From taint path to sandboxed indicator

· systems ·

Network probes find surfaces. Code finds reachability. The nexus_code pipeline turns a repo into graph-linked findings with an isolation boundary before anything is treated as confirmed.

Taint first

TaintAnalyser in nexus_code/project_graph.py runs inter-procedural BFS from request/input sources to dangerous sinks. Confidence starts at 0.90 and decays 0.08 per hop — longer call chains are weaker claims, not louder ones.

Parallel discovery

  • SemgrepAgent — community rules when the binary is present
  • SecretScanner — TruffleHog → gitleaks → regex fallback
  • SupplyChainAgent — OSV batch + typosquat checks
  • VariantAnalyser / fuzzers — structural variants and harness generation

Sandbox boundary

Docker · --network none · --cap-drop ALL · --read-only
user 65534 · memory + cpus capped · indicator in stdout

SandboxExecutor confirms PoC indicators — not production RCE. Confirmed CodeFinding nodes bridge into the EvidenceGraph with source_type: code and optional maps_to_asset_id, so attack chains can span network and code in one projection.

Why this matters

Autonomous security research only earns trust when the runtime can refuse to overclaim. This note documents a shipped invariant in Nexus / TCSF — the kind of detail practitioners and search engines both need to evaluate the system honestly.

FAQ

Does longer taint chain mean higher severity?

No. TaintAnalyser confidence starts at 0.90 and decays 0.08 per hop — longer chains are weaker claims.

Is the sandbox production RCE?

No. SandboxExecutor confirms PoC indicators in Docker with --network none, --cap-drop ALL, and --read-only.

Further reading