random value. Takes a QuickCheck generator and a shrink function.

pickAny :: Show a => [a] -> ThreatModel a Source #

Pick a random value from a list. Skips the test if the list is empty.

anySigner :: ThreatModel (Hash PaymentKey) Source #

Pick a random signer of the original transaction.

anyInput :: ThreatModel Input Source #

Pick a random input

anyReferenceInput :: ThreatModel Input Source #

Pick a random reference input

anyOutput :: ThreatModel Output Source #

Pick a random output

anyInputSuchThat :: (Input -> Bool) -> ThreatModel Input Source #

Pick a random input satisfying the given predicate.

anyReferenceInputSuchThat :: (Input -> Bool) -> ThreatModel Input Source #

Pick a random reference input satisfying the given predicate.

anyOutputSuchThat :: (Output -> Bool) -> ThreatModel Output Source #

Pick a random output satisfying the given predicate.

Monitoring

counterexampleTM :: String -> ThreatModel () Source #

Print the given string in case this threat model fails. Threat model counterpart of the QuickCheck counterexample function.

tabulateTM :: String -> [String] -> ThreatModel () Source #

Threat model counterpart of QuickCheck's tabulate function.

collectTM :: Show a => a -> ThreatModel () Source #

Threat model counterpart of QuickCheck's collect function.

classifyTM :: Bool -> String -> ThreatModel () Source #

Threat model counterpart of QuickCheck's classify function.

monitorThreatModel :: (Property -> Property) -> ThreatModel () Source #

Monitoring that's shared between all transactions evaulated. Avoid this in favour of tabulateTM, collectTM and classifyTM when possible.

monitorLocalThreatModel :: (Property -> Property) -> ThreatModel () Source #

Monitoring that's local to the current transaction. Use counterexampleTM when possible.

Wallet selection

data SigningWallet Source #

How to determine the wallet for re-balancing and re-signing modified transactions.

Constructors

AutoSign	Detect the signing wallet automatically from the transaction's witnesses.
SignWith Wallet	Use the specified wallet for signing.

Cardano API helpers

Some convenience functions making it easier to work with Cardano API.

projectAda :: Value -> Value Source #

Keep only the Ada part of a value.

leqValue :: Value -> Value -> Bool Source #

Check if a value is less or equal than another value.

Addresses

keyAddressAny :: Hash PaymentKey -> AddressAny Source #

Construct a public key address.

scriptAddressAny :: ScriptHash -> AddressAny Source #

Construct a script address.

isKeyAddressAny :: AddressAny -> Bool Source #

Check if an address is a public key address.

Datums

txOutDatum :: ScriptData -> TxOutDatum CtxTx Era Source #

Convert ScriptData to a Datum.

toScriptData :: ToData a => a -> ScriptData Source #

Convert a Haskell value to ScriptData for use as a Redeemer or convert to a Datum with txOutDatum.

datumOfTxOut :: TxOut ctx Era -> TxOutDatum ctx Era Source #

Get the datum from a transaction output.

Pretty printing

The framework already prints the original transaction and the results of validating modified transactions in counterexamples. To include more information you can use counterexampleTM with the functions below.

paragraph :: [String] -> String Source #

Format a list of strings as a paragraph. The structure of the list is not considered other than inserting whitespace between consecutive elements. Use with counterexampleTM when printing longer texts.

prettyAddress :: AddressAny -> Doc Source #

prettyValue :: Value -> Doc Source #

prettyDatum :: Datum -> Doc Source #

prettyInput :: Input -> Doc Source #

prettyOutput :: Output -> Doc Source #

module Cardano.Api