mike1813
commented
5 months ago This was fixed in branch 40, and the pull request raised to merge into branch 6a, so this issue can now be closed.
Closed mike1813 closed 5 months ago
mike1813
commented
5 months ago This was fixed in branch 40, and the pull request raised to merge into branch 6a, so this issue can now be closed.
Threat P.E.PDI+DO-DS-S.9 is a modelling error threat that is supposed to detect cases where a process uses data as input, but the data cannot be accessed by the process. This variant covers cases where the data isn't stored anywhere, so it must come direct from a process that creates the data as output. There is a bug in the threat pattern - the node representing a stored copy should be 'prohibited' but it is tagged as 'mandatory'.