meshmapper Rules¶
meshmapper rules walk the graph and emit schema-valid, unvalidated path hypotheses. They do not execute probes and they do not create findings.
M4 Rule Pack¶
| Class | Trigger | OWASP ASI | ATLAS |
|---|---|---|---|
privilege_laundering |
Public entry reaches a high-privilege sink through an implicitly trusted hop. | ASI03 |
AML.T0053 |
confused_deputy |
Public or low-trust caller reaches a privileged sink through an intermediary acting with its own authority. | ASI03 |
AML.T0053 |
injection_propagation |
Untrusted input or tool-result content reaches a privileged path without a sanitizer marker. | ASI01 |
AML.T0051 |
trust_spoof |
Unsigned or unauthenticated Agent Card trust steers a host toward a privileged advertised capability. | ASI07 |
AML.T0073 |
ATLAS tags are intentionally sparse and only used where the implemented mapping has an explicit fit.
Determinism¶
Rules run in a fixed order, generated hypothesis IDs are deterministic, and duplicate IDs are collapsed before output.
Each hypothesis carries:
classentrytargethopstrust_basis_gapsrationale- taxonomy tags
graph_refproven: false
See hypotheses for the output contract.
Sanitizer Markers¶
The injection rule skips paths with a sanitizer marker on an intermediate node or edge. Current markers are metadata fields such as sanitizes or sanitized.
Absence of a marker does not prove exploitability. It tells the operator where to aim Seam next or where to validate impact with Assay.