mal-toolbox 0.1.12__tar.gz → 0.3.0__tar.gz

{mal_toolbox-0.1.12/mal_toolbox.egg-info → mal_toolbox-0.3.0}/PKG-INFO

@@ -1,8 +1,8 @@
 Metadata-Version: 2.2
 Name: mal-toolbox
-Version: 0.1.12
+Version: 0.3.0
 Summary: A collection of tools used to create MAL models and attack graphs.
-Author-email: Andrei Buhaiu <buhaiu@kth.se>, Giuseppe Nebbione <nebbione@kth.se>, Nikolaos Kakouros <nkak@kth.se>, Jakob Nyberg <jaknyb@kth.se>, Joakim Loxdal <loxdal@kth.se>
+Author-email: Andrei Buhaiu <buhaiu@kth.se>, Joakim Loxdal <loxdal@kth.se>, Nikolaos Kakouros <nkak@kth.se>, Jakob Nyberg <jaknyb@kth.se>, Giuseppe Nebbione <nebbione@kth.se>
 License: Apache Software License
 Project-URL: Homepage, https://github.com/mal-lang/mal-toolbox
 Project-URL: Bug Tracker, https://github.com/mal-lang/mal-toolbox/issues
@@ -19,7 +19,6 @@ Description-Content-Type: text/markdown
 License-File: LICENSE
 License-File: AUTHORS
 Requires-Dist: py2neo>=2021.2.3
-Requires-Dist: python-jsonschema-objects>=0.5.5
 Requires-Dist: antlr4-tools
 Requires-Dist: antlr4-python3-runtime
 Requires-Dist: docopt
@@ -48,17 +47,6 @@ then be used to generate python classes representing the assets and
 associations of the language and to determine the attack steps for each asset
 when generating the attack graph.
 
-### The Language Classes Factory Submodule
-
-The language classes factory submodule is used to generate python classes
-using the `python_jsonschema_objects` package from a language specification.
-The classes generated by the `create_classes` function can then be accessed
-from within that namespace(.e.g: `lang_classes_factory.ns.Application()`,
-`lang_classes_factory.ns.AppExecution()`). Because these classes are built
-using JSON Schema validators they will enforce their restrictions when using
-the python objects created. These classes are typically used in conjunction
-with model module to create instance models.
-
 ## The Model Module
 
 With a MAL language a Model (a MAL instance model) can be created either
@@ -109,21 +97,51 @@ pip install mal-toolbox
 ```
 
 ## Configuration
-A default configuration file `default.conf` can be found in the package
-directory. This contains the default values to use for logging and can also be
-used to store the information needed to access the local Neo4J instance.
+You can use a `maltoolbox.yml` file in the current working directory to
+configure the toolbox. Alternatively, you can use the `MALTOOLBOX_CONFIG`
+environment variable to set a custom config file location:
+
+"""bash
+# in your shell, e.g. bash do:
+export MALTOOLBOX_CONFIG=path/to/yml/config/file
+"""
+
+The default configuration can be found here:
+
+https://github.com/mal-lang/mal-toolbox/blob/main/maltoolbox/__init__.py#L39-L53
 
 ## Command Line Client
-In addition to the modules that make up the MAL-Toolbox package it also
-provides a simple command line client that can be used to easily generate
-attack graphs from a .mar language specification file and a JSON instance
-model file.
 
-The usage is: `maltoolbox gen_ag [--neo4j] <model_json_file>
-<language_mar_file>`
+You can use the maltoolbox cli to:
+
+- Generate attack graphs from model files
+- Compile MAL languages
+- Upgrade model files from older versions
 
-If the `--neo4j` flag is specified the model and attack graph will be loaded
-into a local Neo4J instance.
+```
+Command-line interface for MAL toolbox operations
+
+Usage:
+    maltoolbox attack-graph generate [options] <model_file> <lang_file>
+    maltoolbox compile <lang_file> <output_file>
+    maltoolbox upgrade-model <model_file> <lang_file> <output_file>
+
+Arguments:
+    <model_file>    Path to JSON instance model file.
+    <lang_file>     Path to .mar or .mal file containing MAL spec.
+    <output_file>   Path to write the result of the compilation (yml/json).
+
+Options:
+    --neo4j         Ingest attack graph and instance model into a Neo4j instance
+
+Notes:
+    - <lang_file> can be either a .mar file (generated by the older MAL
+      compiler) or a .mal file containing the DSL written in MAL.
+
+    - If --neo4j is used, the Neo4j instance should be running. The connection
+      parameters required for this app to reach the Neo4j instance should be
+      defined in the default.conf file.
+```
 
 ## Code examples / Tutorial
 

{mal_toolbox-0.1.12 → mal_toolbox-0.3.0}/README.md

@@ -21,17 +21,6 @@ then be used to generate python classes representing the assets and
 associations of the language and to determine the attack steps for each asset
 when generating the attack graph.
 
-### The Language Classes Factory Submodule
-
-The language classes factory submodule is used to generate python classes
-using the `python_jsonschema_objects` package from a language specification.
-The classes generated by the `create_classes` function can then be accessed
-from within that namespace(.e.g: `lang_classes_factory.ns.Application()`,
-`lang_classes_factory.ns.AppExecution()`). Because these classes are built
-using JSON Schema validators they will enforce their restrictions when using
-the python objects created. These classes are typically used in conjunction
-with model module to create instance models.
-
 ## The Model Module
 
 With a MAL language a Model (a MAL instance model) can be created either
@@ -82,21 +71,51 @@ pip install mal-toolbox
 ```
 
