diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index d0a947de..b4d0461f 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -225,8 +225,8 @@ }, { "name": "trailmark", - "version": "0.8.3", - "description": "Builds multi-language source and binary code graphs for security analysis: call graphs, attack surface mapping, blast radius, taint propagation, complexity hotspots, entry point enumeration, proxy/unresolved-call tracking, type/reference analysis, and structural diffs. Generates Mermaid diagrams, runs graph-informed mutation testing triage (genotoxic), generates mutation-driven test vectors (vector-forge), extracts crypto protocol message flows, converts Mermaid diagrams to ProVerif models, and projects SARIF/weAudit/binary findings onto code graphs. Use when analyzing call paths, mapping attack surface, visualizing code architecture, triaging survived mutants, generating cryptographic test vectors, diagramming crypto protocols, formally verifying protocols, or augmenting audits with static analysis findings.", + "version": "0.9.0", + "description": "Builds multi-language source and binary code graphs for security analysis: call graphs, attack surface mapping, blast radius, taint propagation, complexity hotspots, entry point enumeration, proxy/unresolved-call tracking, type/reference analysis, and structural diffs. Generates Mermaid diagrams, runs graph-informed mutation testing triage (genotoxic), generates mutation-driven test vectors (vector-forge), extracts crypto protocol message flows, converts Mermaid diagrams to ProVerif models, projects SARIF/weAudit/binary findings onto code graphs, triages single findings with graph evidence, gates branch diffs for structural review regressions, and expands seed findings into variant-neighborhood candidates. Use when analyzing call paths, mapping attack surface, visualizing code architecture, triaging survived mutants, generating cryptographic test vectors, diagramming crypto protocols, formally verifying protocols, augmenting audits with static analysis findings, deciding whether one candidate issue is reachable, reviewing graph-level PR risk, or seeding variant analysis.", "author": { "name": "Scott Arciszewski", "url": "https://github.com/tob-scott-a" diff --git a/plugins/trailmark/.claude-plugin/plugin.json b/plugins/trailmark/.claude-plugin/plugin.json index 4a9dde05..30b711e5 100644 --- a/plugins/trailmark/.claude-plugin/plugin.json +++ b/plugins/trailmark/.claude-plugin/plugin.json @@ -1,7 +1,7 @@ { "name": "trailmark", - "version": "0.8.3", - "description": "Builds multi-language source and binary code graphs for security analysis: call graphs, attack surface mapping, blast radius, taint propagation, complexity hotspots, entry point enumeration, proxy/unresolved-call tracking, type/reference analysis, and structural diffs. Generates Mermaid diagrams, runs graph-informed mutation testing triage (genotoxic), generates mutation-driven test vectors (vector-forge), extracts crypto protocol message flows, converts Mermaid diagrams to ProVerif models, and projects SARIF/weAudit/binary findings onto code graphs. Use when analyzing call paths, mapping attack surface, visualizing code architecture, triaging survived mutants, generating cryptographic test vectors, diagramming crypto protocols, formally verifying protocols, or augmenting audits with static analysis findings.", + "version": "0.9.0", + "description": "Builds multi-language source and binary code graphs for security analysis: call graphs, attack surface mapping, blast radius, taint propagation, complexity hotspots, entry point enumeration, proxy/unresolved-call tracking, type/reference analysis, and structural diffs. Generates Mermaid diagrams, runs graph-informed mutation testing triage (genotoxic), generates mutation-driven test vectors (vector-forge), extracts crypto protocol message flows, converts Mermaid diagrams to ProVerif models, projects SARIF/weAudit/binary findings onto code graphs, triages single findings with graph evidence, gates branch diffs for structural review regressions, and expands seed findings into variant-neighborhood candidates. Use when analyzing call paths, mapping attack surface, visualizing code architecture, triaging survived mutants, generating cryptographic test vectors, diagramming crypto protocols, formally verifying protocols, augmenting audits with static analysis findings, deciding whether one candidate issue is reachable, reviewing graph-level PR risk, or seeding variant analysis.", "author": { "name": "Scott Arciszewski", "url": "https://github.com/tob-scott-a" diff --git a/plugins/trailmark/README.md b/plugins/trailmark/README.md index 3677e30a..e102a8e5 100644 --- a/plugins/trailmark/README.md +++ b/plugins/trailmark/README.md @@ -47,8 +47,11 @@ uv pip install trailmark | `genotoxic` | Triage mutation testing results using graph analysis — classify survived mutants as false positives, missing tests, or fuzzing targets | | `vector-forge` | Mutation-driven test vector generation — find coverage gaps via mutation testing, then generate Wycheproof-style vectors that close them | | `graph-evolution` | Compare code graphs at two snapshots to surface security-relevant structural changes text diffs miss | +| `trailmark-review-gate` | Apply PASS/WARN/FAIL/UNKNOWN structural gate rules to branch, PR, fix, or release diffs | | `mermaid-to-proverif` | Convert Mermaid sequence diagrams into ProVerif formal verification models | | `audit-augmentation` | Project SARIF, weAudit, and v0.4 binary-analysis graph findings onto code graphs as annotations and subgraphs | +| `trailmark-finding-triage` | Triage one finding, SARIF result, weAudit annotation, suspicious function, or report excerpt with reachability, taint, privilege-boundary, and blast-radius evidence | +| `trailmark-variant-neighborhood` | Expand one seed issue into graph-derived variant candidates for variant-analysis, Semgrep, CodeQL, or manual review | | `trailmark-summary` | Quick structural overview (auto-detected languages, entry points, dependencies) for vivisect/galvanize | | `trailmark-structural` | Full structural analysis with all pre-analysis passes (blast radius, taint, privilege boundaries, complexity) | @@ -70,9 +73,12 @@ trailmark/ │ └── references/ ├── graph-evolution/ # Structural diff │ └── scripts/graph_diff.py + ├── trailmark-review-gate/ # Structural review gates ├── mermaid-to-proverif/ # Sequence diagram → ProVerif │ └── examples/ ├── audit-augmentation/ # SARIF/weAudit integration + ├── trailmark-finding-triage/ # Single-finding evidence packets + ├── trailmark-variant-neighborhood/ # Variant candidate neighborhoods ├── trailmark-summary/ # Quick overview for vivisect/galvanize └── trailmark-structural/ # Full structural analysis ``` @@ -84,3 +90,4 @@ trailmark/ | `mutation-testing` | Guidance for running mutation frameworks (mewt, muton) — use before genotoxic for triage | | `differential-review` | Text-level security diff review — complements graph-evolution's structural analysis | | `audit-context-building` | Deep architectural context before vulnerability hunting | +| `variant-analysis` | Search for related candidates after trailmark-finding-triage identifies a repeatable root cause | diff --git a/plugins/trailmark/skills/audit-augmentation/SKILL.md b/plugins/trailmark/skills/audit-augmentation/SKILL.md index ad974e2a..fc8deeae 100644 --- a/plugins/trailmark/skills/audit-augmentation/SKILL.md +++ b/plugins/trailmark/skills/audit-augmentation/SKILL.md @@ -27,6 +27,7 @@ also import an external binary-analysis graph JSON export via - Cross-referencing static analysis findings with blast radius or taint data - Querying which functions have high-severity findings - Visualizing audit coverage alongside code structure +- Preparing one SARIF or weAudit result for `trailmark-finding-triage` ## When NOT to Use @@ -162,6 +163,10 @@ annotated nodes. Use `engine.subgraph_names()` to see available subgraphs. - Findings on high blast radius nodes: overlap with `high_blast_radius` - Findings on privilege boundaries: overlap with `privilege_boundary` +For one candidate finding that needs a reachability verdict or PoC handoff, +continue with `trailmark-finding-triage` and use the augmented node as the +bound candidate. + ## Annotation Format Findings are stored as standard Trailmark annotations: diff --git a/plugins/trailmark/skills/graph-evolution/SKILL.md b/plugins/trailmark/skills/graph-evolution/SKILL.md index 3a7c4958..785c694b 100644 --- a/plugins/trailmark/skills/graph-evolution/SKILL.md +++ b/plugins/trailmark/skills/graph-evolution/SKILL.md @@ -301,6 +301,12 @@ line-level code review. The two are complementary — graph-evolution finds attack paths that text diffs miss, while differential-review provides git blame context and micro-adversarial analysis. +**trailmark-review-gate skill:** +Use trailmark-review-gate after graph-evolution when a branch, pull request, +fix commit, or release diff needs a PASS/WARN/FAIL/UNKNOWN structural review +packet. The gate applies deterministic review rules to graph-evolution output; +it does not replace human review. + **genotoxic skill:** If graph-evolution reveals new high-CC tainted nodes, feed them to genotoxic for mutation testing triage. diff --git a/plugins/trailmark/skills/trailmark-finding-triage/SKILL.md b/plugins/trailmark/skills/trailmark-finding-triage/SKILL.md new file mode 100644 index 00000000..62dbe599 --- /dev/null +++ b/plugins/trailmark/skills/trailmark-finding-triage/SKILL.md @@ -0,0 +1,138 @@ +--- +name: trailmark-finding-triage +description: "Performs graph-assisted triage of a single security finding, SARIF result, weAudit annotation, suspicious function, or report excerpt using Trailmark reachability, entrypoint paths, taint, privilege-boundary, blast-radius, caller/callee, and neighborhood evidence. Use when deciding whether one candidate issue is reachable, prioritizing a finding before PoC work, preparing evidence for exploit validation, or checking whether a static-analysis result is actionable." +allowed-tools: + - Bash + - Read + - Grep + - Glob + - Write +--- + +# Trailmark Finding Triage + +Build a concise graph evidence packet for one candidate finding. This skill +answers whether the affected code is reachable, what graph evidence supports +or weakens the claim, and what manual review is still required before calling +the issue exploitable. + +## When to Use + +- Triage one static-analysis result before spending PoC time +- Check whether a manual finding is entrypoint-reachable +- Build an evidence packet for PoC work +- Review a single suspicious function discovered during manual audit +- Decide whether one issue should be promoted, deprioritized, or treated as + part of a broader chain analysis + +## When NOT to Use + +- Multiple weak findings might compose into a stronger chain. Use a chain or + composition workflow instead. +- The user wants a full audit. Use an audit or design-review workflow instead. +- The user wants remediation verification for a known finding. Use a + remediation-review workflow instead. +- The target is a PR or branch diff. Use `graph-evolution` plus a differential + review workflow. +- No concrete finding, function, file/line, or suspicious sink exists yet. Use + discovery skills first. + +## Rationalizations to Reject + +| Rationalization | Why It Is Wrong | Required Action | +|---|---|---| +| "The scanner says high severity, so reachability is obvious" | Static findings need graph and code context before promotion | Bind the finding to a graph node and check entrypoint paths | +| "No entrypoint path means impossible" | It may mean parser, proxy, or dynamic dispatch limitations | Report the limitation separately from reachability | +| "An auth check appears on the path, so the issue is safe" | The check may enforce the wrong predicate or be bypassed by another path | Treat validation/auth as review targets, not proof | +| "One reachable path is enough for a PoC claim" | The path still needs attacker-controlled inputs and compatible preconditions | Separate graph reachability from exploitability | +| "This is probably a chain" | Single-finding triage stops at one candidate | Hand off related findings to a composition workflow | + +## Workflow + +``` +Finding Triage Progress: +- [ ] Step 1: Normalize the candidate +- [ ] Step 2: Build or reuse the Trailmark graph +- [ ] Step 3: Bind the candidate to graph node(s) +- [ ] Step 4: Analyze reachability, taint, boundaries, and blast radius +- [ ] Step 5: Decide and emit the evidence packet +``` + +### Step 1: Normalize the Candidate + +Accept file/line, function name, SARIF result, weAudit annotation, Markdown +finding excerpt, or a manual claim. Normalize it to: + +- title +- source type +- file path and line range if present +- function or node hint +- suspected source, sink, or asset +- claimed impact + +If there is no concrete code anchor, stop and ask for one. + +For input handling details, see +[references/input-normalization.md](references/input-normalization.md). + +### Step 2: Build Or Reuse The Graph + +Use the public `trailmark` skill workflow. Prefer an existing fresh exported +graph or `.trailmark/` artifact when present. Otherwise build a graph with +`language="auto"` or the target's explicit language list, then run +`engine.preanalysis()`. + +Record the Trailmark version or feature probes used. Feature-gate Trailmark +0.4-only APIs with `hasattr()` or CLI help checks. + +### Step 3: Bind The Candidate + +Bind by file and line overlap first, then function name plus file. If several +nodes