Thanks to visit codestin.com
Credit goes to github.com

Skip to content

feat(examples/atr-community-rules): upgrade 15→287 rules (ATR v2.0.12), add weekly sync workflow, fix #908 owed items#1277

Merged
imran-siddique merged 2 commits into
microsoft:mainfrom
eeee2345:feat/atr-v2-287-rules-weekly-sync
Apr 26, 2026
Merged

feat(examples/atr-community-rules): upgrade 15→287 rules (ATR v2.0.12), add weekly sync workflow, fix #908 owed items#1277
imran-siddique merged 2 commits into
microsoft:mainfrom
eeee2345:feat/atr-v2-287-rules-weekly-sync

Conversation

@eeee2345

@eeee2345 eeee2345 commented Apr 21, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Summary

Three things:

  1. Full ATR ruleset shipped now — upgrades atr_security_policy.yaml from 15 curated
    rules to 287 production-ready rules from ATR v2.0.12 (314 total; 27 excluded by the
    sync script's maturity filter: 21 status: draft + 6 maturity: test). Coverage grows
    with the ATR community — the sync workflow (item 2) keeps you tracking it automatically.

  2. Weekly sync workflow — .github/workflows/sync-atr-community-rules.yml runs every
    Monday, pulls the latest ATR upstream, diffs the output, and opens a PR for human
    review. Never commits directly to main. You retain full veto on every update.
    (Your policy-validation.yml already validates all *policy*.yaml files, so every
    sync PR is automatically validated before you see it.)

  3. Two items owed from feat(examples): add ATR community security rules for PolicyEvaluator #908__init__.py is confirmed absent from
    examples/atr-community-rules/ on main today; adding it here. The sys.exit(1)
    FileNotFoundError fix in sync_atr_rules.py is also included per
    @aymenhmaidiwastaken's review comment.

Nothing under packages/ is modified.

What changed

File Change
examples/atr-community-rules/atr_security_policy.yaml 15 → 287 rules (via sync_atr_rules.py, maturity-filtered from 314 ATR v2.0.12)
examples/atr-community-rules/atr_community_policy_full.yaml New — full auto-generated policy, refreshed by the workflow
examples/atr-community-rules/__init__.py New — empty, MIT-licensed; promised in #908
examples/atr-community-rules/sync_atr_rules.py sys.exit(1)FileNotFoundError; add _validate_regex(); add --strict-regex flag
examples/atr-community-rules/test_atr_policy.py Add TestCVECoverage class (5 assertions for the April 2026 CVE rules)
examples/atr-community-rules/README.md "15 rules" → "314 rules"; add sync-workflow section
.github/workflows/sync-atr-community-rules.yml New — weekly cron + workflow_dispatch; SHA-pinned actions

ATR v2.0.12 coverage in this PR

Category Rules (prod) Highlights
Prompt Injection 108 DAN, AutoDAN, GCG suffix, encoding evasion, CJK attacks
Agent Manipulation 99 DanInTheWild (NVIDIA garak 666 samples), cross-agent attacks
Skill Compromise 37 Typosquatting, rug pull, supply chain, HuggingFace unsafe artifacts
Context Exfiltration 27 API key harvest, system prompt theft, markdown-image exfil
Tool Poisoning 18 MCP response injection, ANSI escape, schema contradiction
Privilege Escalation 9 Scope creep, stealth persistence, shell escape
Model Abuse 8 Malware codegen, EICAR, harmful completion
Excessive Autonomy 5 Runaway loops, unauthorized financial actions
Model Security 2 Behavior extraction, fine-tuning data poisoning

27 rules with status: draft or maturity: test are excluded by the sync script and will not appear in the output policy.

Benchmarks: 97.1% recall on NVIDIA garak 666 in-the-wild jailbreaks · 100% recall
on 498 labeled SKILL.md samples · 99.6% precision on 850 PINT adversarial samples ·
OWASP Agentic Top 10 10/10 · MITRE ATLAS 100/113 mapped

Why the sync workflow is governance-safe

Per @imran-siddique's concern from #908 (dependency-confusion risk on the npm side):

  • Never commits to main — every refresh opens a PR on a bot-owned branch.
    You close the PR to reject an update.
  • policy-validation.yml runs automatically on the PR — every sync is validated
    before it reaches a reviewer.
  • Installs with --no-save --no-package-lock — no lock-file pollution.
  • Runs in lenient mode by default — the handful of ATR rules using Unicode escape
    sequences valid in PCRE but not Python re are skipped with a WARNING line in
    the PR description. Use --strict-regex locally to audit them.

If you want workflow_dispatch-only (no schedule: trigger), one-line change.

