Closed jesajx closed 3 years ago
If a particular vulnerability does not require a specific condition it should automatically trigger that step. So the and attack step is correct. I have messaged you on slack and maybe we can investigate the particular model that is causing you issues.
After discussing the matter with @jesajx we've determined that the issue is a bug in the SoftwareProduct code that I already have a fix for. I will close this bug and mention the commit once it has been pushed upstream.
Fix(79edf959cda10a860336f661981ce6bd5da08d25) was merged into master.
Application.softwareProductAbuse
has very high requirements to compromise. Maybe it should be an OR-node? You currently need physical access, local access, network access, low privileges AND high privileges all at the same time -- probably a bug.I have a working coreLang 0.1.0 model of a malicious firmware installation scenario. When attempting to port it to coreLang 0.2.0 I run into issues with
Application.softwareProductAbuse
.