 ## Configuration
-A default configuration file `default.conf` can be found in the package
-directory. This contains the default values to use for logging and can also be
-used to store the information needed to access the local Neo4J instance.
+You can use a `maltoolbox.yml` file in the current working directory to
+configure the toolbox. Alternatively, you can use the `MALTOOLBOX_CONFIG`
+environment variable to set a custom config file location:
+
+"""bash
+# in your shell, e.g. bash do:
+export MALTOOLBOX_CONFIG=path/to/yml/config/file
+"""
+
+The default configuration can be found here:
+
+https://github.com/mal-lang/mal-toolbox/blob/main/maltoolbox/__init__.py#L39-L53
 
 ## Command Line Client
-In addition to the modules that make up the MAL-Toolbox package it also
-provides a simple command line client that can be used to easily generate
-attack graphs from a .mar language specification file and a JSON instance
-model file.
 
-The usage is: `maltoolbox gen_ag [--neo4j] <model_json_file>
-<language_mar_file>`
+You can use the maltoolbox cli to:
+
+- Generate attack graphs from model files
+- Compile MAL languages
+- Upgrade model files from older versions
 
-If the `--neo4j` flag is specified the model and attack graph will be loaded
-into a local Neo4J instance.
+```
+Command-line interface for MAL toolbox operations
+
+Usage:
+    maltoolbox attack-graph generate [options] <model_file> <lang_file>
+    maltoolbox compile <lang_file> <output_file>
+    maltoolbox upgrade-model <model_file> <lang_file> <output_file>
+
+Arguments:
+    <model_file>    Path to JSON instance model file.
+    <lang_file>     Path to .mar or .mal file containing MAL spec.
+    <output_file>   Path to write the result of the compilation (yml/json).
+
+Options:
+    --neo4j         Ingest attack graph and instance model into a Neo4j instance
+
+Notes:
+    - <lang_file> can be either a .mar file (generated by the older MAL
+      compiler) or a .mal file containing the DSL written in MAL.
+
+    - If --neo4j is used, the Neo4j instance should be running. The connection
+      parameters required for this app to reach the Neo4j instance should be
+      defined in the default.conf file.
+```
 