match, list every candidate and select the narrowest enclosing node as +primary. If no node matches, report a binding limitation instead of guessing. + +SARIF and weAudit users should reuse the `audit-augmentation` workflow for +matching and then inspect the annotated node. + +### Step 4: Analyze Graph Evidence + +Run the query recipe in +[references/query-recipes.md](references/query-recipes.md): + +- entrypoint paths to the bound node +- trust level of each path when available +- membership in `tainted`, `privilege_boundary`, and `high_blast_radius` + subgraphs +- direct callers and callees +- high-impact downstream sinks +- sibling or nearby nodes worth manual review + +Do not treat graph reachability as proof of exploitability. + +### Step 5: Decide And Handoff + +Produce one verdict: + +| Verdict | Meaning | +|---|---| +| `Promote` | Graph evidence supports reachability and plausible impact | +| `Needs manual review` | Evidence is suggestive but not decisive | +| `Deprioritize` | No reachable path or only trusted/internal paths found | +| `Blocked` | Binding or Trailmark analysis failed | + +Write the evidence packet using +[references/output-format.md](references/output-format.md). + +Hand off promoted PoC-worthy issues to the user's PoC workflow. Hand off +related findings to a composition workflow. Hand off repeatable root causes to +`trailmark-variant-neighborhood`, `variant-analysis`, or a custom Semgrep/CodeQL +rule workflow. + +## Example Prompts + +- "Use Trailmark finding triage on `src/Vault.sol:148`; I think withdraw can + bypass the balance update." +- "Triage this SARIF result before I spend PoC time: `semgrep:error + unchecked-transfer` in `contracts/Bridge.sol` line 91." +- "This report excerpt claims `parse_packet` is attacker reachable. Build the + Trailmark evidence packet and tell me what is still missing." diff --git a/plugins/trailmark/skills/trailmark-finding-triage/agents/openai.yaml b/plugins/trailmark/skills/trailmark-finding-triage/agents/openai.yaml new file mode 100644 index 00000000..1d437b6d --- /dev/null +++ b/plugins/trailmark/skills/trailmark-finding-triage/agents/openai.yaml @@ -0,0 +1,4 @@ +interface: + icon_small: "assets/trail-of-bits-mark.svg" + icon_large: "assets/trail-of-bits-mark.svg" + brand_color: "#D83A34" diff --git a/plugins/trailmark/skills/trailmark-finding-triage/assets/trail-of-bits-mark.svg b/plugins/trailmark/skills/trailmark-finding-triage/assets/trail-of-bits-mark.svg new file mode 100644 index 00000000..7cd6e7ca --- /dev/null +++ b/plugins/trailmark/skills/trailmark-finding-triage/assets/trail-of-bits-mark.svg @@ -0,0 +1 @@ + diff --git a/plugins/trailmark/skills/trailmark-finding-triage/references/input-normalization.md b/plugins/trailmark/skills/trailmark-finding-triage/references/input-normalization.md new file mode 100644 index 00000000..575aa254 --- /dev/null +++ b/plugins/trailmark/skills/trailmark-finding-triage/references/input-normalization.md @@ -0,0 +1,51 @@ +# Input Normalization + +Normalize every request into one candidate record before graph analysis. + +## Accepted Inputs + +| Input | Required fields | Notes | +|---|---|---| +| File/line | `file`, `line` | Best starting point for direct graph binding | +| Function name | `function`, optional `file` | Ambiguous across files; ask for file if many nodes match | +| SARIF result | `artifactLocation.uri`, `region` | Prefer `audit-augmentation` matching when SARIF is available | +| weAudit annotation | file, line, severity, text | Convert 0-indexed lines to Trailmark's expected source lines when needed | +| Markdown finding | title, location or symbol | Extract the claimed impact but do not assume it is true | +| Manual claim | anchor plus suspected issue | Ask for a concrete anchor if none is provided | + +## Candidate Record + +Use this shape in notes and final output: + +```json +{ + "title": "Unchecked balance update before transfer", + "source_type": "manual|sarif|weaudit|report|function", + "file": "src/Vault.sol", + "line_range": [148, 168], + "function_hint": "withdraw(uint256)", + "suspected_source": "external caller", + "suspected_sink": "value transfer", + "claimed_impact": "withdrawal without balance decrement" +} +``` + +## Stop Conditions + +Stop and request a concrete anchor when: + +- only a vulnerability class is provided +- only a package or directory is provided +- the excerpt has no file, function, line, symbol, or SARIF/weAudit location +- all matching graph nodes are test, generated, or vendor code and the user did + not say those are in scope + +## Ambiguity Handling + +If multiple graph nodes match: + +1. Keep all matches in the evidence packet. +2. Prefer file/line overlap over name matching. +3. Prefer the narrowest enclosing node. +4. Mark confidence `Low` unless the candidate source unambiguously identifies + the intended node. diff --git a/plugins/trailmark/skills/trailmark-finding-triage/references/output-format.md b/plugins/trailmark/skills/trailmark-finding-triage/references/output-format.md new file mode 100644 index 00000000..83503812 --- /dev/null +++ b/plugins/trailmark/skills/trailmark-finding-triage/references/output-format.md @@ -0,0 +1,63 @@ +# Output Format + +Return a concise evidence packet. Use Markdown unless the user asks for JSON. + +```markdown +# Trailmark Finding Triage: + +## Verdict + +Status: Promote | Needs manual review | Deprioritize | Blocked +Confidence: High | Medium | Low + +## Candidate + +- Source: +- Location: +- Bound node: +- Claimed issue: + +## Graph Evidence + +- Entrypoint reachable: +- Entry paths: +- Tainted: +- Privilege boundary: +- Blast radius: +- Direct callers: +- Direct callees: +- Relevant sinks: + +## Manual Review Targets + +| Target | Why it matters | +|---|---| + +## Limitations + +## Recommended Next Step +``` + +## Verdict Criteria + +| Verdict | Use when | +|---|---| +| `Promote` | The candidate binds cleanly, has reachable entrypoint paths, and graph evidence supports plausible impact | +| `Needs manual review` | The candidate is reachable but exploitability depends on validation, authorization, type, or state semantics | +| `Deprioritize` | The candidate is not entrypoint-reachable, is only trusted-internal, or sits in test/generated/vendor code outside scope | +| `Blocked` | The candidate cannot be bound, Trailmark fails, or the language/parser is unsupported | + +## Confidence Criteria + +| Confidence | Use when | +|---|---| +| `High` | Binding is exact, paths are explicit, and graph evidence is consistent | +| `Medium` | Binding is clear but path or sink evidence has uncertainty | +| `Low` | Binding is ambiguous, dynamic dispatch/proxy edges dominate, or important graph features are unavailable | + +## Wording Requirements + +- Say "graph evidence supports" instead of "Trailmark proves". +- Say "manual review target" for validators, auth checks, and sanitizers. +- Separate "reachable" from "attacker controlled". +- Separate "candidate" from "confirmed vulnerability". diff --git a/plugins/trailmark/skills/trailmark-finding-triage/references/query-recipes.md b/plugins/trailmark/skills/trailmark-finding-triage/references/query-recipes.md new file mode 100644 index 00000000..cebe8550 --- /dev/null +++ b/plugins/trailmark/skills/trailmark-finding-triage/references/query-recipes.md @@ -0,0 +1,92 @@ +# Query Recipes + +Use these recipes after building a graph and running `engine.preanalysis()`. +Feature-gate optional Trailmark 0.4 APIs with `hasattr()`. + +## Build And Preanalyze + +```python +from trailmark.query.api import QueryEngine + +engine = QueryEngine.from_directory("{targetDir}", language="auto") +engine.preanalysis() +``` + +If auto-detection is wrong, rerun with an explicit language or comma-separated +language list. + +## Bind A File/Line Candidate + +Prefer Trailmark or `audit-augmentation` matching helpers when available. If +working from exported JSON, match nodes whose location file equals the +candidate file and whose line span overlaps the candidate line range. Pick the +smallest span as primary. + +## Reachability + +```python +node_id = "{bound_node}" + +if hasattr(engine, "entrypoint_paths_to"): + entry_paths = engine.entrypoint_paths_to(node_id) +else: + entry_paths = [] + for entry in engine.attack_surface(): + for path in engine.paths_between(entry["name"], node_id): + entry_paths.append(path) +``` + +Classify paths as: + +- `untrusted_external` +- `semi_trusted_external` +- `trusted_internal` +- `unknown` + +If no path exists, distinguish likely dead/internal code from parser, +language, proxy, dynamic dispatch, or missing-entrypoint modeling gaps. + +## Taint And Privilege Boundaries + +```python +tainted = node_id in set(engine.subgraph("tainted")) +boundary = node_id in set(engine.subgraph("privilege_boundary")) +entry_reachable = node_id in set(engine.subgraph("entrypoint_reachable")) +``` + +When `connect_subgraphs()` exists, use it to find paths from tainted nodes to +privilege-boundary nodes and check whether the candidate sits on or near those +paths. + +## Blast Radius And Neighborhood + +```python +callers = engine.callers_of(node_id) +callees = engine.callees_of(node_id) +high_blast = node_id in set(engine.subgraph("high_blast_radius")) + +if hasattr(engine, "reachable_from"): + downstream = engine.reachable_from(node_id) +else: + downstream = [] +``` + +Flag downstream sinks involving: + +- value transfer +- authorization or role decisions +- persistence or state writes +- parsing or deserialization +- cryptographic keys, sessions, or signatures +- external process, network, or file operations + +## Evidence Limits + +Always record: + +- Trailmark version or feature probes +- unsupported languages or parser errors +- unresolved/proxy/dynamic call uncertainty +- unmatched or ambiguous graph binding +- missing entrypoint modeling +- places where manual security judgment is still required diff --git a/plugins/trailmark/skills/trailmark-review-gate/SKILL.md b/plugins/trailmark/skills/trailmark-review-gate/SKILL.md new file mode 100644 index 00000000..96f3216c --- /dev/null +++ b/plugins/trailmark/skills/trailmark-review-gate/SKILL.md @@ -0,0 +1,112 @@ +--- +name: trailmark-review-gate +description: "Runs a Trailmark structural review gate over a branch, pull request, fix commit, release diff, or git ref range to detect new entrypoints, new tainted paths, removed validation or authorization calls, privilege-boundary drift, blast-radius growth, complexity growth, and newly reachable sensitive sinks. Use when reviewing a PR, branch, remediation commit, or release diff where graph-level security regressions should be checked before merge." +allowed-tools: + - Bash + - Read + - Grep + - Glob + - Write +--- + +# Trailmark Review Gate + +Apply deterministic security gate rules to Trailmark structural diff evidence. +This skill does not replace line-level review. It produces a compact structural +packet reviewers can cite while they inspect the code. + +## When to Use + +- Reviewing a branch, pull request, release diff, or fix commit +- Checking whether a change expands attack surface +- Looking for removed validation or authorization on reachable paths +- Comparing before/after taint, privilege-boundary, blast-radius, or + complexity signals +- Producing graph evidence for a differential review + +## When NOT to Use + +- Single-snapshot analysis. Use `trailmark` or `trailmark-structural`. +- Text-diff review only. Use `differential-review`. +- Full vulnerability discovery. Use an audit or bug-finding workflow. +- One static finding. Use `trailmark-finding-triage`. +- Tooling is unavailable and the user wants manual review only. + +## Rationalizations to Reject + +| Rationalization | Why It Is Wrong | Required Action | +|---|---|---| +| "The line diff is small, so no graph gate is needed" | Small changes can create new call paths | Compare before/after graphs | +| "Graph gate passed, so the PR is secure" | The gate only checks structural regressions | Still perform line-level review | +| "Trailmark failed, so pass the gate" | Tool failure is unknown risk, not success | Emit `UNKNOWN` | +| "Tests pass, so removed validation is fine" | Tests may miss affected entrypoint paths | Review the removed path manually | +| "Only new code matters" | Removed auth, validation, and callers can be higher risk than additions | Review removals and path changes | + +## Workflow + +``` +Review Gate Progress: +- [ ] Step 1: Resolve before/after inputs +- [ ] Step 2: Build graph-evolution evidence +- [ ] Step 3: Normalize structural changes +- [ ] Step 4: Apply gate rules +- [ ] Step 5: Emit review packet and actions +``` + +### Step 1: Resolve Inputs + +Accept two refs, a branch name, a commit range, or before/after directories. +Do not check out branches unnecessarily. Prefer `git diff`, `git show`, and +git worktrees, following the `graph-evolution` snapshot workflow. + +### Step 2: Build Graph Evidence + +Run `graph-evolution` or equivalent Trailmark before/after graph analysis. +Both snapshots must run `engine.preanalysis()` so taint, privilege-boundary, +blast-radius, complexity, and entrypoint signals are available. + +Record Trailmark version and any feature probes. If graph construction fails, +emit `UNKNOWN`. + +### Step 3: Normalize Changes + +Normalize evidence into: + +- added, removed, and modified nodes +- added and removed edges +- entrypoint set changes +- taint membership changes +- privilege-boundary membership changes +- blast-radius changes +- complexity changes +- newly reachable sensitive sinks +- unresolved, proxy, or dynamic