Fix second part of #46

microsoft · May 24, 2022 · c5fda81 · c5fda81
1 parent ddb99f9
commit c5fda81
Show file tree

Hide file tree

Showing 4 changed files with 13,483 additions and 223 deletions.
diff --git a/cyberbattle/_env/cyberbattle_env.py b/cyberbattle/_env/cyberbattle_env.py
@@ -340,9 +340,9 @@ def validate_environment(self, environment: model.Environment):
 
         if effective_maximum_credentials_per_action > self.__bounds.maximum_discoverable_credentials_per_action:
             raise ValueError(
-                f"Some action in the environment returns {effective_maximum_credentials_per_action}"
-                f"credentials which exceeds the maximum number of discoverable credentials"
-                f"{self.__bounds.maximum_discoverable_credentials_per_action}")
+                f"Some action in the environment returns {effective_maximum_credentials_per_action} "
+                f"credentials which exceeds the maximum number of discoverable credentials "
+                f"of {self.__bounds.maximum_discoverable_credentials_per_action}")
 
         refeerenced_ports = model.collect_ports_from_environment(environment)
         undefined_ports = set(refeerenced_ports).difference(environment.identifiers.ports)

diff --git a/cyberbattle/_env/cyberbattle_random.py b/cyberbattle/_env/cyberbattle_random.py
@@ -12,4 +12,4 @@ class CyberBattleRandom(cyberbattle_env.CyberBattleEnv):
 
     def __init__(self):
         super().__init__(initial_environment=generate_network.new_environment(n_servers_per_protocol=15),
-                         maximum_discoverable_credentials_per_action=15)
+                         maximum_discoverable_credentials_per_action=32)
diff --git a/cyberbattle/simulation/generate_network.py b/cyberbattle/simulation/generate_network.py
@@ -249,22 +249,31 @@ def create_vulnerabilities_from_traffic_data(node_id: m.NodeID):
                             firewall=firewall_conf,
                             reimagable=False)})
 
-    def create_node_data(node_id: m.NodeID):
+    def create_node_data_without_vulnerabilities(node_id: m.NodeID):
         return m.NodeInfo(
             services=[m.ListeningService(name=port, allowedCredentials=assigned_passwords[(target_node, port)])
                       for (target_node, port) in assigned_passwords.keys()
                       if target_node == node_id
                       ],
             value=random.randint(0, 100),
-            vulnerabilities=create_vulnerabilities_from_traffic_data(node_id),
             agent_installed=False,
             firewall=firewall_conf
         )
 
+    # Step 1: Create all the nodes with associated services and firewall configuration
     for node in list(graph.nodes):
         if node != entry_node_id:
             graph.nodes[node].clear()
-            graph.nodes[node].update({'data': create_node_data(node)})
+            graph.nodes[node].update({'data': create_node_data_without_vulnerabilities(node)})
+
+    # Step 2: Assign vulnerabilities to each node.
+    # This must be a separate step because vulnerabilities definitions
+    # may depend on the passwords assigned to the nodes in Step 1.
+    for node in list(graph.nodes):
+        if node != entry_node_id:
+            node_data = graph.nodes[node]['data']
+            node_data.vulnerabilities = create_vulnerabilities_from_traffic_data(node)
+            graph.nodes[node].update({'data': node_data})
 
     # remove all the edges inherited from the network graph
     graph.clear_edges()

diff --git a/notebooks/randomnetwork.ipynb b/notebooks/randomnetwork.ipynb