 ## Code examples / Tutorial
 

{mal_toolbox-0.1.12 → mal_toolbox-0.3.0/mal_toolbox.egg-info}/PKG-INFO

@@ -1,8 +1,8 @@
 Metadata-Version: 2.2
 Name: mal-toolbox
-Version: 0.1.12
+Version: 0.3.0
 Summary: A collection of tools used to create MAL models and attack graphs.
-Author-email: Andrei Buhaiu <buhaiu@kth.se>, Giuseppe Nebbione <nebbione@kth.se>, Nikolaos Kakouros <nkak@kth.se>, Jakob Nyberg <jaknyb@kth.se>, Joakim Loxdal <loxdal@kth.se>
+Author-email: Andrei Buhaiu <buhaiu@kth.se>, Joakim Loxdal <loxdal@kth.se>, Nikolaos Kakouros <nkak@kth.se>, Jakob Nyberg <jaknyb@kth.se>, Giuseppe Nebbione <nebbione@kth.se>
 License: Apache Software License
 Project-URL: Homepage, https://github.com/mal-lang/mal-toolbox
 Project-URL: Bug Tracker, https://github.com/mal-lang/mal-toolbox/issues
@@ -19,7 +19,6 @@ Description-Content-Type: text/markdown
 License-File: LICENSE
 License-File: AUTHORS
 Requires-Dist: py2neo>=2021.2.3
-Requires-Dist: python-jsonschema-objects>=0.5.5
 Requires-Dist: antlr4-tools
 Requires-Dist: antlr4-python3-runtime
 Requires-Dist: docopt
@@ -48,17 +47,6 @@ then be used to generate python classes representing the assets and
 associations of the language and to determine the attack steps for each asset
 when generating the attack graph.
 
-### The Language Classes Factory Submodule
-
-The language classes factory submodule is used to generate python classes
-using the `python_jsonschema_objects` package from a language specification.
-The classes generated by the `create_classes` function can then be accessed
-from within that namespace(.e.g: `lang_classes_factory.ns.Application()`,
-`lang_classes_factory.ns.AppExecution()`). Because these classes are built
-using JSON Schema validators they will enforce their restrictions when using
-the python objects created. These classes are typically used in conjunction
-with model module to create instance models.
-
 ## The Model Module
 
