ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2025-06-13 04:38:19 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Regen docsite

Browse Source
This commit is contained in:
Mike Hearn
2016-10-11 11:30:55 +02:00
parent b094b0f4df
commit f4b113cc7e
1182 changed files with 20582 additions and 11059 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
docs/build/html/secure-coding-guidelines.html vendored
View File

@ -93,6 +93,7 @@
<li class="toctree-l1"><a class="reference internal" href="transaction-data-types.html">Data types</a></li>
<li class="toctree-l1"><a class="reference internal" href="consensus.html">Consensus model</a></li>
<li class="toctree-l1"><a class="reference internal" href="messaging.html">Networking and messaging</a></li>
<li class="toctree-l1"><a class="reference internal" href="persistence.html">Persistence</a></li>
<li class="toctree-l1"><a class="reference internal" href="creating-a-cordapp.html">Creating a Cordapp</a></li>
<li class="toctree-l1"><a class="reference internal" href="running-the-demos.html">Running the demos</a></li>
<li class="toctree-l1"><a class="reference internal" href="node-administration.html">Node administration</a></li>
@ -104,12 +105,16 @@
<li class="toctree-l1"><a class="reference internal" href="tutorial-contract.html">Writing a contract</a></li>
<li class="toctree-l1"><a class="reference internal" href="tutorial-contract-clauses.html">Writing a contract using clauses</a></li>
<li class="toctree-l1"><a class="reference internal" href="tutorial-test-dsl.html">Writing a contract test</a></li>
<li class="toctree-l1"><a class="reference internal" href="tutorial-clientrpc-api.html">Client RPC API</a></li>
<li class="toctree-l1"><a class="reference internal" href="protocol-state-machines.html">Protocol state machines</a></li>
<li class="toctree-l1"><a class="reference internal" href="oracles.html">Writing oracle services</a></li>
<li class="toctree-l1"><a class="reference internal" href="tutorial-attachments.html">Using attachments</a></li>
<li class="toctree-l1"><a class="reference internal" href="event-scheduling.html">Event scheduling</a></li>
<li class="toctree-l1 current"><a class="current reference internal" href="#">Secure coding guidelines</a></li>
<li class="toctree-l1"><a class="reference internal" href="#protocols">Protocols</a></li>
<li class="toctree-l1"><a class="reference internal" href="#contracts">Contracts</a></li>
<li class="toctree-l1 current"><a class="current reference internal" href="#">Secure coding guidelines</a><ul>
<li class="toctree-l2"><a class="reference internal" href="#protocols">Protocols</a></li>
<li class="toctree-l2"><a class="reference internal" href="#contracts">Contracts</a></li>
</ul>
</li>
</ul>
<p class="caption"><span class="caption-text">Contracts</span></p>
<ul>
@ -180,9 +185,8 @@ to block various kinds of attack. Whilst it may be tempting to just assume no re
attempt to subvert your trades using protocol level attacks, relying on trust for software security makes it
harder to scale up your operations later when you might want to add counterparties quickly and without
extensive vetting.</p>
</div>
<div class="section" id="protocols">
<h1>Protocols<a class="headerlink" href="#protocols" title="Permalink to this headline"></a></h1>
<h2>Protocols<a class="headerlink" href="#protocols" title="Permalink to this headline"></a></h2>
<p><a class="reference internal" href="protocol-state-machines.html"><span class="doc">Protocol state machines</span></a> are how your app communicates with other parties on the network. Therefore they
are the typical entry point for malicious data into your app and must be treated with care.</p>
<p>The <code class="docutils literal"><span class="pre">receive</span></code> methods return data wrapped in the <code class="docutils literal"><span class="pre">UntrustworthyData&lt;T&gt;</span></code> marker type. This type doesn&#8217;t add
@ -207,7 +211,7 @@ sides of the protocol.</li>
are about to sign, and that nothing has changed in the small print!</p>
</div>
<div class="section" id="contracts">
<h1>Contracts<a class="headerlink" href="#contracts" title="Permalink to this headline"></a></h1>
<h2>Contracts<a class="headerlink" href="#contracts" title="Permalink to this headline"></a></h2>
<p>Contracts are arbitrary functions inside a JVM sandbox and therefore they have a lot of leeway to shoot themselves
in the foot. Things to watch out for:</p>
<ul class="simple">
@ -216,6 +220,7 @@ fields are changing except the intended fields!</li>
<li>Accidentally catching and discarding exceptions that might be thrown by validation logic.</li>
<li>Calling into other contracts via virtual methods if you don&#8217;t know what those other contracts are or might do.</li>
</ul>
</div>
</div>