edge changes + +### Step 4: Apply Gate Rules + +Apply the rules in [references/gate-rules.md](references/gate-rules.md). +Gate verdicts are: + +| Verdict | Meaning | +|---|---| +| `FAIL` | A high-risk structural regression needs review before acceptance | +| `WARN` | A meaningful graph change needs reviewer attention | +| `PASS` | No configured structural gate fired | +| `UNKNOWN` | Trailmark failed or evidence is too incomplete | + +### Step 5: Emit Packet + +Write the packet using +[references/output-format.md](references/output-format.md), then hand it to +the branch reviewer. Use +[references/review-integration.md](references/review-integration.md) when +combining this packet with `differential-review` or another PR review process. + +## Requirements + +- Never mutate the user's working branch while comparing refs. +- Never report `PASS` when Trailmark failed. +- Separate graph evidence from manual security judgment. +- Include exact changed nodes or paths for every `FAIL` and `WARN`. +- Include limitations when parser, proxy, unresolved-call, or dynamic-dispatch + uncertainty affects the verdict. diff --git a/plugins/trailmark/skills/trailmark-review-gate/agents/openai.yaml b/plugins/trailmark/skills/trailmark-review-gate/agents/openai.yaml new file mode 100644 index 00000000..1d437b6d --- /dev/null +++ b/plugins/trailmark/skills/trailmark-review-gate/agents/openai.yaml @@ -0,0 +1,4 @@ +interface: + icon_small: "assets/trail-of-bits-mark.svg" + icon_large: "assets/trail-of-bits-mark.svg" + brand_color: "#D83A34" diff --git a/plugins/trailmark/skills/trailmark-review-gate/assets/trail-of-bits-mark.svg b/plugins/trailmark/skills/trailmark-review-gate/assets/trail-of-bits-mark.svg new file mode 100644 index 00000000..7cd6e7ca --- /dev/null +++ b/plugins/trailmark/skills/trailmark-review-gate/assets/trail-of-bits-mark.svg @@ -0,0 +1 @@ +<svg xmlns="http://www.w3.org/2000/svg" width="94" height="56" fill="none" viewBox="0 0 94 56"><path fill="#F0F4F7" d="m34.04 54.662-7.61-4.147L24.593 56l9.433-1.335c-.029 0-.043 0 .014-.003"/><path fill="#F0F4F7" d="m34.039 54.662-.014.003c.035 0 .096-.003.014-.003m26.191-2.67 6.124-1.804 2.301-7.26-5.655.387zM74.805 5.478l-4.68-3.035-2.62 8.332 5.15 1.548zM43.224 3.532s3.172.973 4.423 1.328l4.508 1.335L52.234 0l-7.928 1.576zm-31.473 23.14 5.566.014 1.982-6.216-5.06-1.342c-.538 1.708-1.94 5.837-2.488 7.544M1.394 20.896l4.164 4.338 2.398-7.696-5.11-1.357zm88.205 24.841c-.086-2.18-.692-2.894-1.978-4.232l-6.71.447c1.871 1.175 3.018 2.63 3.255 4.583.261 2.145-2.068 4.623-4.322 4.623-1.258 0-1.885-.987-1.885-2.12.035-.845.333-1.942.777-2.673h-5.691c-.444 1.136-.813 2.418-.813 3.625 0 4.136 3.659 5.197 7.131 5.197 3.62 0 6.616-.696 8.501-4.03.85-1.505 1.806-3.663 1.735-5.42M18.804.56 1.362.576 0 4.86l6.394-.007-3.161 9.962 5.114 1.356 3.551-11.322 5.544-.007z"/><path fill="#F0F4F7" d="M20.707 15.898c.628-.04 1.258-.04 1.886-.04 1.035-.003 2.587.072 2.587 1.499.004.987-.366 2.233-.66 3.184-.551 1.942-1.214 3.88-1.325 5.858l5.727-.007c-.151-3.185 1.842-5.968 1.838-9.117 0-2.123-1.627-2.964-3.512-3.294l.552-.075c4.103-.554 6.39-3.738 6.386-7.729-.004-4.423-3.738-5.666-7.544-5.662l-6.576.007c-1.87 5.751-3.645 11.534-5.462 17.31l5.057 1.339zM24.245 4.58l1.849-.004c1.369 0 2.734.327 2.738 1.939.003 1.977-1.437 5.31-3.803 5.31l-3.031.004zm11.959 21.883 2.949-5.531 7.06-.008-.215 5.564 5.544-.004.441-18.94-4.763-1.43a89 89 0 0 0-.677 10.71h-.036l-5.322.004c1.914-3.586 3.749-7.2 5.4-10.906L42.77 4.775 30.437 26.466zm39.249-.036 1.402-4.214-7.43.01 2.753-8.612-5.15-1.548-4.584 14.375zm-34.411 1.658h-7.28l-6.834 21.18 8.698 4.694c5.208-.196 8.856-4.012 8.856-9.252 0-2.013-1.258-3.586-3.215-4.136 3.846-.877 6.319-3.33 6.319-7.356-.004-3.923-3.072-5.13-6.544-5.13m-2.993 20.318c-1.036 1.537-2.143 1.647-3.881 1.647h-2.254l2.476-7.611c1.81.07 5.024-.366 5.024 2.268 0 1.168-.698 2.744-1.365 3.696m-.444-9.667h-2.072l2.18-6.7c1.626.075 4.694-.436 4.694 2.053.04 2.928-1.846 4.647-4.802 4.647M58.67 9.582l-5.522 18.29-4.878 14.836 5.856-.447 4.23-13.2h.006l5.713-17.878c-.796-.22-3.964-1.228-5.404-1.601m2.738 18.542-1.37 4.278h6.398l-2.993 9.525 5.584-.38 2.913-9.145h5.541l1.37-4.278zm25.351-.259c-5.726 0-9.127 3.951-9.127 9.444.007.798.727 2.765 2.2 3.422l6.888-.462c-1.172-.98-3.243-3.29-3.243-4.519 0-1.686.95-3.891 2.91-3.891 1.33 0 2.143.366 2.143 1.793 0 .916-.444 1.757-.702 2.638h5.322c.333-.77.849-2.528.849-3.334.004-3.994-3.913-5.09-7.24-5.09m-63.15.372c-2.605 0-2.978 1.906-3.623 3.93-.215.728-.623 1.615-.623 2.379 0 1.47 1.315 1.75 2.537 1.75 1.494.01 2.29-.487 2.82-1.878.362-.952 1.305-3.568 1.305-4.488 0-1.303-1.326-1.693-2.416-1.693m.728 1.87c0 .328-.373 1.392-.498 1.765l-.577 1.782c-.226.675-.498 1.449-1.359 1.449-.487 0-.802-.28-.802-.785 0-.653.509-1.864.724-2.538.215-.671.498-2.01 1.247-2.269.168-.056.351-.078.534-.078.34 0 .749.302.749.664zm5.902 2.674.394-1.292H28.37l.613-1.928h2.38l.42-1.292h-4.126l-2.48 7.924h1.735l1.075-3.412z"/></svg> diff --git a/plugins/trailmark/skills/trailmark-review-gate/references/gate-rules.md b/plugins/trailmark/skills/trailmark-review-gate/references/gate-rules.md new file mode 100644 index 00000000..9d6d5cbe --- /dev/null +++ b/plugins/trailmark/skills/trailmark-review-gate/references/gate-rules.md @@ -0,0 +1,53 @@ +# Gate Rules + +Start with deterministic, conservative rules. A triggered rule creates a +review obligation; it does not prove a vulnerability. + +| Rule | Verdict | Why it matters | +|---|---|---| +| New untrusted entrypoint | `FAIL` | Expands external attack surface | +| New path from untrusted entrypoint to sensitive sink | `FAIL` | Creates a candidate exploit path | +| Removed auth, validation, or sanitization call on reachable path | `FAIL` | Common regression in fixes and feature PRs | +| Newly tainted privilege-boundary node | `FAIL` | Trust transition now handles untrusted data | +| Blast radius growth above threshold | `WARN` | A bug may now affect more code | +| Complexity growth on tainted or boundary node | `WARN` | Risky logic became harder to review | +| New unresolved, proxy, or dynamic call on reachable path | `WARN` | Graph uncertainty increased in a risky area | +| Dead security function removed | `WARN` | May be cleanup or accidental security removal | + +## Default Thresholds + +Use these defaults unless the repository has stricter local rules: + +| Signal | Default threshold | +|---|---| +| Blast radius growth | `+5` downstream reachable nodes or `+25%`, whichever is larger | +| Complexity growth | cyclomatic complexity `+3` on tainted, boundary, or entrypoint-reachable node | +| Sensitive sink path | any new path from untrusted entrypoint to sink | +| Unresolved/proxy growth | any new unresolved/proxy edge on an entrypoint-reachable path | + +Thresholds are intentionally conservative. They