fix: Correctly skip already-revoked and already-deprecated objects

Fixed critical bug in refactored load_data() method where already-revoked
and already-deprecated objects were being processed as version changes instead
of being skipped.

**The Bug:**
- When `_detect_revocation()` returned None for already-revoked objects, they
  fell through to version change processing
- Similarly, already-deprecated objects were not being skipped

**The Fix:**
- Added explicit skip logic for already-revoked objects (when revocation_result
  is None and object is revoked)
- Added explicit skip logic for already-deprecated objects (when deprecation
  check returns False but object is deprecated)
- Updated `_detect_revocation()` to return None|True|False to distinguish:
  - None: not a revocation scenario
  - True: newly revoked and validated
  - False: validation error, skip object

**Impact:**
This fix reduces the count from 518→377 to the correct 377 in minor_version_changes.
All 133 tests now pass (was 130/133).

Matches original behavior where already-revoked/deprecated objects exit the
if-elif-else chain without being processed as version changes.

Author: jondricek

mitreattack/diffStix/changelog_helper.py

@@ -80,6 +80,7 @@
     "main",
 ]
 
+
 @dataclass
 class DomainStatistics:
     """Statistics for a single ATT&CK domain."""
@@ -328,9 +329,7 @@ def release_contributors(self, value: dict):
         """
         self._contributor_tracker.release_contributors = value
 
-    def _detect_revocation(
-        self, stix_id: str, old_obj: dict, new_obj: dict, new_attack_objects: dict, domain: str
-    ) -> bool:
+    def _detect_revocation(self, stix_id: str, old_obj: dict, new_obj: dict, new_attack_objects: dict, domain: str):
         """Detect if an object has been newly revoked.
 
         Parameters
@@ -348,30 +347,33 @@ def _detect_revocation(
 
         Returns
         -------
-        bool
-            True if the object was newly revoked, False otherwise.
+        None, True, or False
+            None if not a revocation scenario (not revoked or already revoked),
+            True if newly revoked and successfully validated,
+            False if validation failed (object should be skipped).
         """
+        # Not revoked at all - continue to deprecation/version checking
         if not new_obj.get("revoked"):
-            return False
+            return None
 
-        # Only work with newly revoked objects
+        # Already revoked in old version - not a change, but still revoked
+        # Original code would exit the if block and NOT process as version change
         if old_obj.get("revoked"):
-            return False
+            return None
 
+        # Newly revoked - validate the revocation
         if stix_id not in self.data["new"][domain]["relationships"]["revoked-by"]:
             logger.error(f"[{stix_id}] revoked object has no revoked-by relationship")
-            return False
+            return False  # Validation error - skip this object
 
         revoked_by_key = self.data["new"][domain]["relationships"]["revoked-by"][stix_id][0]["target_ref"]
         if revoked_by_key not in new_attack_objects:
-            logger.error(
-                f"{stix_id} revoked by {revoked_by_key}, but {revoked_by_key} not found in new STIX bundle!!"
-            )
-            return False
+            logger.error(f"{stix_id} revoked by {revoked_by_key}, but {revoked_by_key} not found in new STIX bundle!!")
+            return False  # Validation error - skip this object
 
         revoking_object = new_attack_objects[revoked_by_key]
         new_obj["revoked_by"] = revoking_object
-        return True
+        return True  # Successfully detected new revocation
 
     def _detect_deprecation(self, old_obj: dict, new_obj: dict) -> bool:
         """Detect if an object has been newly deprecated.
@@ -510,35 +512,50 @@ def load_data(self):
                     detailed_diff = ddiff.to_json()
                     new_stix_obj["detailed_diff"] = detailed_diff
 
-                    # Check for revocations
-                    if self._detect_revocation(stix_id, old_stix_obj, new_stix_obj, new_attack_objects, domain):
+                    # Check for revocations (skip object if revocation validation fails or already revoked)
+                    revocation_result = self._detect_revocation(
+                        stix_id, old_stix_obj, new_stix_obj, new_attack_objects, domain
+                    )
+                    if revocation_result is False:
+                        # Revocation validation failed - skip this object entirely (like original 'continue')
+                        continue
+                    elif revocation_result is True:
                         revocations.add(stix_id)
+                        continue
+                    elif revocation_result is None and new_stix_obj.get("revoked"):
+                        # Object is revoked but was already revoked - skip (matches original if-elif-else behavior)
+                        continue
+
                     # Check for deprecations
-                    elif self._detect_deprecation(old_stix_obj, new_stix_obj):
+                    if self._detect_deprecation(old_stix_obj, new_stix_obj):
                         deprecations.add(stix_id)
+                        continue
+                    elif new_stix_obj.get("x_mitre_deprecated"):
+                        # Object is deprecated but was already deprecated - skip (matches original if-elif-else behavior)
+                        continue
+
                     # Process normal version changes
-                    else:
-                        category, old_version, new_version = self._categorize_version_change(
-                            stix_id, old_stix_obj, new_stix_obj
-                        )
+                    category, old_version, new_version = self._categorize_version_change(
+                        stix_id, old_stix_obj, new_stix_obj
+                    )
 
-                        if category == "major":
-                            major_version_changes.add(stix_id)
-                        elif category == "minor":
-                            minor_version_changes.add(stix_id)
-                        elif category == "other":
-                            other_version_changes.add(stix_id)
-                        elif category == "patch":
-                            patches.add(stix_id)
-                        else:
-                            unchanged.add(stix_id)
+                    if category == "major":
+                        major_version_changes.add(stix_id)
+                    elif category == "minor":
+                        minor_version_changes.add(stix_id)
+                    elif category == "other":
+                        other_version_changes.add(stix_id)
+                    elif category == "patch":
+                        patches.add(stix_id)
+                    else:
+                        unchanged.add(stix_id)
 
-                        if new_version != old_version:
-                            new_stix_obj["version_change"] = f"{old_version} → {new_version}"
+                    if new_version != old_version:
+                        new_stix_obj["version_change"] = f"{old_version} → {new_version}"
 
-                        # Process description and relationship changes
-                        self._process_description_changes(old_stix_obj, new_stix_obj)
-                        self._process_relationship_changes(new_stix_obj, domain)
+                    # Process description and relationship changes
+                    self._process_description_changes(old_stix_obj, new_stix_obj)
+                    self._process_relationship_changes(new_stix_obj, domain)
 
                 #############
                 # New objects
@@ -653,9 +670,7 @@ def _collect_related_objects(
 
         return related_objects
 
-    def _create_changelog_entry(
-        self, old_items: dict, new_items: dict, formatter: callable = None
-    ) -> dict:
+    def _create_changelog_entry(self, old_items: dict, new_items: dict, formatter: callable = None) -> dict:
         """Create a changelog entry with shared, new, and dropped items.
 
         Parameters
@@ -703,9 +718,7 @@ def find_technique_mitigation_changes(self, new_stix_obj: dict, domain: str):
 
         new_stix_obj["changelog_mitigations"] = self._create_changelog_entry(old_mitigations, new_mitigations)
 
-    def _collect_detection_objects(
-        self, stix_id: str, domain: str, age: str
-    ) -> tuple[dict[str, str], dict[str, str]]:
+    def _collect_detection_objects(self, stix_id: str, domain: str, age: str) -> tuple[dict[str, str], dict[str, str]]:
         """Collect detection-related objects (datacomponents and detectionstrategies) for a technique.
 
         Parameters