Skip to content

Add attack taxonomy integration with security check categories#49

Merged
thebenignhacker merged 1 commit intomainfrom
feat/attack-taxonomy-integration
Mar 15, 2026
Merged

Add attack taxonomy integration with security check categories#49
thebenignhacker merged 1 commit intomainfrom
feat/attack-taxonomy-integration

Conversation

@thebenignhacker
Copy link
Copy Markdown
Contributor

@thebenignhacker thebenignhacker commented Mar 15, 2026

Summary

  • Add MITRE ATT&CK-inspired attack taxonomy classification to security checks
  • Map all 147 security checks to taxonomy categories (prompt injection, data exfiltration, tool misuse, etc.)
  • Add new scanner checks for supply chain, dependency confusion, and build pipeline risks
  • Update security check documentation with taxonomy classifications

Test plan

  • Verify npm run build compiles without errors
  • Verify npm test passes all 915+ tests
  • Verify npx hackmyagent secure --ci includes taxonomy class in findings

@thebenignhacker
Add attack taxonomy integration with new security check categories
9171b8f 
- Add attackClass field to SecurityFinding interface for taxonomy mapping
- Create taxonomy.ts module mapping 100+ HMA check IDs to registry attack classes
- Add 5 new check method groups: memory poisoning (MEM-001 to MEM-005),
  RAG poisoning (RAG-001 to RAG-004), agent identity spoofing (AIM-001 to AIM-003),
  agent DNA forgery (DNA-001 to DNA-003), and skill memory manipulation (SKILL-MEM-001)
- Wire taxonomy enrichment into scanner after all checks complete
- Export taxonomy functions from hardening barrel index
- Document all new checks in SECURITY_CHECKS.md
github-actions[bot]
github-actions bot approved these changes Mar 15, 2026
View reviewed changes
Copy link
Copy Markdown

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Claude Code Review

VERDICT: APPROVE

SUMMARY: This PR adds attack taxonomy classification to security findings, mapping 147+ security checks to MITRE ATT&CK-inspired categories (prompt injection, data exfiltration, supply chain, etc.). The implementation adds 16 new security checks across 5 new categories (memory poisoning, RAG poisoning, agent identity spoofing, agent DNA forgery, skill memory manipulation) and enriches all findings with taxonomy metadata. The code is purely additive, introduces no security regressions, and follows defensive patterns (safe JSON parsing with try/catch, path traversal prevention via path.relative, bounded directory walking with depth limits).

No CRITICAL or HIGH findings after verification.

FINDINGS:

  • [MEDIUM] src/hardening/scanner.ts:6182 — Directory walk helper uses maxDepth=10 default which could traverse deeply nested malicious directory structures. However, this is mitigated by (a) skipDirs filtering common exploit targets and (b) caller-side slicing of results (.slice(0, 50) at lines 6321, 6521, 6563), so the actual risk is bounded. Not blocking.

Reviewed 5 files changed (41578 bytes)

@thebenignhacker thebenignhacker merged commit 635ce0a into main Mar 15, 2026
1 check passed
@thebenignhacker thebenignhacker deleted the feat/attack-taxonomy-integration branch March 15, 2026 16:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@thebenignhacker