reduce noise while still +catching structural changes that line diffs often understate. + +## Sensitive Sink Categories + +Flag new reachable paths to: + +- value transfer +- authorization or role decisions +- persistence or state writes +- parsing or deserialization +- cryptographic keys, sessions, or signatures +- external process, network, or file operations +- upgrade, plugin, hook, or dynamic dispatch mechanisms + +## Rule Precedence + +Use the most severe triggered verdict: + +1. `UNKNOWN` if Trailmark cannot produce adequate evidence +2. `FAIL` if any fail rule triggers +3. `WARN` if any warn rule triggers +4. `PASS` only if evidence is adequate and no rule triggers + +If both `UNKNOWN` and `FAIL` seem applicable, emit `UNKNOWN` and list the +suspected fail condition as a manual review target. diff --git a/plugins/trailmark/skills/trailmark-review-gate/references/output-format.md b/plugins/trailmark/skills/trailmark-review-gate/references/output-format.md new file mode 100644 index 00000000..26aaba94 --- /dev/null +++ b/plugins/trailmark/skills/trailmark-review-gate/references/output-format.md @@ -0,0 +1,50 @@ +# Output Format + +Use Markdown unless the user asks for JSON. + +```markdown +# Trailmark Review Gate + +## Verdict + +Gate: PASS | WARN | FAIL | UNKNOWN +Confidence: High | Medium | Low + +## Triggered Rules + +| Rule | Verdict | Evidence | +|---|---|---| + +## Structural Changes + +| Change | Before | After | Review target | +|---|---|---|---| + +## Entrypoint And Reachability Changes + +## Privilege And Taint Changes + +## Blast Radius And Complexity Changes + +## Limitations + +## Recommended Reviewer Actions +``` + +## Evidence Requirements + +For each triggered rule, include: + +- changed node or edge identifier +- source file or symbol when available +- entrypoint path when relevant +- before/after metric when metric-based +- manual review target + +## Wording Requirements + +- Say "gate fired" instead of "vulnerability found". +- Say "review target" instead of "exploit path" unless exploitability is + separately established. +- Say `UNKNOWN` when Trailmark fails or parser support is too incomplete. +- Do not claim a `PASS` means the change is secure. diff --git a/plugins/trailmark/skills/trailmark-review-gate/references/review-integration.md b/plugins/trailmark/skills/trailmark-review-gate/references/review-integration.md new file mode 100644 index 00000000..aa734a83 --- /dev/null +++ b/plugins/trailmark/skills/trailmark-review-gate/references/review-integration.md @@ -0,0 +1,42 @@ +# Review Integration + +Use the review gate packet as supporting evidence for a human branch review. +It should be attached to, pasted into, or summarized alongside line-level +review notes. + +## With Differential Review + +Use `differential-review` for line-level analysis and this skill for structural +signals. Recommended order: + +1. Run `differential-review` to identify risky changed files and functions. +2. Run `graph-evolution` and `trailmark-review-gate` on the same before/after + range. +3. Cross-reference `FAIL` and `WARN` rules with changed source lines. +4. Add the gate packet to the review notes. +5. Treat `PASS` as "no configured graph rule fired", not as approval. + +## With PR Review Processes + +When an engagement has a separate PR review workflow, include: + +- gate verdict +- triggered rules table +- exact changed nodes and paths +- manual reviewer actions +- limitations + +Do not use GitHub write actions unless the review process explicitly asks for +them. The packet is review evidence, not an automatic merge decision. + +## With Remediation Review + +For a fix commit: + +- compare vulnerable base to the proposed fix +- check that affected reachable paths changed as expected +- check that no new entrypoint or sensitive-sink path appeared +- report `UNKNOWN` if graph evidence cannot confirm the structural change + +This does not replace semantic verification that the original finding was +fixed. diff --git a/plugins/trailmark/skills/trailmark-variant-neighborhood/SKILL.md b/plugins/trailmark/skills/trailmark-variant-neighborhood/SKILL.md new file mode 100644 index 00000000..11307325 --- /dev/null +++ b/plugins/trailmark/skills/trailmark-variant-neighborhood/SKILL.md @@ -0,0 +1,109 @@ +--- +name: trailmark-variant-neighborhood +description: "Expands one confirmed or suspected vulnerability into a Trailmark graph neighborhood of variant candidates by finding sibling functions, shared callers and callees, common sensitive sinks, common entrypoint paths, interface implementations, override relationships, type/reference neighbors, and structurally similar nodes. Use after one issue is found to seed variant-analysis, semgrep-rule-creator, static-analysis, or manual review with graph-derived candidate locations." +allowed-tools: + - Bash + - Read + - Grep + - Glob + - Write +--- + +# Trailmark Variant Neighborhood + +Expand one seed issue into graph-derived variant candidates. This skill +generates review targets, not confirmed findings. + +## When to Use + +- A finding is confirmed or plausible and variants may exist +- The vulnerable pattern depends on call context +- The issue involves a shared sink, source, validator, interface, override, + trait, hook, handler, adapter, or critical type +- The next step is to seed `variant-analysis`, `semgrep-rule-creator`, + `static-analysis`, or manual review + +## When NOT to Use + +- No seed issue exists. Use discovery or triage first. +- The pattern is purely syntactic and already obvious. Use + `semgrep-rule-creator` directly. +- The question is exploit-chain composition across multiple findings. Use a + composition workflow. +- The goal is remediation verification. Use a remediation-review workflow. +- The seed cannot be bound to a graph node. + +## Rationalizations to Reject + +| Rationalization | Why It Is Wrong | Required Action | +|---|---|---| +| "Nearby code means variant" | Proximity is only a candidate reason | Rank it as a review target | +| "Only exact same names matter" | Variants often share sinks or preconditions, not names | Expand across callers, callees, interfaces, and types | +| "Every candidate is a finding" | This skill outputs candidates for review | Avoid vulnerability claims | +| "Unreachable candidates can be ignored completely" | They may become reachable after refactors | Rank lower or list as deferred | +| "Graph candidates replace semantic pattern work" | Graph structure finds locations, not root-cause semantics | Hand off to variant-analysis, Semgrep, CodeQL, or manual review | + +## Workflow + +``` +Variant Neighborhood Progress: +- [ ] Step 1: Normalize and bind the seed +- [ ] Step 2: Expand graph neighborhoods +- [ ] Step 3: Rank candidates +- [ ] Step 4: Extract variant pattern guidance +- [ ] Step 5: Emit handoff packet +``` + +### Step 1: Normalize And Bind The Seed + +Accept finding text, file/line, function name, or output from +`trailmark-finding-triage`. Bind the seed to a Trailmark node and record the +root cause in plain language. + +If the seed has no concrete graph binding, stop before inventing variants. + +### Step 2: Expand Neighborhoods + +Use the dimensions in +[references/neighborhood-patterns.md](references/neighborhood-patterns.md): + +- shared callers +- shared callees and sinks +- entrypoint path neighbors +- interface, override, trait, and implementation siblings +- file or module cluster neighbors +- taint or privilege-boundary peers +- type and state-reference neighbors + +Bound expansion to avoid candidate floods. + +### Step 3: Rank Candidates + +Rank with [references/ranking.md](references/ranking.md). Prioritize +entrypoint-reachable, tainted, boundary-adjacent, high-blast-radius, shared +sink, same-interface, and close-distance candidates. Penalize test, mock, +generated, vendor, unreachable, and trusted-internal-only candidates. + +### Step 4: Extract Pattern Guidance + +Summarize what should be searched for syntactically and what requires semantic +review. Identify whether follow-up belongs in: + +- `variant-analysis` +- `semgrep-rule-creator` +- `static-analysis` with CodeQL or SARIF-producing tools +- manual review + +### Step 5: Emit Handoff Packet + +Use [references/output-format.md](references/output-format.md). Include +ranked candidates, inclusion reasons, exclusions, limitations, and the +variant-analysis handoff. + +## Stop Conditions + +- No graph binding exists +- Candidate count is too high and the root cause is underspecified +- Trailmark cannot analyze the target language +- The seed is only in test, generated, or vendor code and the user did not say + that code is in scope diff --git a/plugins/trailmark/skills/trailmark-variant-neighborhood/agents/openai.yaml b/plugins/trailmark/skills/trailmark-variant-neighborhood/agents/openai.yaml new file mode 100644 index 00000000..1d437b6d --- /dev/null +++ b/plugins/trailmark/skills/trailmark-variant-neighborhood/agents/openai.yaml @@ -0,0 +1,4 @@ +interface: + icon_small: "assets/trail-of-bits-mark.svg" + icon_large: "assets/trail-of-bits-mark.svg" + brand_color: "#D83A34" diff --git a/plugins/trailmark/skills/trailmark-variant-neighborhood/assets/trail-of-bits-mark.svg b/plugins/trailmark/skills/trailmark-variant-neighborhood/assets/trail-of-bits-mark.svg new file mode 100644 index 00000000..7cd6e7ca --- /dev/null +++ b/plugins/trailmark/skills/trailmark-variant-neighborhood/assets/trail-of-bits-mark.svg @@ -0,0 +1 @@ +<svg xmlns="http://www.w3.org/2000/svg" width="94" height="56" fill="none" viewBox="0 0 94 56"><path fill="#F0F4F7" d="m34.04 54.662-7.61-4.147L24.593 56l9.433-1.335c-.029 0-.043 0 .014-.003"/><path fill="#F0F4F7" d="m34.039 54.662-.014.003c.035 0 .096-.003.014-.003m26.191-2.67 6.124-1.804 2.301-7.26-5.655.387zM74.805 5.478l-4.68-3.035-2.62 8.332 5.15 1.548zM43.224 3.532s3.172.973 4.423 1.328l4.508 1.335L52.234 0l-7.928 1.576zm-31.473 23.14 5.566.014 1.982-6.216-5.06-1.342c-.538 1.708-1.94 5.837-2.488 7.544M1.394 20.896l4.164 4.338 2.398-7.696-5.11-1.357zm88.205 24.841c-.086-2.18-.692-2.894-1.978-4.232l-6.71.447c1.871 1.175 3.018 2.63 3.255 4.583.261 2.145-2.068 4.623-4.322 4.623-1.258 0-1.885-.987-1.885-2.12.035-.845.333-1.942.777-2.673h-5.691c-.444 1.136-.813 2.418-.813 3.625 0 4.136 3.659 5.197 7.131 5.197 3.62 0 6.616-.696 8.501-4.03.85-1.505 1.806-3.663 1.735-5.42M18.804.56 1.362.576 0 4.86l6.394-.007-3.161 9.962 5.114 1.356 3.551-11.322 5.544-.007z"/><path fill="#F0F4F7" d="M20.707 15.898c.628-.04 1.258-.04 1.886-.04 1.035-.003 2.587.072 2.587 1.499.004.987-.366 2.233-.66 3.184-.551 1.942-1.214 3.88-1.325 5.858l5.727-.007c-.151-3.185 1.842-5.968 1.838-9.117 0-2.123-1.627-2.964-3.512-3.294l.552-.075c4.103-.554 6.39-3.738 6.386-7.729-.004-4.423-3.738-5.666-7.544-5.662l-6.576.007c-1.87 5.751-3.645 11.534-5.462 17.31l5.057 1.339zM24.245 4.58l1.849-.004c1.369 0 2.734.327 2.738 1.939.003 1.977-1.437 5.31-3.803 5.31l-3.031.004zm11.959 21.883 2.949-5.531 7.06-.008-.215 5.564 5.544-.004.441-18.94-4.763-1.43a89 89 0 0 0-.677 10.71h-.036l-5.322.004c1.914-3.586 3.749-7.2 5.4-10.906L42.77 4.775 30.437 26.466zm39.249-.036 1.402-4.214-7.43.01 2.753-8.612-5.15-1.548-4.584 14.375zm-34.411 1.658h-7.28l-6.834 21.18 8.698 4.694c5.208-.196 8.856-4.012 8.856-9.252 0-2.013-1.258-3.586-3.215-4.136 3.846-.877 6.319-3.33 6.319-7.356-.004-3.923-3.072-5.13-6.544-5.13m-2.993 20.318c-1.036 1.537-2.143 1.647-3.881 1.647h-2.254l2.476-7.611c1.81.07 5.024-.366 5.024 2.268 0 1.168-.698 2.744-1.365 3.696m-.444-9.667h-2.072l2.18-6.7c1.626.075 4.694-.436 4.694 2.053.04 2.928-1.846 4.647-4.802 4.647M58.67 9.582l-5.522 18.29-4.878 14.836 5.856-.447 4.23-13.2h.006l5.713-17.878c-.796-.22-3.964-1.228-5.404-1.601m2.738 18.542-1.37 4.278h6.398l-2.993 9.525 5.584-.38 2.913-9.145h5.541l1.37-4.278zm25.351-.259c-5.726 0-9.127 3.951-9.127 9.444.007.798.727 2.765 2.2 3.422l6.888-.462c-1.172-.98-3.243-3.29-3.243-4.519 0-1.686.95-3.891 2.91-3.891 1.33 0 2.143.366 2.143 1.793 0 .916-.444 1.757-.702 2.638h5.322c.333-.77.849-2.528.849-3.334.004-3.994-3.913-5.09-7.24-5.09m-63.15.372c-2.605 0-2.978 1.906-3.623 3.93-.215.728-.623 1.615-.623 2.379 0 1.47 1.315 1.75 2.537 1.75 1.494.01 2.29-.487 2.82-1.878.362-.952 1.305-3.568 1.305-4.488 0-1.303-1.326-1.693-2.416-1.693m.728 1.87c0 .328-.373 1.392-.498 1.765l-.577 1.782c-.226.675-.498 1.449-1.359 1.449-.487 0-.802-.28-.802-.785 0-.653.509-1.864.724-2.538.215-.671.498-2.01 1.247-2.269.168-.056.351-.078.534-.078.34 0 .749.302.749.664zm5.902 2.674.394-1.292H28.37l.613-1.928h2.38l.42-1.292h-4.126l-2.48 7.924h1.735l1.075-3.412z"/></svg> diff --git a/plugins/trailmark/skills/trailmark-variant-neighborhood/references/neighborhood-patterns.md b/plugins/trailmark/skills/trailmark-variant-neighborhood/references/neighborhood-patterns.md new file mode 100644 index 00000000..3e7927d6 --- /dev/null +++ b/plugins/trailmark/skills/trailmark-variant-neighborhood/references/neighborhood-patterns.md @@ -0,0 +1,59 @@ +# Neighborhood Patterns + +Use multiple bounded graph dimensions. Each dimension creates candidate review +targets, not findings. + +| Dimension | Query idea | Variant hypothesis | +|---|---|---| +| Same caller | Other callees of the seed's caller | Caller applies the same bad precondition before several sinks | +| Same callee/sink | Other callers of the vulnerable sink | Missing validation before the same sink elsewhere | +| Same entrypoint path | Nodes on related paths from the same entrypoint | Adjacent unchecked operation in the same user flow | +| Same interface/override | Implementations of the same interface, trait, override, hook, or adapter family | One implementation