Graphorin API reference / @graphorin/security / / TaintFlowKind

Type Alias: TaintFlowKind

type TaintFlowKind = "untrusted-to-sink" | "lethal-trifecta";

Defined in: packages/security/src/dataflow/types.ts:54

The kind of tainted data flow the policy detected at a sink.

'untrusted-to-sink' — untrusted content (or a verbatim chunk of it) is being passed into the sink's arguments. The precise, low false-positive signal: direct exfiltration of untrusted content.
'lethal-trifecta' — the conservative signal: a sink fires while both untrusted content and secret-tier data have entered the run, even when no verbatim carry is provable. Catches the paraphrased "untrusted instruction drives a secret exfiltration" case at the cost of more false positives (hence shadow-mode-first + declassification).

errors

Classes

Type Aliases

evaluator-optimizer

Interfaces

Type Aliases

Functions

factory

Functions

fallback

Interfaces

Type Aliases

Functions

fanout

Interfaces

Type Aliases

Functions

filters

Interfaces

Variables

Functions

preferred-model

Interfaces

Functions

progress

Interfaces

Functions

run-state

Interfaces

Variables

Functions

client

Classes

Interfaces

Type Aliases

errors

Classes

Type Aliases

reconnect

Interfaces

Functions

cli

Interfaces

Type Aliases

Functions

loaders

Functions

errors

Classes

Interfaces

Type Aliases

conflict

Variables

errors

Classes

facade

Interfaces

Functions

tools

Interfaces

Functions

openinference

Type Aliases

Variables

Functions

redaction

imperative-patterns

Interfaces

Type Aliases

Variables

Functions

patterns

Interfaces

Type Aliases

Variables

telemetry

Interfaces

Functions

client-message

Type Aliases