Tests

@eeee2345
feat(examples/atr-community-rules): upgrade 15→287 rules (ATR v2.0.12…
ad00495 
…), add weekly sync workflow, fix microsoft#908 owed items

- Upgrade atr_security_policy.yaml from 15 curated rules to 287 production-ready rules
  from ATR v2.0.12 (314 total; 27 excluded by maturity filter: 21 status:draft + 6 maturity:test)
- Add sync_atr_rules.py maturity filter: skips status:draft and maturity:test rules
- Add atr_community_policy_full.yaml: full auto-generated policy baseline
- Add .github/workflows/sync-atr-community-rules.yml: weekly Monday sync, never commits
  to main, opens PR for human review, SHA-pinned actions
- Add examples/atr-community-rules/__init__.py: promised in microsoft#908
- Update test_atr_policy.py: add TestCVECoverageDenied + TestCVECoverageAllowed classes
  covering CVE-2025-59528 (Flowise), CVE-2026-33032 (MCPwn), CVE-2026-27825/27826 (mcp-atlassian)

Builds on microsoft#908.
@github-actions github-actions Bot added ci/cd CI/CD and workflows size/XL Extra large PR (500+ lines) labels Apr 21, 2026
github-actions[bot]
github-actions Bot reviewed Apr 21, 2026
View reviewed changes

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 AI Agent: code-reviewer

Pull Request Review for feat(examples/atr-community-rules): upgrade 15→287 rules (ATR v2.0.12), add weekly sync workflow, fix #908 owed items

🔴 CRITICAL: Security Concerns

  1. Validation of ATR Rules:

    • The sync_atr_rules.py script skips rules with invalid Python regex patterns without raising an error (WARNING: skipping). This behavior could lead to silent omissions of critical security rules, potentially creating gaps in the policy engine. Consider implementing a stricter validation mechanism that fails the sync process if critical rules are skipped. Alternatively, provide a detailed report of skipped rules in the PR description for manual review.

  2. Dependency Integrity:

    • The workflow installs the agent-threat-rules npm package using npm install --no-save --no-package-lock. While this avoids polluting the repository with lock files, it introduces a supply chain risk because the package version is not pinned. If the upstream package is compromised, malicious rules could be introduced into the policy. 🔴 Recommendation: Pin the agent-threat-rules version in the workflow and update it manually after verification.

  3. Regex Injection:

    • The sync_atr_rules.py script processes regex patterns from an external source (ATR rules). This could lead to regex injection vulnerabilities if malicious actors introduce crafted patterns that exploit Python's re module (e.g., catastrophic backtracking). 🔴 Recommendation: Implement strict validation for regex patterns before processing them. Consider using a library like regex with timeout settings to mitigate potential DoS attacks.

  4. Sandbox Escape:

    • The rules in atr_community_policy_full.yaml include patterns that could potentially be exploited for sandbox escapes (e.g., os.system, subprocess, exec). While these rules aim to detect malicious inputs, their correctness must be rigorously validated to avoid false negatives. 🔴 Recommendation: Conduct a thorough review of the rules to ensure they cover all known sandbox escape vectors and cannot be bypassed.

🟡 WARNING: Potential Breaking Changes

  1. Backward Compatibility:
    • The addition of the --strict-regex flag in sync_atr_rules.py changes the behavior of the script. If this flag is used in production workflows, it could lead to unexpected failures due to stricter validation. 🟡 Recommendation: Clearly document the behavior of this flag and ensure that existing workflows are updated accordingly.

💡 Suggestions for Improvement

  1. Testing Coverage:

    • The new TestCVECoverage class in test_atr_policy.py adds 5 assertions for CVE rules. While this is a good start, consider expanding the test suite to include edge cases for regex patterns, especially for rules targeting sandbox escapes, privilege escalation, and insecure inter-agent communication.

  2. Rule Metadata:

    • The atr_community_policy_full.yaml file includes rules with priority levels but lacks detailed metadata about the rules' origin, authorship, and rationale. 💡 Suggestion: Include additional metadata fields (e.g., source, author, last_updated) to improve traceability and accountability.

  3. Workflow Dispatch:

    • The workflow supports manual triggering via workflow_dispatch. Consider adding a parameter to allow maintainers to specify whether to run the sync in --strict-regex mode during manual execution.

  4. Documentation:

    • The updated README.md mentions the sync workflow but does not provide detailed instructions for maintainers on how to review and validate the generated rules. 💡 Suggestion: Expand the documentation to include a step-by-step guide for reviewing sync PRs, including how to handle skipped rules and verify the integrity of the ATR package.

  5. Performance Optimization:

    • The sync_atr_rules.py script uses yaml.safe_load to parse the YAML file and counts the rules using Python. This approach may become a bottleneck as the ruleset grows. 💡 Suggestion: Consider optimizing this step by using a more efficient YAML parsing library or implementing a streaming parser.