fixed, sibling remains vulnerable | +| Same file/module cluster | Neighboring functions with similar dependencies | Copy/paste or parallel business logic | +| Same taint/boundary class | Nodes with the same taint and boundary status | Same trust transition, different operation | +| Same type/reference use | Functions touching the same critical type or state object | Missing invariant around the same asset | + +## Query Sketches + +```python +seed = "{bound_node}" +callers = engine.callers_of(seed) +callees = engine.callees_of(seed) + +same_caller_candidates = [] +for caller in callers: + same_caller_candidates.extend(engine.callees_of(caller)) + +same_sink_candidates = [] +for callee in callees: + if is_sensitive_sink(callee): + same_sink_candidates.extend(engine.callers_of(callee)) + +if hasattr(engine, "entrypoint_paths_to"): + paths = engine.entrypoint_paths_to(seed) + +if hasattr(engine, "type_references"): + type_neighbors = engine.type_references(seed) +``` + +## Expansion Bounds + +Use the smallest useful candidate set: + +- cap each dimension at the top 10 candidates unless the user asks for more +- prefer graph distance 1 or 2 before wider expansion +- exclude generated, vendor, test, and mock paths by default +- stop and ask for a narrower root cause when more than 50 candidates survive + first-pass ranking + +## Evidence To Preserve + +For each candidate, preserve: + +- node ID and source location +- neighborhood dimension +- distance from seed when available +- reachability and trust level +- taint and privilege-boundary status +- shared sink, caller, interface, or type reason +- exclusion or penalty reason diff --git a/plugins/trailmark/skills/trailmark-variant-neighborhood/references/output-format.md b/plugins/trailmark/skills/trailmark-variant-neighborhood/references/output-format.md new file mode 100644 index 00000000..f6f1fd01 --- /dev/null +++ b/plugins/trailmark/skills/trailmark-variant-neighborhood/references/output-format.md @@ -0,0 +1,66 @@ +# Output Format + +Use Markdown unless the user asks for JSON. + +```markdown +# Trailmark Variant Neighborhood + +## Seed + +- Finding: +- Bound node: +- Root cause: + +## Candidate Summary + +| Rank | Candidate | Reason | Reachability | Confidence | +|---|---|---|---|---| + +## Graph Neighborhoods + +### Shared Callers +### Shared Callees / Sinks +### Entrypoint Path Neighbors +### Interface Or Implementation Siblings +### Type / State Neighbors + +## Variant-Analysis Handoff + +- Root cause: +- Keep specific: +- Abstract: +- Suggested searches: +- Suggested CodeQL/Semgrep direction: + +## Exclusions And Limitations +``` + +## Wording Requirements + +- Say "candidate" or "review target", not "variant vulnerability". +- Explain why each candidate was included. +- Separate graph similarity from semantic root-cause similarity. +- Include exclusions so reviewers understand why obvious nearby code was not + prioritized. + +## Handoff Guidance + +For `variant-analysis`, provide: + +- seed location +- root cause in one sentence +- ranked candidate table +- positive and negative examples +- graph dimensions that produced useful candidates + +For `semgrep-rule-creator`, provide: + +- the syntax that should stay specific +- the syntax that should be abstracted +- at least one true-positive candidate and one likely negative example + +For `static-analysis`, provide: + +- candidate files and functions +- suggested source, sink, or path query shape +- SARIF output expectation if the user wants machine-readable results diff --git a/plugins/trailmark/skills/trailmark-variant-neighborhood/references/ranking.md b/plugins/trailmark/skills/trailmark-variant-neighborhood/references/ranking.md new file mode 100644 index 00000000..83472b7e --- /dev/null +++ b/plugins/trailmark/skills/trailmark-variant-neighborhood/references/ranking.md @@ -0,0 +1,44 @@ +# Ranking + +Rank candidates by review value, not by confirmed severity. + +## Positive Signals + +| Signal | Effect | +|---|---| +| Entrypoint-reachable | Strong priority increase | +| Untrusted or semi-trusted entrypoint path | Strong priority increase | +| Tainted | Strong priority increase | +| Privilege-boundary adjacent | Strong priority increase | +| High blast radius | Priority increase | +| Shares vulnerable sink | Priority increase | +| Same interface, override, trait, hook, or adapter family | Priority increase | +| Same critical type or state reference | Priority increase | +| Graph distance 1 or 2 from seed | Priority increase | + +## Negative Signals + +| Signal | Effect | +|---|---| +| Unreachable from modeled entrypoints | Lower priority; keep if root cause is strong | +| Trusted-internal-only | Lower priority | +| Test, mock, generated, or vendor code | Exclude unless in scope | +| Ambiguous binding | Lower confidence | +| Proxy or dynamic edge uncertainty dominates | Lower confidence and add limitation | + +## Rank Labels + +| Rank | Meaning | +|---|---| +| `High` | Review first; strong structural similarity and reachability | +| `Medium` | Plausible variant; needs semantic review | +| `Low` | Weak or unreachable candidate; keep for completeness or deferred review | +| `Excluded` | Out of scope, generated, vendor, or insufficient binding | + +## Confidence Labels + +| Confidence | Use when | +|---|---| +| `High` | Exact binding, explicit relationship, clear reachability | +| `Medium` | Clear relationship but some path or root-cause uncertainty | +| `Low` | Ambiguous binding, dynamic dispatch uncertainty, or weak similarity | diff --git a/plugins/trailmark/skills/trailmark/SKILL.md b/plugins/trailmark/skills/trailmark/SKILL.md index 153aa119..ba71f964 100644 --- a/plugins/trailmark/skills/trailmark/SKILL.md +++ b/plugins/trailmark/skills/trailmark/SKILL.md @@ -18,6 +18,7 @@ semantic metadata for security analysis. - Adding LLM-inferred annotations (assumptions, preconditions) to code units - Importing external binary-analysis graphs to connect source and binary views - Querying transitive slices, entrypoint paths, subgraph edges, or type references +- Producing graph evidence for one suspicious function or candidate finding - Pre-analysis before mutation testing (genotoxic skill) or diagramming ## When NOT to Use @@ -303,3 +304,11 @@ security analysis patterns. See [references/preanalysis-passes.md](references/preanalysis-passes.md) for pre-analysis pass documentation. + +Use `trailmark-finding-triage` when the user has one concrete candidate +finding, SARIF result, weAudit annotation, suspicious function, or report +excerpt and needs a handoff-ready reachability and blast-radius evidence packet. + +Use `trailmark-variant-neighborhood` after one seed issue is known and the user +needs graph-derived variant candidates for `variant-analysis`, Semgrep, CodeQL, +or manual review.