diff --git a/src/primaite/acl/access_control_list.py b/src/primaite/acl/access_control_list.py index 219ba002..9cc1225a 100644 --- a/src/primaite/acl/access_control_list.py +++ b/src/primaite/acl/access_control_list.py @@ -23,20 +23,12 @@ class AccessControlList: # A list of ACL Rules self._acl: List[ACLRule] = [] # Implicit rule - - @property - def acl_implicit_rule(self): - """ACL implicit rule class attribute with added logic to change it depending on option in main_config.""" - # Create implicit rule based on input + self.acl_implicit_rule = None if self.apply_implicit_rule: if self.acl_implicit_permission == "DENY": - return ACLRule("DENY", "ANY", "ANY", "ANY", "ANY") + self.acl_implicit_rule = ACLRule("DENY", "ANY", "ANY", "ANY", "ANY") elif self.acl_implicit_permission == "ALLOW": - return ACLRule("ALLOW", "ANY", "ANY", "ANY", "ANY") - else: - return None - else: - return None + self.acl_implicit_rule = ACLRule("ALLOW", "ANY", "ANY", "ANY", "ANY") @property def acl(self): diff --git a/src/primaite/environment/observations.py b/src/primaite/environment/observations.py index eb7ad2bf..2aacda8f 100644 --- a/src/primaite/environment/observations.py +++ b/src/primaite/environment/observations.py @@ -352,7 +352,6 @@ class AccessControlList(AbstractObservationComponent): len(env.ports_list), env.max_number_acl_rules, ] - len(acl_shape) # shape = acl_shape shape = acl_shape * self.env.max_number_acl_rules @@ -446,7 +445,6 @@ class AccessControlList(AbstractObservationComponent): position += 1 self.current_observation = obs - print("current observation space:", self.current_observation) class ObservationsHandler: diff --git a/tests/config/single_action_space_lay_down_config.yaml b/tests/config/single_action_space_lay_down_config.yaml index c80c0bab..0b947a5f 100644 --- a/tests/config/single_action_space_lay_down_config.yaml +++ b/tests/config/single_action_space_lay_down_config.yaml @@ -1,9 +1,9 @@ - item_type: PORTS ports_list: - - port: '21' + - port: '80' - item_type: SERVICES service_list: - - name: ftp + - name: TCP - item_type: NODE node_id: '1' name: node @@ -15,8 +15,8 @@ software_state: GOOD file_system_state: GOOD services: - - name: ftp - port: '21' + - name: TCP + port: '80' state: COMPROMISED - item_type: NODE node_id: '2' @@ -29,8 +29,8 @@ software_state: GOOD file_system_state: GOOD services: - - name: ftp - port: '21' + - name: TCP + port: '80' state: COMPROMISED - item_type: POSITION positions: @@ -45,7 +45,7 @@ start_step: 2 end_step: 15 load: 1000 - protocol: ftp + protocol: TCP port: CORRUPT source: '1' destination: '2' diff --git a/tests/test_single_action_space.py b/tests/test_single_action_space.py index 78764976..f12d160c 100644 --- a/tests/test_single_action_space.py +++ b/tests/test_single_action_space.py @@ -9,7 +9,7 @@ from tests.conftest import _get_primaite_env_from_config def run_generic_set_actions(env: Primaite): """Run against a generic agent with specified blue agent actions.""" # Reset the environment at the start of the episode - # env.reset() + env.reset() training_config = env.training_config for episode in range(0, training_config.num_episodes): for step in range(0, training_config.num_steps): @@ -96,7 +96,11 @@ def test_agent_is_executing_actions_from_both_spaces(): # Length of this list tells you how many items are in the dictionary # This number is the frequency of Access Control Rules in the environment # In the scenario, we specified that the agent should create only 1 acl rule - num_of_rules = len(acl_rules_list) + # This 1 rule added to the implicit deny means there should be 2 rules in total. + rules_count = 0 + for rule in acl_rules_list: + if rule != -1: + rules_count += 1 # Therefore these statements below MUST be true assert computer_node_hardware_state == HardwareState.OFF - assert num_of_rules == 1 + assert rules_count == 2