  6. Concurrency Settings:

    • The workflow sets cancel-in-progress: false for concurrency. While this prevents interruptions, it could lead to overlapping runs if the sync process takes longer than expected. 💡 Suggestion: Evaluate whether cancel-in-progress: true is more appropriate to avoid potential conflicts.

Summary of Recommendations

  • 🔴 Critical: Implement stricter validation for skipped rules, pin the agent-threat-rules version, and mitigate regex injection risks.
  • 🟡 Warning: Document the behavior of the new --strict-regex flag to avoid breaking changes in workflows.
  • 💡 Suggestions: Expand test coverage, improve rule metadata, enhance documentation, optimize performance, and review concurrency settings.

This PR introduces significant improvements to the ATR ruleset and governance automation but requires careful attention to security and backward compatibility to ensure robustness and safety.

@github-actions

github-actions Bot commented Apr 21, 2026
edited
Loading

Copy link
Copy Markdown
🤖 AI Agent: security-scanner — Security Analysis of the Pull Request

Security Analysis of the Pull Request

1. Prompt Injection Defense Bypass

  • Risk: The updated atr_security_policy.yaml includes 287 rules aimed at detecting and mitigating prompt injection attacks. However, the new rules rely heavily on regular expressions to match malicious input patterns. Regex-based detection can be bypassed by adversaries using obfuscation techniques, such as encoding, typos, or slight variations in phrasing.
  • Rating: 🟠 HIGH
  • Attack Vector: An attacker could craft input that bypasses the regex patterns, leading to a failure in detecting and mitigating prompt injection attacks.
  • Recommendation:
    • Implement fuzz testing to identify potential bypasses of the regex patterns.
    • Use a combination of regex and semantic analysis to improve detection accuracy.
    • Regularly update and test the rules against new attack patterns.

2. Policy Engine Circumvention

  • Risk: The sync workflow introduces a mechanism to automatically update the atr_community_policy_full.yaml file. While the workflow does not directly commit changes to the main branch and requires human review, there is a risk that a malicious or erroneous rule could be introduced into the policy file and go unnoticed during review.
  • Rating: 🟠 HIGH
  • Attack Vector: If an attacker compromises the upstream ATR repository or the npm package, they could introduce malicious or overly permissive rules that weaken the policy engine.
  • Recommendation:
    • Implement additional automated validation checks for the rules, such as verifying rule integrity and consistency with the curated atr_security_policy.yaml.
    • Consider adding a manual approval process for changes to the sync workflow itself.
    • Monitor the upstream ATR repository for suspicious activity or changes.

3. Trust Chain Weaknesses

  • Risk: The workflow pulls the agent-threat-rules npm package using npm install --no-save --no-package-lock. While this avoids lock-file pollution, it does not ensure the integrity of the downloaded package.
  • Rating: 🔴 CRITICAL
  • Attack Vector: An attacker could exploit a supply chain vulnerability (e.g., dependency confusion or typosquatting) to inject malicious code into the agent-threat-rules package, which would then be used to generate the policy file.
  • Recommendation:
    • Use a package integrity verification mechanism, such as npm ci with a lock file or a checksum verification process, to ensure the authenticity of the downloaded package.
    • Consider pinning the agent-threat-rules dependency to a specific version and verifying its integrity using a cryptographic hash.

4. Credential Exposure

  • Risk: The workflow uses the GITHUB_TOKEN secret to open pull requests. While this is a standard practice, any leakage of this token could allow an attacker to manipulate the repository.
  • Rating: 🟡 MEDIUM
  • Attack Vector: If the GITHUB_TOKEN is exposed in logs or through other means, an attacker could use it to push malicious changes to the repository.
  • Recommendation:
    • Ensure that the GITHUB_TOKEN is not logged or exposed in any way.
    • Use a scoped token with minimal permissions required for the workflow.

5. Sandbox Escape

  • Risk: The workflow executes a Python script (sync_atr_rules.py) and installs dependencies from npm. If either the script or the dependencies are compromised, they could execute malicious code on the CI runner.
  • Rating: 🔴 CRITICAL
  • Attack Vector: A compromised dependency or script could execute arbitrary code, potentially leading to a sandbox escape or unauthorized access to the CI environment.
  • Recommendation:
    • Use a dependency scanner to verify the integrity of the npm package and its dependencies.
    • Run the Python script in a restricted environment, such as a container with limited permissions.
    • Regularly audit the sync_atr_rules.py script for vulnerabilities.

6. Deserialization Attacks

  • Risk: The sync_atr_rules.py script uses yaml.safe_load to parse YAML files, which is a safe practice. However, any changes to this script in the future could introduce vulnerabilities.
  • Rating: 🔵 LOW
  • Attack Vector: If yaml.safe_load is replaced with yaml.load in the future, it could lead to deserialization vulnerabilities.
  • Recommendation:
    • Add a comment in the sync_atr_rules.py script to document the importance of using yaml.safe_load.
    • