mal-toolbox 0.0.28__py3-none-any.whl → 0.1.12__py3-none-any.whl

{mal_toolbox-0.0.28.dist-info → mal_toolbox-0.1.12.dist-info}/METADATA

@@ -1,8 +1,8 @@
-Metadata-Version: 2.1
+Metadata-Version: 2.2
 Name: mal-toolbox
-Version: 0.0.28
+Version: 0.1.12
 Summary: A collection of tools used to create MAL models and attack graphs.
-Author-email: Andrei Buhaiu <buhaiu@kth.se>, Giuseppe Nebbione <nebbione@kth.se>, Nikolaos Kakouros <nkak@kth.se>, Jakob Nyberg <jaknyb@kth.se>
+Author-email: Andrei Buhaiu <buhaiu@kth.se>, Giuseppe Nebbione <nebbione@kth.se>, Nikolaos Kakouros <nkak@kth.se>, Jakob Nyberg <jaknyb@kth.se>, Joakim Loxdal <loxdal@kth.se>
 License: Apache Software License
 Project-URL: Homepage, https://github.com/mal-lang/mal-toolbox
 Project-URL: Bug Tracker, https://github.com/mal-lang/mal-toolbox/issues
@@ -18,19 +18,28 @@ Requires-Python: >=3.10
 Description-Content-Type: text/markdown
 License-File: LICENSE
 License-File: AUTHORS
-Requires-Dist: py2neo >=2021.2.3
-Requires-Dist: python-jsonschema-objects >=0.4.1
+Requires-Dist: py2neo>=2021.2.3
+Requires-Dist: python-jsonschema-objects>=0.5.5
+Requires-Dist: antlr4-tools
+Requires-Dist: antlr4-python3-runtime
+Requires-Dist: docopt
+Requires-Dist: PyYAML
 
-# Overview
+# MAL Toolbox overview
 
-A collection of python modules to help developers create and work with MAL
-models and attack graphs.
+MAL Toolbox is a collection of python modules to help developers create and work with
+MAL ([Meta Attack Language](https://mal-lang.org/)) models and attack graphs.
 
-# The Language Module
+Attack graphs can be used to run simulations (see MAL Simulator) or analysis.
+MAL Toolbox also gives the ability to view the AttackGraph/Model graphically in neo4j.
+
+[Documentation](https://mal-lang.org/mal-toolbox/index.html)(Work in progress)
+
+## The Language Module
 
 The language module provides various tools to process MAL languages.
 
-## The Language Specification Submodule
+### The Language Specification Submodule
 
 The language specification submodule provides functions to load the
 specification from a .mar archive(`load_language_specification_from_mar`) or a
@@ -39,7 +48,7 @@ then be used to generate python classes representing the assets and
 associations of the language and to determine the attack steps for each asset
 when generating the attack graph.
 
-## The Language Classes Factory Submodule
+### The Language Classes Factory Submodule
 
 The language classes factory submodule is used to generate python classes
 using the `python_jsonschema_objects` package from a language specification.
@@ -50,19 +59,23 @@ using JSON Schema validators they will enforce their restrictions when using
 the python objects created. These classes are typically used in conjunction
 with model module to create instance models.
 
-# The Model Module
+## The Model Module
+
+With a MAL language a Model (a MAL instance model) can be created either
+from a model file or empty.
+
+The model class will store all of the relevant information to the MAL
+instance model, most importantly the assets and associations that make it up.
+
+Assets and associations are objects of classes created using the language
+classes factory submodule in runtime. It also allows for `Attacker` objects
+to be created and associated with attack steps on assets in the model.
+The most relevant methods of the Model are the ones used to add different
+elements to the model, `add_asset`, `add_association`, and `add_attacker`.
 
-The model module is used to create MAL instance models. The model class will
-store all of the relevant information to the MAL instance model, most
-importantly the assets and associations that make it up. These assets and
-associations should be objects created using the language classes factory
-submodule. It also allows for `Attacker` objects to be created and associated
-with attack steps on assets in the model. The most relevant functions here are
-the ones used to add different elements to the model, `add_asset`,
-`add_association`, and `add_attacker`. Model objects can be used to generate
-attack graphs using the attack graph module.
+Model objects can be used to generate attack graphs with the AttackGraph module.
 
-# The Attack Graph Module
+## The Attack Graph Module
 
 The attack graph module contains tools used to generate attack graphs from
 existing MAL instance models and analyse MAL attack graphs. The function used
@@ -80,14 +93,27 @@ resulting attack graph with the instance model given as a parameter in order
 to create attack step nodes that represent the entry points of the attackers
 and attach them to the attack steps specified in the instance model.
 
-# Ingestors Module
+## Ingestors Module
 
 The ingestors module contains various tools that can make use of the instance
 model or attack graph. Currently the Neo4J ingestor is the only one available
 and it can be used to visualise the instance model and the attack graph.
 
-# Command Line Client
 
+# Usage
+
+## Installation
+
+```
+pip install mal-toolbox
+```
+
+## Configuration
+A default configuration file `default.conf` can be found in the package
+directory. This contains the default values to use for logging and can also be
+used to store the information needed to access the local Neo4J instance.
+
+## Command Line Client
 In addition to the modules that make up the MAL-Toolbox package it also
 provides a simple command line client that can be used to easily generate
 attack graphs from a .mar language specification file and a JSON instance
@@ -99,7 +125,13 @@ The usage is: `maltoolbox gen_ag [--neo4j] <model_json_file>
 If the `--neo4j` flag is specified the model and attack graph will be loaded
 into a local Neo4J instance.
 
-# Configuration
-A default configuration file `default.conf` can be found in the package
-directory. This contains the default values to use for logging and can also be
-used to store the information needed to access the local Neo4J instance.
+## Code examples / Tutorial
+
+To find code examples and tutorials, visit the
+[MAL Toolbox Tutorial](https://github.com/mal-lang/mal-toolbox-tutorial/tree/main) repository.
+
+# Tests
+There are unit tests inside of ./tests.
+Before running the tests, make sure to install the requirements in ./tests/requirements.txt with `python -m pip install -r ./tests/requirements.txt`.
+
+To run all tests, use the `pytest` command. To run just a specific file or test function use `pytest tests/<filename>` or `pytest -k <function_name>`.

mal_toolbox-0.1.12.dist-info/RECORD

@@ -0,0 +1,32 @@
+maltoolbox/__init__.py,sha256=Gkuzd3_D5OscXXfTzYQf5Vdcmooe67qcYyScGAeFpcQ,2778
+maltoolbox/__main__.py,sha256=1lOOOme_y56VWrEE1jkarTt-WoUo9yilCo8sUrivyns,2680
+maltoolbox/default.conf,sha256=YLGBSJh2q8hn3RzRRBbib9F6E6pcvquoHeALMRtA0wU,295
+maltoolbox/exceptions.py,sha256=0YjPx2v1yYumZ2o7pVZ1s_jS-GAb3Ng979KEFhROSNY,1399
+maltoolbox/file_utils.py,sha256=6KFEEZvf9x8yfNAq7hadF7lUGlLimNFMJ0W_DK2rh6Q,2024
+maltoolbox/model.py,sha256=gYGFdjkHPYpBuEngBRsj_Ki6fFSJtfBG9p8oCARz7gk,30556
+maltoolbox/wrappers.py,sha256=BYYNcIdTlyumADQCPcy1xmPEabfmi0P1l9RcbdVWm9w,2002
+maltoolbox/attackgraph/__init__.py,sha256=Oqqj5iCwnrzjDoJEFZnVI_kebjJPVbPXK-mWHy0lf-8,209
+maltoolbox/attackgraph/attacker.py,sha256=OaBNDYZF8shbFuQctzuNYVkOrpNb_KhxxV19k0SRa50,3541
+maltoolbox/attackgraph/attackgraph.py,sha256=T9snTC8kzgN017leI29CYj2YdlrU8IDxYiV69yDgz7o,30060
+maltoolbox/attackgraph/node.py,sha256=oFaGCz4QPvDcS7xM5lxaG_-GUR-PKT2xtQ1ryzYRWaU,5869
+maltoolbox/attackgraph/query.py,sha256=JnoNTUEIlLv2VIk3u5Rq3GpleOn9TZVGBVijniRY_44,6802
+maltoolbox/attackgraph/analyzers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+maltoolbox/attackgraph/analyzers/apriori.py,sha256=Af4NOSiE6Z0UnI_fuhxBA6YtSkDUj1kMie1rj09I0qM,8548
+maltoolbox/ingestors/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+maltoolbox/ingestors/neo4j.py,sha256=jdulYsQ2eZT2r0Af_yYjyGkmVx4l5h8viu1Z70NjVAM,8811
+maltoolbox/language/__init__.py,sha256=0tvCJDayrLwpqKRny7LBkMOrvcDE6JfJj7U7Jd64Okg,140
+maltoolbox/language/classes_factory.py,sha256=0QFF5Z9e4UeWwavvH1jM4BkeDZqKKZ4Ij7leGmSfXn4,10063
+maltoolbox/language/languagegraph.py,sha256=f79ovmrGQb6tvY9ze-zqP031N6rApB9WsbZd5LRyhk8,47031
+maltoolbox/language/compiler/__init__.py,sha256=fJ22-FlXfr907WCPkqlr_eBTzPqsrg6m3i7J_ZWpuAo,840
+maltoolbox/language/compiler/mal_lexer.py,sha256=wocRzBkLbqYefpGvq2W77x7439-AdZKVgPWhRiRubXg,10776
+maltoolbox/language/compiler/mal_parser.py,sha256=M1EVZFV73TNfQHz2KJ8-iloqOD4KUhHyajszD8UrNow,91349
+maltoolbox/language/compiler/mal_visitor.py,sha256=9gG06D7GZKlBY-62SmbIkRYkGBUBIC6fl1GOg7v2IuM,13223
+maltoolbox/translators/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+maltoolbox/translators/securicad.py,sha256=FAIHnoqFTmNYbCGxLsK6pX5g1oiNFfPTqkT_3qq3GG8,6692
+maltoolbox/translators/updater.py,sha256=Ap08-AsU_7or5ESQvZL2i4nWz3B5pvgfftZyc_-Gd8M,4766
+mal_toolbox-0.1.12.dist-info/AUTHORS,sha256=zxLrLe8EY39WtRKlAY4Oorx4Z2_LHV2ApRvDGZgY7xY,127
+mal_toolbox-0.1.12.dist-info/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
+mal_toolbox-0.1.12.dist-info/METADATA,sha256=XNkHzeC0F3E4Mtp4GhxAm2d2SWqDteCPNVZ1Px0q2rw,6002
+mal_toolbox-0.1.12.dist-info/WHEEL,sha256=In9FTNxeP60KnTkGw7wk6mJPYd_dQSjEZmXdBdMCI-8,91
+mal_toolbox-0.1.12.dist-info/top_level.txt,sha256=phqRVLRKGdSUgRY03mcpi2cmbbDo5YGjkV4gkqHFFcM,11
+mal_toolbox-0.1.12.dist-info/RECORD,,

{mal_toolbox-0.0.28.dist-info → mal_toolbox-0.1.12.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: bdist_wheel (0.43.0)
+Generator: setuptools (75.8.0)
 Root-Is-Purelib: true
 Tag: py3-none-any
 

maltoolbox/__init__.py

@@ -1,5 +1,5 @@
 # -*- encoding: utf-8 -*-
-# MAL Toolbox v0.0.28
+# MAL Toolbox v0.1.12
 # Copyright 2024, Andrei Buhaiu.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -21,69 +21,70 @@ MAL-Toolbox Framework
 """
 
 __title__ = 'maltoolbox'
-__version__ = '0.0.28'
+__version__ = '0.1.12'
 __authors__ = ['Andrei Buhaiu',
     'Giuseppe Nebbione',
     'Nikolaos Kakouros',
-    'Jakob Nyberg']
+    'Jakob Nyberg',
+    'Joakim Loxdal']
 __license__ = 'Apache 2.0'
 __docformat__ = 'restructuredtext en'
 
 __all__ = ()
 
 import os
-import sys
 import configparser
 import logging
 
-from pkg_resources import Requirement, resource_filename
-
 ERROR_INCORRECT_CONFIG = 1
 
-CONFIGFILE = resource_filename(Requirement.parse("mal-toolbox"),
-    "maltoolbox/default.conf")
+CONFIGFILE = os.path.join(
+    os.path.dirname(os.path.abspath(__file__)),
+    "default.conf"
+)
 
 config = configparser.ConfigParser()
 config.read(CONFIGFILE)
 
 if 'logging' not in config:
-    print('Config file is missing essential information, cannot proceed.')
-    sys.exit(ERROR_INCORRECT_CONFIG)
+    raise ValueError('Config file is missing essential information, cannot proceed.')
 
-for term in ['output_dir', 'log_file']:
-    if term not in config['logging']:
-        logger.critical('Config file is missing essential '\
-            'information, cannot proceed.')
-        print('Config file is missing essential information, cannot '\
-            'proceed.')
-        sys.exit(ERROR_INCORRECT_CONFIG)
+if 'log_file' not in config['logging']:
+    raise ValueError('Config file is missing a log_file location, cannot proceed.')
 
 log_configs = {
-    'output_dir': config['logging']['output_dir'],
     'log_file': config['logging']['log_file'],
+    'log_level': config['logging']['log_level'],
     'attackgraph_file': config['logging']['attackgraph_file'],
     'model_file': config['logging']['model_file'],
     'langspec_file': config['logging']['langspec_file'],
 }
 
-os.makedirs(log_configs['output_dir'], exist_ok = True)
-logging.basicConfig(level=logging.DEBUG,
-            format='%(asctime)s %(name)-12s %(levelname)-8s %(message)s',
-            datefmt='%m-%d %H:%M',
-            filename=log_configs["log_file"],
-            filemode='w')
-logging.getLogger('python_jsonschema_objects').setLevel(logging.WARNING)
+os.makedirs(os.path.dirname(log_configs['log_file']), exist_ok = True)
+
+formatter = logging.Formatter('%(asctime)s %(name)-12s %(levelname)-8s %(message)s', datefmt='%m-%d %H:%M')
+file_handler = logging.FileHandler(log_configs['log_file'], mode='w')
+file_handler.setFormatter(formatter)
 
 logger = logging.getLogger(__name__)
+logger.addHandler(file_handler)
+
+log_level = log_configs['log_level']
+if log_level != '':
+    level = logging.getLevelName(log_level)
+    logger.setLevel(level)
+    logger.info('Set loggin level of %s to %s.', __name__, log_level)
 
 if 'neo4j' in config:
     for term in ['uri', 'username', 'password', 'dbname']:
         if term not in config['neo4j']:
-            logger.critical('Config file is missing essential '\
-                f'Neo4J information: {term}, cannot proceed.')
-            print('Config file is missing essential '\
-                f'Neo4J information: {term}, cannot proceed.')
-            sys.exit(ERROR_INCORRECT_CONFIG)
+
+            msg = (
+                'Config file is missing essential Neo4J '
+                f'information: {term}, cannot proceed.'
+            )
+            logger.critical(msg)
+            raise ValueError(msg)
 
     neo4j_configs = {
         'uri': config['neo4j']['uri'],
@@ -91,4 +92,3 @@ if 'neo4j' in config:
         'password': config['neo4j']['password'],
         'dbname': config['neo4j']['dbname'],
     }
-

maltoolbox/__main__.py

@@ -1,7 +1,83 @@
-from maltoolbox.main import main
+"""
+Command-line interface for MAL toolbox operations
 
+Usage:
+    maltoolbox attack-graph generate [options] <model> <lang_file>
+    maltoolbox compile <lang_file> <output_file>
 
-__all__ = ('main',)
+Arguments:
+    <model>         Path to JSON instance model file.
+    <lang_file>     Path to .mar or .mal file containing MAL spec.
+    <output_file>   Path to write the JSON result of the compilation.
 
-if __name__ == '__main__':
-    main()
+Options:
+    --neo4j         Ingest attack graph and instance model into a Neo4j instance
+
+Notes:
+    - <lang_file> can be either a .mar file (generated by the older MAL
+      compiler) or a .mal file containing the DSL written in MAL.
+
+    - If --neo4j is used, the Neo4j instance should be running. The connection
+      parameters required for this app to reach the Neo4j instance should be
+      defined in the default.conf file.
+"""
+
+import logging
+import json
+import docopt
+
+from maltoolbox.wrappers import create_attack_graph
+from . import log_configs, neo4j_configs
+from .language.compiler import MalCompiler
+from .ingestors import neo4j
+
+logger = logging.getLogger(__name__)
+
+def generate_attack_graph(
+        model_file: str,
+        lang_file: str,
+        send_to_neo4j: bool
+    ) -> None:
+    """Create an attack graph and optionally send to neo4j
+    
+    Args:
+    model_file      - path to the model file
+    lang_file       - path to the language file
+    send_to_neo4j   - whether to ingest into neo4j or not
+    """
+    attack_graph = create_attack_graph(lang_file, model_file)
+    if log_configs['attackgraph_file']:
+        attack_graph.save_to_file(
+            log_configs['attackgraph_file']
+        )
+
+    if send_to_neo4j:
+        logger.debug('Ingest model graph into Neo4J database.')
+        neo4j.ingest_model(attack_graph.model,
+            neo4j_configs['uri'],
+            neo4j_configs['username'],
+            neo4j_configs['password'],
+            neo4j_configs['dbname'],
+            delete=True)
+        logger.debug('Ingest attack graph into Neo4J database.')
+        neo4j.ingest_attack_graph(attack_graph,
+            neo4j_configs['uri'],
+            neo4j_configs['username'],
+            neo4j_configs['password'],
+            neo4j_configs['dbname'],
+            delete=False)
+
+
+def compile(lang_file: str, output_file: str) -> None:
+    """Compile language and dump into output file"""
+    compiler = MalCompiler()
+    with open(output_file, "w") as f:
+        json.dump(compiler.compile(lang_file), f, indent=2)
+
+
+args = docopt.docopt(__doc__)
+
+if args['attack-graph'] and args['generate']:
+    generate_attack_graph(args['<model>'], args['<lang_file>'], args['--neo4j'])
+elif args['compile']:
+    compile(args['<lang_file>'], args['<output_file>'])

maltoolbox/attackgraph/__init__.py

@@ -0,0 +1,8 @@
+"""
+Contains tools used to generate attack graphs from MAL instance
+models and analyze attack graphs.
+"""
+
+from .attacker import Attacker
+from .attackgraph import AttackGraph
+from .node import AttackGraphNode

maltoolbox/attackgraph/analyzers/apriori.py

@@ -11,21 +11,25 @@ Currently these are:
   compromised) to compromise children attack steps.
 """
 
+from __future__ import annotations
+from typing import Optional
 import logging
 
-from maltoolbox.attackgraph import attackgraph
-from maltoolbox.attackgraph.node import AttackGraphNode
+from ..attackgraph import AttackGraph
+from ..node import AttackGraphNode
 
 logger = logging.getLogger(__name__)
 
-def propagate_viability_from_node(node: AttackGraphNode):
+def propagate_viability_from_node(node: AttackGraphNode) -> None:
     """
     Arguments:
     node        - the attack graph node from which to propagate the viable
                   status
     """
-    logger.debug(f'Propagate viability from {node.id} with viability'
-        f' status {node.is_viable}.')
+    logger.debug(
+        'Propagate viability from "%s"(%d) with viability status %s.',
+        node.full_name, node.id, node.is_viable
+    )
     for child in node.children:
         original_value = child.is_viable
         if child.type == 'or':
@@ -38,14 +42,26 @@ def propagate_viability_from_node(node: AttackGraphNode):
         if child.is_viable != original_value:
             propagate_viability_from_node(child)
 
-def propagate_necessity_from_node(node: AttackGraphNode):
+
+def propagate_necessity_from_node(node: AttackGraphNode) -> None:
     """
     Arguments:
     node        - the attack graph node from which to propagate the necessary
                   status
     """
-    logger.debug(f'Propagate necessity from {node.id} with necessity'
-        f' status {node.is_necessary}.')
+    logger.debug(
+        'Propagate necessity from "%s"(%d) with necessity status %s.',
+        node.full_name, node.id, node.is_necessary
+    )
+
+    if node.ttc and 'name' in node.ttc:
+        if node.ttc['name'] not in ['Enabled', 'Disabled']:
+            # Do not propagate unnecessary state from nodes that have a TTC
+            # probability distribution associated with them.
+            # TODO: Evaluate this more carefully, how do we want to have TTCs
+            # impact necessity and viability.
+            return
+
     for child in node.children:
         original_value = child.is_necessary
         if child.type == 'or':
@@ -60,27 +76,157 @@ def propagate_necessity_from_node(node: AttackGraphNode):
         if child.is_necessary != original_value:
             propagate_necessity_from_node(child)
 
