Skip to content

meshmapper Rules

meshmapper rules walk the graph and emit schema-valid, unvalidated path hypotheses. They do not execute probes and they do not create findings.

M4 Rule Pack

Class Trigger OWASP ASI ATLAS
privilege_laundering Public entry reaches a high-privilege sink through an implicitly trusted hop. ASI03 AML.T0053
confused_deputy Public or low-trust caller reaches a privileged sink through an intermediary acting with its own authority. ASI03 AML.T0053
injection_propagation Untrusted input or tool-result content reaches a privileged path without a sanitizer marker. ASI01 AML.T0051
trust_spoof Unsigned or unauthenticated Agent Card trust steers a host toward a privileged advertised capability. ASI07 AML.T0073

ATLAS tags are intentionally sparse and only used where the implemented mapping has an explicit fit.

Determinism

Rules run in a fixed order, generated hypothesis IDs are deterministic, and duplicate IDs are collapsed before output.

Each hypothesis carries:

  • class
  • entry
  • target
  • hops
  • trust_basis_gaps
  • rationale
  • taxonomy tags
  • graph_ref
  • proven: false

See hypotheses for the output contract.

Sanitizer Markers

The injection rule skips paths with a sanitizer marker on an intermediate node or edge. Current markers are metadata fields such as sanitizes or sanitized.

Absence of a marker does not prove exploitability. It tells the operator where to aim Seam next or where to validate impact with Assay.