Fix entry point id lookup in initial actions collection #82
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
False alert, all seems good here. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When an attack graph gets constructed, nodes are added to it with IDs that are sequential and map exactly to the nodes' indices in the graph's node list. (In case we are loading from a file, the node IDs are used as described in the file; but this makes no difference to the rest of the discussion).
In the simulator, when an attack graph gets loaded, pruning of nonviable and unnecessary nodes may happen:
mal-simulator/malsim/sims/mal_simulator.py
Lines 83 to 85 in 599e47a
(BTW, wouldn't it be more fitting if
prune_unviable_unnecessary) was a sim setting?)This will result in indices in
attack_graph.nodesnot mapping to thenode.ids anymore. That's fine, we have theMalSimulator._id_to_indexand_index_to_idproperties to follow the nodes in the list.The issue here, when collecting the initial actions, is that there is no reason to go from the
node.idto the list index. If truncation is in place this will result in the wrong node being picked up. There is no way for the user to control this, at least if they start with a handcrafted model file, or one generated via Securicad (and potentially the KTH UI tool), together with a MAL file; node IDs do not appear in any of those.I believe there is a broader issue in the simulator when truncation happens, i.e. there may be more places where the translation between indices and node IDs is either missing or messing. For example a few lines below my edit, for the defender.