The README makes claims. This file backs them up.
How it works: The src/assail/analyzer.rs module implements a per-file language detector that identifies file extension and shebang, dispatching to language-specific pattern matchers in src/assail/patterns.rs. Each language family (C/C++, Python, JavaScript, Rust, Go, etc.) has dedicated regex-based weak point detectors (unwrap, panic, unsafe blocks, expect, eval, hardcoded secrets). The analyzer processes 47 distinct language patterns without requiring external parsers—pattern-based shallow analysis enables fast scanning across heterogeneous codebases.
Caveat: Pattern-based analysis has false negatives (e.g., dead code paths triggering unwrap won’t be caught) and false positives (commented-out panic sites flagged). Full AST-based analysis would eliminate these but scale poorly. For production, pair with specialized language linters (clippy, pylint) for each language.
Evidence: src/assail/patterns.rs defines language-specific patterns; src/assail/analyzer.rs performs dispatch and aggregation; src/main.rs exposes the assail subcommand.
How it works: The src/kanren/ module implements a miniKanren-inspired relational database with forward chaining. The taint.rs submodule tracks data flow from sources (user input, network calls, deserialization) to sinks (eval, shell exec, SQL queries). The crosslang.rs analyzer detects vulnerability chains across FFI boundaries by building facts about callers, callees, and their types. The strategy.rs module selects search strategies (risk-weighted, language-family-first, breadth-first) based on project characteristics.
Caveat: Miniature implementation (not full Kanren) with limited rule expressiveness. Taint tracking is flow-insensitive (doesn’t track control flow precisely). For correctness-critical applications, integrate with full constraint solvers (Z3, Coq).
Evidence: src/kanren/core.rs defines unification and fact database; src/kanren/taint.rs implements taint propagation; src/kanren/strategy.rs selects search algorithms.
| Technology | Learn More |
|---|---|
Rust |
|
miniKanren |
Logic programming (relational reasoning) |
Rayon |
Parallel batch scanning |
Serde |
JSON serialization for pipeline integration |
| Path | Purpose |
|---|---|
|
CLI entry: 20 subcommands (assail, assault, temporal, panll, groove, bridge, etc.) |
|
Library API exposing all analysis engines |
|
Static analysis (49 languages, 25 weak-point categories) |
|
Per-file language detection and pattern matching dispatcher |
|
Language-specific regex patterns for weak points |
|
Logic engine (unification, fact database, taint, cross-lang) |
|
Term, substitution, unification, FactDB, forward chaining |
|
Source→sink tracking (user input, network, deserialization) |
|
FFI boundary analysis, vulnerability chains |
|
Search strategy selection (risk-weighted, etc.) |
|
6-axis stress testing (CPU, memory, disk, network, concurrency, time) |
|
Cryptographic intent→evidence→seal chain |
|
CVE lifecycle: Cargo.lock parsing, OSV API, reachability, classification |
|
Parses Cargo.lock for dependency extraction |
|
Batch queries api.osv.dev for known CVEs |
|
Scans .rs files for imports of vulnerable crates |
|
Three-way classification: Mitigable/Unmitigable/Informational |
|
Batch directory scanning with Rayon parallelism |
|
PanLL event-chain export (three-panel visualization) |
|
Report generation and formatting (text, JSON, markdown) |
|
Self-check for Hypatia/gitbot-fleet integration |
| Project | Integration |
|---|---|
hypatia |
Consumes JSON AssailReport via Elixir rules; pattern_registry.ex deduplicates findings into 46 canonical recipes; re-scan verification confirms fixes removed weak points |
gitbot-fleet / panicbot |
panicbot wraps the |
verisimdb |
Scan results stored as hexad entities (Document + Semantic + Temporal modalities); ScanIngester module ingests JSON output; PatternQuery cross-repo analytics built on top |
panll |
|
assemblyline |
Batch scanning of entire repo directories with Rayon parallelism and BLAKE3 fingerprinting; delta reporting via |
attestation chain |
Every scan optionally sealed via Ed25519 cryptographic chain (intent → evidence → seal) — used by NAFA ambient context and audit-trail consumers |