Share
## https://sploitus.com/exploit?id=6B06678F-FB85-51BC-A36E-1CF4112C5838
# deep-code-security

Multi-language Static Application Security Testing (SAST) tool with agentic verification. Uses tree-sitter for deterministic AST parsing, sandbox-verified exploit PoCs, and structured remediation guidance. Exposes all functionality via an MCP server for Claude Code integration.

## Quick Start

```bash
# Install
pip install -e ".[dev]"

# Run via CLI
dcs hunt /path/to/project
dcs verify --finding-ids  
dcs remediate --finding-ids  --target-path /path/to/project

# Run via MCP server
python -m deep_code_security.mcp
```

## Architecture

```
Target Codebase
    |
    v
HUNTER     tree-sitter parse โ†’ source/sink match โ†’ taint track
    |      Output: RawFinding[] (JSON, paginated)
    v
AUDITOR    PoC generation โ†’ sandbox execution โ†’ confidence scoring
    |      Output: VerifiedFinding[] (JSON)  [Exploit = 10% bonus only]
    v
ARCHITECT  context gather โ†’ guidance generation โ†’ dependency analysis
           Output: RemediationGuidance[] (JSON)
```

### Supported Languages (v1)

- Python (Flask, Django patterns)
- Go (net/http, database/sql patterns)
- C (stretch goal โ€” basic argv/stdin patterns)

## Installation

```bash
# Clone
git clone https://github.com/your-org/deep-code-security.git
cd deep-code-security

# Install with dev dependencies
pip install -e ".[dev]"

# Build sandbox images (requires Docker or Podman)
make build-sandboxes
```

## MCP Configuration

Add to `~/.claude/settings.json`:

```json
{
  "mcpServers": {
    "deep-code-security": {
      "command": "python",
      "args": ["-m", "deep_code_security.mcp"],
      "cwd": "/path/to/deep-code-security",
      "env": {
        "DCS_REGISTRY_PATH": "/path/to/deep-code-security/registries",
        "DCS_ALLOWED_PATHS": "/path/to/projects",
        "DCS_CONTAINER_RUNTIME": "auto"
      }
    }
  }
}
```

### Optional Environment Variables

For advanced tuning, additional variables are available:

| Variable | Default | Description |
|----------|---------|-------------|
| `DCS_MAX_RESULTS` | `100` | Max findings returned per hunt operation |
| `DCS_MAX_VERIFICATIONS` | `50` | Max findings to verify in auditor phase |
| `DCS_SANDBOX_TIMEOUT` | `30` | Per-exploit timeout in seconds |
| `DCS_MAX_FILES` | `10000` | Max files per scan |
| `DCS_MAX_CONCURRENT_SANDBOXES` | `2` | Concurrency limit for sandbox execution |
| `DCS_QUERY_TIMEOUT` | `5.0` | Tree-sitter query timeout in seconds |
| `DCS_QUERY_MAX_RESULTS` | `1000` | Max results per tree-sitter query |

## MCP Tools

| Tool | Description |
|------|-------------|
| `deep_scan_hunt` | Run Hunter phase (AST parse + taint track) |
| `deep_scan_verify` | Run Auditor phase (sandbox exploit verification) |
| `deep_scan_remediate` | Run Architect phase (remediation guidance) |
| `deep_scan_full` | Run all three phases sequentially |
| `deep_scan_status` | Check sandbox health and registry info |

## Confidence Scoring

The confidence score (0-100) uses a weighted composite:

| Factor | Weight | Notes |
|--------|--------|-------|
| Taint path completeness | 45% | Full path = 100, partial = 50, heuristic = 20 |
| Sanitizer absence | 25% | No sanitizer = 100, full sanitizer = 0 |
| CWE severity baseline | 20% | Critical = 100, High = 75, Medium = 50, Low = 25 |
| Exploit verification | 10% | **Bonus only** โ€” failed PoC does not penalize |

Thresholds: `>=75` confirmed, `>=45` likely, `>=20` unconfirmed, `<20` false positive

## Sandbox Security Policy

Sandbox containers enforce:
- `--network=none` โ€” no network access
- `--read-only` โ€” read-only root filesystem
- `--tmpfs /tmp:rw,noexec,nosuid,size=64m` โ€” writable temp with noexec
- `--cap-drop=ALL` โ€” no Linux capabilities
- `--security-opt=no-new-privileges` โ€” no privilege escalation
- `--security-opt seccomp=seccomp-default.json` โ€” custom seccomp profile
- `--pids-limit=64` โ€” no fork bombs
- `--memory=512m` โ€” memory ceiling
- `--user=65534:65534` โ€” run as nobody

## Development

```bash
make lint           # Lint with ruff
make test           # All tests (90%+ coverage required)
make test-hunter    # Hunter tests only
make test-auditor   # Auditor tests only
make test-architect # Architect tests only
make test-mcp       # MCP server tests only
make sast           # Security scan with bandit
make security       # sast + pip-audit
```

## Registry Format

See `registries/README.md` for the YAML registry format documentation.

## Known Limitations (v1)

1. **Intraprocedural taint only** โ€” source and sink must be in the same function body. Expected detection rate: **10-25%** of real-world injection vulnerabilities. Most web app vulnerabilities span multiple function call boundaries and will NOT be detected by v1.

2. **Query brittleness** โ€” tree-sitter queries match specific AST shapes. The following patterns are NOT matched in v1:
   - Aliased imports: `req = request; req.form`
   - Fully-qualified names: `flask.request.form`
   - Class attributes: `self.request.form`
   - Chained calls: `request.form.get("key")` (partial match only)

3. **PoC verification is bonus-only** โ€” most template-based PoCs fail due to missing execution context (framework setup, dependency injection, state initialization). A failed PoC does NOT mean the vulnerability is false. The exploit bonus is capped at 10 points.

4. **No cross-language taint** โ€” Python calling C via FFI is not analyzed. Each language is analyzed independently.

5. **No interprocedural analysis** โ€” call graphs across functions/files are not traced in v1. Deferred to v1.1.

## Security Model

The MCP server runs as a **native stdio process** on the host. It does NOT run inside a Docker container, avoiding the Docker socket mount attack vector. Docker/Podman is only used for sandbox containers that execute exploit PoCs.

All file access goes through `DCS_ALLOWED_PATHS` allowlist validation with symlink resolution. All RawFinding fields are validated before exploit template interpolation. Finding provenance is verified via server-side session store (external callers cannot inject arbitrary findings).

## v1.1 Roadmap

- Interprocedural taint tracking (call graph construction)
- Java and Rust language support
- Additional registry patterns (aliased imports, fully-qualified names)
- gVisor/Firecracker sandbox option for higher-risk deployments