-def calculate_viability_and_necessity(graph: attackgraph.AttackGraph):
+
+def evaluate_viability(node: AttackGraphNode) -> None:
+    """
+    Arguments:
+    graph       - the node to evaluate viability for.
+    """
+    match (node.type):
+        case 'exist':
+            assert isinstance(node.existence_status, bool), \
+                f'Existence status not defined for {node.full_name}.'
+            node.is_viable = node.existence_status
+        case 'notExist':
+            assert isinstance(node.existence_status, bool), \
+                f'Existence status not defined for {node.full_name}.'
+            node.is_viable = not node.existence_status
+        case 'defense':
+            assert node.defense_status is not None and \
+                   0.0 <= node.defense_status <= 1.0, \
+                f'{node.full_name} defense status invalid: {node.defense_status}.'
+            node.is_viable = node.defense_status != 1.0
+        case 'or':
+            node.is_viable = False
+            for parent in node.parents:
+                node.is_viable = node.is_viable or parent.is_viable
+        case 'and':
+            node.is_viable = True
+            for parent in node.parents:
+                node.is_viable = node.is_viable and parent.is_viable
+        case _:
+            msg = ('Evaluate viability was provided node "%s"(%d) which '
+                   'is of unknown type "%s"')
+            logger.error(msg, node.full_name, node.id, node.type)
+            raise ValueError(msg % (node.full_name, node.id, node.type))
+
+
+def evaluate_necessity(node: AttackGraphNode) -> None:
+    """
+    Arguments:
+    graph       - the node to evaluate necessity for.
+    """
+    match (node.type):
+        case 'exist':
+            assert isinstance(node.existence_status, bool), \
+                f'Existence status not defined for {node.full_name}.'
+            node.is_necessary = not node.existence_status
+        case 'notExist':
+            assert isinstance(node.existence_status, bool), \
+                f'Existence status not defined for {node.full_name}.'
+            node.is_necessary = bool(node.existence_status)
+        case 'defense':
+            assert node.defense_status is not None and \
+                   0.0 <= node.defense_status <= 1.0, \
+                f'{node.full_name} defense status invalid: {node.defense_status}.'
+            node.is_necessary = node.defense_status != 0.0
+        case 'or':
+            node.is_necessary = True
+            for parent in node.parents:
+                node.is_necessary = node.is_necessary and parent.is_necessary
+        case 'and':
+            node.is_necessary = False
+            for parent in node.parents:
+                node.is_necessary = node.is_necessary or parent.is_necessary
+        case _:
+            msg = ('Evaluate necessity was provided node "%s"(%d) which '
+                   'is of unknown type "%s"')
+            logger.error(msg, node.full_name, node.id, node.type)
+            raise ValueError(msg % (node.full_name, node.id, node.type))
+
+
+def evaluate_viability_and_necessity(node: AttackGraphNode) -> None:
+    """
+    Arguments:
+    graph       - the node to evaluate viability and necessity for.
+    """
+    evaluate_viability(node)
+    evaluate_necessity(node)
+
+
+def calculate_viability_and_necessity(graph: AttackGraph) -> None:
     """
     Arguments:
-    node        - the attack graph for which we wish to determine the
+    graph       - the attack graph for which we wish to determine the
                   viability and necessity statuses for the nodes.
     """
     for node in graph.nodes:
-        match (node.type):
-            case 'exist':
-                node.is_viable = node.existence_status
-                node.is_necessary = not node.existence_status
-            case 'notExist':
-                node.is_viable = not node.existence_status
-                node.is_necessary = node.existence_status
-            case 'defense':
-                node.is_viable = node.defense_status != 1.0
-                node.is_necessary = node.defense_status != 0.0
-            case _:
-                pass
-
-        if not node.is_viable:
-            propagate_viability_from_node(node)
-        if not node.is_necessary:
-            propagate_necessity_from_node(node)
+        if node.type in ['exist', 'notExist', 'defense']:
+            evaluate_viability_and_necessity(node)
+            if not node.is_viable:
+                propagate_viability_from_node(node)
+            if not node.is_necessary:
+                propagate_necessity_from_node(node)
+
+
+def prune_unviable_and_unnecessary_nodes(graph: AttackGraph) -> None:
+    """
+    Arguments:
+    graph       - the attack graph for which we wish to remove the
+                  the nodes which are not viable or necessary.
+    """
+    for node in graph.nodes:
+        if (node.type == 'or' or node.type == 'and') and \
+            (not node.is_viable or not node.is_necessary):
+            graph.remove_node(node)
+
+
+def propagate_viability_from_unviable_node(
+        unviable_node: AttackGraphNode,
+    ) -> list[AttackGraphNode]:
+    """
+    Update viability of nodes affected by newly enabled defense
+    `unviable_node` in the graph and return any attack steps
+    that are no longer viable because of it.
+
+    Propagate recursively via children as long as changes occur.
+
+    Arguments:
+    unviable_node               - the node to propagate viability from
+
+    Returns:
+    attack_steps_made_unviable  - list of the attack steps that have been
+                                  made unviable by a defense enabled in the
+                                  current step. Builds up recursively.
+    """
+
+    attack_steps_made_unviable = []
+
+    logger.debug(
+        'Update viability for node "%s"(%d)',
+        unviable_node.full_name,
+        unviable_node.id
+    )
+
+    assert not unviable_node.is_viable, (
+        "propagate_viability_from_unviable_node should not be called"
+       f" on viable node {unviable_node.full_name}"
+    )
+
+    if unviable_node.type in ('and', 'or'):
+        attack_steps_made_unviable.append(unviable_node)
+
+    for child in unviable_node.children:
+        original_value = child.is_viable
+        if child.type == 'or':
+            child.is_viable = False
+            for parent in child.parents:
+                child.is_viable = child.is_viable or parent.is_viable
+        if child.type == 'and':
+            child.is_viable = False
+
+        if child.is_viable != original_value:
+            attack_steps_made_unviable += \
+                propagate_viability_from_unviable_node(child)
+
+    return attack_steps_made_unviable