Inconsistency in the success probability logic of exploits when the host is compromised #42
Description
Description:
In the network.py file, within the network_action() function, I came across a code snippet that I don't fully understand, raising questions about its functionality. The code snippet in question is as follows:
if action.is_exploit() and host_compromised:
# host already compromised so exploits don't fail due to randomness
pass
elif np.random.rand() > action.prob:
return next_state, ActionResult(False, 0.0, undefined_error=True)My concern lies with the first condition of the mentioned if statement: action.is_exploit() and host_compromised. If an attacker has already compromised the target host, exploits will not fail due to randomness. However, this does not seem to follow a coherent logic in the context of the module's functionality.
For example, in the host (5,0) of the medium scenario, the agent can execute an SSH exploit with a success probability of 0.9 to gain access as a user, and then perform a Samba exploit with a success probability of 0.3 to gain access as root. In this situation, the second exploit will never fail, despite having a success probability of less than 1.0. This inconsistency suggests a possible error in the code logic.
Expected behavior:
I would expect the code snippet in question to follow a consistent logic, where the success probabilities of the exploits are properly applied, even if the target host has been compromised previously.
Any assistance in clarifying the purpose of this code snippet and resolving my concern would be greatly appreciated.
Thank you for your attention and contribution.