 With a MAL language a Model (a MAL instance model) can be created either
@@ -109,21 +97,51 @@ pip install mal-toolbox
 ```
 
 ## Configuration
-A default configuration file `default.conf` can be found in the package
-directory. This contains the default values to use for logging and can also be
-used to store the information needed to access the local Neo4J instance.
+You can use a `maltoolbox.yml` file in the current working directory to
+configure the toolbox. Alternatively, you can use the `MALTOOLBOX_CONFIG`
+environment variable to set a custom config file location:
+
+"""bash
+# in your shell, e.g. bash do:
+export MALTOOLBOX_CONFIG=path/to/yml/config/file
+"""
+
+The default configuration can be found here:
+
+https://github.com/mal-lang/mal-toolbox/blob/main/maltoolbox/__init__.py#L39-L53
 
 ## Command Line Client
-In addition to the modules that make up the MAL-Toolbox package it also
-provides a simple command line client that can be used to easily generate
-attack graphs from a .mar language specification file and a JSON instance
-model file.
 
-The usage is: `maltoolbox gen_ag [--neo4j] <model_json_file>
-<language_mar_file>`
+You can use the maltoolbox cli to:
+
+- Generate attack graphs from model files
+- Compile MAL languages
+- Upgrade model files from older versions
 
-If the `--neo4j` flag is specified the model and attack graph will be loaded
-into a local Neo4J instance.
+```
+Command-line interface for MAL toolbox operations
+
+Usage:
+    maltoolbox attack-graph generate [options] <model_file> <lang_file>
+    maltoolbox compile <lang_file> <output_file>
+    maltoolbox upgrade-model <model_file> <lang_file> <output_file>
+
+Arguments:
+    <model_file>    Path to JSON instance model file.
+    <lang_file>     Path to .mar or .mal file containing MAL spec.
+    <output_file>   Path to write the result of the compilation (yml/json).
+
+Options:
+    --neo4j         Ingest attack graph and instance model into a Neo4j instance
+
+Notes:
+    - <lang_file> can be either a .mar file (generated by the older MAL
+      compiler) or a .mal file containing the DSL written in MAL.
+
+    - If --neo4j is used, the Neo4j instance should be running. The connection
+      parameters required for this app to reach the Neo4j instance should be
+      defined in the default.conf file.
+```
 
 ## Code examples / Tutorial
 

{mal_toolbox-0.1.12 → mal_toolbox-0.3.0}/mal_toolbox.egg-info/SOURCES.txt

@@ -5,15 +5,14 @@ pyproject.toml
 mal_toolbox.egg-info/PKG-INFO
 mal_toolbox.egg-info/SOURCES.txt
 mal_toolbox.egg-info/dependency_links.txt
+mal_toolbox.egg-info/entry_points.txt
 mal_toolbox.egg-info/requires.txt
 mal_toolbox.egg-info/top_level.txt
 maltoolbox/__init__.py
 maltoolbox/__main__.py
-maltoolbox/default.conf
 maltoolbox/exceptions.py
 maltoolbox/file_utils.py
 maltoolbox/model.py
-maltoolbox/wrappers.py
 maltoolbox/attackgraph/__init__.py
 maltoolbox/attackgraph/attacker.py
 maltoolbox/attackgraph/attackgraph.py
@@ -24,14 +23,11 @@ maltoolbox/attackgraph/analyzers/apriori.py
 maltoolbox/ingestors/__init__.py
 maltoolbox/ingestors/neo4j.py
 maltoolbox/language/__init__.py
-maltoolbox/language/classes_factory.py
 maltoolbox/language/languagegraph.py
 maltoolbox/language/compiler/__init__.py
 maltoolbox/language/compiler/mal_lexer.py
 maltoolbox/language/compiler/mal_parser.py
-maltoolbox/language/compiler/mal_visitor.py
 maltoolbox/translators/__init__.py
 maltoolbox/translators/securicad.py
 maltoolbox/translators/updater.py
-tests/test_model.py
-tests/test_wrappers.py
+tests/test_model.py

mal_toolbox-0.3.0/mal_toolbox.egg-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+maltoolbox = maltoolbox.__main__:main

{mal_toolbox-0.1.12 → mal_toolbox-0.3.0}/mal_toolbox.egg-info/requires.txt

@@ -1,5 +1,4 @@
 py2neo>=2021.2.3
-python-jsonschema-objects>=0.5.5
 antlr4-tools
 antlr4-python3-runtime
 docopt

mal_toolbox-0.3.0/maltoolbox/__init__.py

@@ -0,0 +1,75 @@
+# -*- encoding: utf-8 -*-
+# MAL Toolbox v0.3.0
+# Copyright 2024, Andrei Buhaiu.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+
+"""
+MAL-Toolbox Framework
+"""
+
+__title__ = "maltoolbox"
+__version__ = "0.3.0"
+__authors__ = [
+    "Andrei Buhaiu",
+    "Giuseppe Nebbione",
+    "Nikolaos Kakouros",
+    "Jakob Nyberg",
+    "Joakim Loxdal",
+]
+__license__ = "Apache 2.0"
+__docformat__ = "restructuredtext en"
+
+__all__ = ()
+
+import os
+import yaml
+import logging
+from typing import Any
+
+config: dict[str, Any] = {
+    "logging": {
+        "log_level": logging.INFO,
+        "log_file": "logs/log.txt",
+        "attackgraph_file": "logs/attackgraph.yml",
+        "model_file": "logs/model.yml",
+        "langspec_file": "logs/langspec_file.yml",
+    },
+    "neo4j": {"uri": None, "username": None, "password": None, "dbname": None},
