Skip to content

[Bug] Using override to delete edges causes mismatch in expectedParents and children #51

Description

@jesajx

I put an example failing test case here.

Basically:

abstract asset ParentAsset {
  | attemptAbuse
    -> abuse

  & abuse
}
asset ChildAsset extends ParentAsset {
  | attemptAbuse @Override
    -> meh   //  Note that "abuse" is removed.

  | meh
    -> abuse
}
asset: ChildAsset

attack(asset.attemptAbuse)

assertCompromised(asset.abuse)   // fails!

If I attack ChildAsset.attemptAbuse then ChildAsset.abuse is not compromised! This seem to be caused by ChildAsset.abuse being deleted from the children of ChildAsset.attemptAbuse -- while ChildAsset.attemptAbuse is not deleted from the expectedParents of ChildAsset.abuse. This breaks the AttackStepMax.updateTtc method.

I found this bug when trying to override ManuallyModeledVulnerability in coreLang. I tried to introduce intermediate paths between attemptAbuse and abuse.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions