There are multiple aspects to this pull request. Many of them are refactoring and having attack steps behave according to a common pattern, in this respect this pull request is very relevant as a template for the future #77 effort.
First, have attack steps on Data propagate to Data contained in Data based on the impact attack steps(Read, Write, Delete, and Deny) rather than propagating Access.
Second, as a result of the above mentioned change, a small bug was fixed that meant that Data contained in Data was not properly impacted if it was compromised via SpecificAccess and an Identity that provided the privileges.
Third, have the Data impact attack steps themselves propagate the disruption one level at a time rather than using the * recursion.
Fourth, rename the attack steps to fit the new IAMObject superclass concept from Identity[Read|Write|Delete] to Authorized[Read|Write|Delete].
There are multiple aspects to this pull request. Many of them are refactoring and having attack steps behave according to a common pattern, in this respect this pull request is very relevant as a template for the future #77 effort.
First, have attack steps on
Data
propagate toData
contained inData
based on the impact attack steps(Read
,Write
,Delete
, andDeny
) rather than propagatingAccess
.Second, as a result of the above mentioned change, a small bug was fixed that meant that
Data
contained inData
was not properly impacted if it was compromised viaSpecificAccess
and anIdentity
that provided the privileges.Third, have the
Data
impact attack steps themselves propagate the disruption one level at a time rather than using the*
recursion.Fourth, rename the attack steps to fit the new
IAMObject
superclass concept fromIdentity[Read|Write|Delete]
toAuthorized[Read|Write|Delete]
.