+}
+
+config_file = os.getenv("MALTOOLBOX_CONFIG", "maltoolbox.yml")
+
+if os.path.exists(config_file):
+    with open(config_file) as f:
+        config |= yaml.safe_load(f)
+
+log_configs, neo4j_configs = config.values()
+
+os.makedirs(os.path.dirname(log_configs["log_file"]), exist_ok=True)
+
+formatter = logging.Formatter(
+    "%(asctime)s %(name)-12s %(levelname)-8s %(message)s", datefmt="%m-%d %H:%M"
+)
+file_handler = logging.FileHandler(log_configs["log_file"], mode="w")
+file_handler.setFormatter(formatter)
+
+logger = logging.getLogger(__name__)
+logger.addHandler(file_handler)
+
+logger.setLevel(log_configs.get("log_level"))
+logger.info("Set loggin level of %s to %s.", __name__, log_configs.get("log_level"))
+
+logger.debug("Config file location: %s", config_file)

{mal_toolbox-0.1.12 → mal_toolbox-0.3.0}/maltoolbox/__main__.py

@@ -2,13 +2,14 @@
 Command-line interface for MAL toolbox operations
 
 Usage:
-    maltoolbox attack-graph generate [options] <model> <lang_file>
+    maltoolbox attack-graph generate [options] <model_file> <lang_file>
     maltoolbox compile <lang_file> <output_file>
+    maltoolbox upgrade-model <model_file> <lang_file> <output_file>
 
 Arguments:
-    <model>         Path to JSON instance model file.
+    <model_file>    Path to JSON instance model file.
     <lang_file>     Path to .mar or .mal file containing MAL spec.
-    <output_file>   Path to write the JSON result of the compilation.
+    <output_file>   Path to write the result of the compilation (yml/json).
 
 Options:
     --neo4j         Ingest attack graph and instance model into a Neo4j instance
@@ -26,10 +27,12 @@ import logging
 import json
 import docopt
 
-from maltoolbox.wrappers import create_attack_graph
 from . import log_configs, neo4j_configs
+from .attackgraph import create_attack_graph
 from .language.compiler import MalCompiler
 from .ingestors import neo4j
+from .language.languagegraph import LanguageGraph
+from .translators.updater import load_model_from_older_version
 
 logger = logging.getLogger(__name__)
 
@@ -39,7 +42,7 @@ def generate_attack_graph(
         send_to_neo4j: bool
     ) -> None:
     """Create an attack graph and optionally send to neo4j
-    
+
     Args:
     model_file      - path to the model file
     lang_file       - path to the language file
@@ -53,19 +56,23 @@ def generate_attack_graph(
 
     if send_to_neo4j:
         logger.debug('Ingest model graph into Neo4J database.')
-        neo4j.ingest_model(attack_graph.model,
+        neo4j.ingest_model(
+            attack_graph.model,
             neo4j_configs['uri'],
             neo4j_configs['username'],
             neo4j_configs['password'],
             neo4j_configs['dbname'],
-            delete=True)
+            delete=True
+        )
         logger.debug('Ingest attack graph into Neo4J database.')
-        neo4j.ingest_attack_graph(attack_graph,
+        neo4j.ingest_attack_graph(
+            attack_graph,
             neo4j_configs['uri'],
             neo4j_configs['username'],
             neo4j_configs['password'],
             neo4j_configs['dbname'],
-            delete=False)
+            delete=False
+        )
 
 
 def compile(lang_file: str, output_file: str) -> None:
@@ -75,9 +82,31 @@ def compile(lang_file: str, output_file: str) -> None:
         json.dump(compiler.compile(lang_file), f, indent=2)
 
 
-args = docopt.docopt(__doc__)
+def upgrade_model(model_file: str, lang_file: str, output_file: str):
+    lang_graph = LanguageGraph.load_from_file(lang_file)
+
+    if log_configs['langspec_file']:
+        lang_graph.save_to_file(log_configs['langspec_file'])
+
+    model = load_model_from_older_version(model_file, lang_graph)
+    model.save_to_file(output_file)
+
+
+def main():
+    args = docopt.docopt(__doc__)
+
+    if args['attack-graph'] and args['generate']:
+        generate_attack_graph(
+            args['<model_file>'], args['<lang_file>'], args['--neo4j']
+        )
+    elif args['compile']:
+        compile(
+            args['<lang_file>'], args['<output_file>']
+        )
+    elif args['upgrade-model']:
+        upgrade_model(
+            args['<model_file>'], args['<lang_file>'], args['<output_file>']
+        )
 
-if args['attack-graph'] and args['generate']:
-    generate_attack_graph(args['<model>'], args['<lang_file>'], args['--neo4j'])
-elif args['compile']:
-    compile(args['<lang_file>'], args['<output_file>'])
+if __name__ == "__main__":
+    main()

{mal_toolbox-0.1.12 → mal_toolbox-0.3.0}/maltoolbox/attackgraph/__init__.py

@@ -4,5 +4,5 @@ models and analyze attack graphs.
 """
 
 from .attacker import Attacker
-from .attackgraph import AttackGraph
+from .attackgraph import AttackGraph, create_attack_graph
 from .node import AttackGraphNode

