I put an example failing test case here.
Basically:
abstract asset ParentAsset {
| attemptAbuse
-> abuse
& abuse
}
asset ChildAsset extends ParentAsset {
| attemptAbuse @Override
-> meh // Note that "abuse" is removed.
| meh
-> abuse
}
asset: ChildAsset
attack(asset.attemptAbuse)
assertCompromised(asset.abuse) // fails!
If I attack ChildAsset.attemptAbuse then ChildAsset.abuse is not compromised! This seem to be caused by ChildAsset.abuse being deleted from the children of ChildAsset.attemptAbuse -- while ChildAsset.attemptAbuse is not deleted from the expectedParents of ChildAsset.abuse. This breaks the AttackStepMax.updateTtc method.
I found this bug when trying to override ManuallyModeledVulnerability in coreLang. I tried to introduce intermediate paths between attemptAbuse and abuse.
I put an example failing test case here.
Basically:
If I attack
ChildAsset.attemptAbusethenChildAsset.abuseis not compromised! This seem to be caused byChildAsset.abusebeing deleted from the children ofChildAsset.attemptAbuse-- whileChildAsset.attemptAbuseis not deleted from theexpectedParentsofChildAsset.abuse. This breaks theAttackStepMax.updateTtcmethod.I found this bug when trying to override
ManuallyModeledVulnerabilityin coreLang. I tried to introduce intermediate paths betweenattemptAbuseandabuse.