{mal_toolbox-0.1.12 → mal_toolbox-0.3.0}/maltoolbox/attackgraph/analyzers/apriori.py

@@ -12,11 +12,12 @@ Currently these are:
 """
 
 from __future__ import annotations
-from typing import Optional
+from typing import Optional, TYPE_CHECKING
 import logging
 
-from ..attackgraph import AttackGraph
-from ..node import AttackGraphNode
+if TYPE_CHECKING:
+    from ..attackgraph import AttackGraph
+    from ..node import AttackGraphNode
 
 logger = logging.getLogger(__name__)
 
@@ -55,11 +56,13 @@ def propagate_necessity_from_node(node: AttackGraphNode) -> None:
     )
 
     if node.ttc and 'name' in node.ttc:
-        if node.ttc['name'] not in ['Enabled', 'Disabled']:
+        if node.ttc['name'] not in ['Enabled', 'Disabled', 'Instant']:
             # Do not propagate unnecessary state from nodes that have a TTC
             # probability distribution associated with them.
             # TODO: Evaluate this more carefully, how do we want to have TTCs
             # impact necessity and viability.
+            # TODO: Have this condition be any probability that has a
+            # Bernoulli component
             return
 
     for child in node.children:
@@ -160,7 +163,7 @@ def calculate_viability_and_necessity(graph: AttackGraph) -> None:
     graph       - the attack graph for which we wish to determine the
                   viability and necessity statuses for the nodes.
     """
-    for node in graph.nodes:
+    for node in graph.nodes.values():
         if node.type in ['exist', 'notExist', 'defense']:
             evaluate_viability_and_necessity(node)
             if not node.is_viable:
@@ -175,7 +178,8 @@ def prune_unviable_and_unnecessary_nodes(graph: AttackGraph) -> None:
     graph       - the attack graph for which we wish to remove the
                   the nodes which are not viable or necessary.
     """
-    for node in graph.nodes:
+    logger.debug('Prune unviable and unnecessary nodes from the attack graph.')
+    for node in graph.nodes.values():
         if (node.type == 'or' or node.type == 'and') and \
             (not node.is_viable or not node.is_necessary):
             graph.remove_node(node)

{mal_toolbox-0.1.12 → mal_toolbox-0.3.0}/maltoolbox/attackgraph/attacker.py

@@ -3,7 +3,6 @@ MAL-Toolbox Attack Graph Attacker Class
 """
 
 from __future__ import annotations
-from dataclasses import dataclass, field
 import copy
 import logging
 
@@ -14,13 +13,19 @@ if TYPE_CHECKING:
 
 logger = logging.getLogger(__name__)
 
-@dataclass
 class Attacker:
-    name: str
-    entry_points: list[AttackGraphNode] = field(default_factory=list)
-    reached_attack_steps: list[AttackGraphNode] = \
-        field(default_factory=list)
-    id: Optional[int] = None
+
+    def __init__(
+        self,
+        name: str,
+        entry_points: set[AttackGraphNode],
+        reached_attack_steps: set[AttackGraphNode],
+        attacker_id: Optional[int] = None
+    ):
+        self.name = name
+        self.entry_points = entry_points
+        self.reached_attack_steps = reached_attack_steps
+        self.id = attacker_id
 
     def to_dict(self) -> dict:
         attacker_dict: dict = {
@@ -40,18 +45,26 @@ class Attacker:
         return attacker_dict
 
     def __repr__(self) -> str:
-        return str(self.to_dict())
+        return f'Attacker(name: "{self.name}", id: {self.id})'
 
     def __deepcopy__(self, memo) -> Attacker:
-        """Deep copy an Attacker"""
+        """Deep copy an Attacker
+        The deepcopy will copy over attacker specific information, name and
+        id, but it will not copy relations to attack graph nodes, reached
+        attack steps or entry points. These references should be recreated
+        when deepcopying the attack graph itself.
+
+        """
 
         # Check if the object is already in the memo dictionary
         if id(self) in memo:
             return memo[id(self)]
 
         copied_attacker = Attacker(
-            id = self.id,
             name = self.name,
+            attacker_id = self.id,
+            entry_points = set(),
+            reached_attack_steps = set()
         )
 
         # Remember that self was already copied
@@ -66,7 +79,7 @@ class Attacker:
 
     def compromise(self, node: AttackGraphNode) -> None:
         """
-        Have the attacke compromise the node given as a parameter.
+        Have the attacker compromise the node given as a parameter.
 
         Arguments:
         node    - the node that the attacker will compromise
@@ -90,8 +103,8 @@ class Attacker:
             )
             return
 
-        node.compromised_by.append(self)
-        self.reached_attack_steps.append(node)
+        node.compromised_by.add(self)
+        self.reached_attack_steps.add(node)
 
     def undo_compromise(self, node: AttackGraphNode) -> None:
         """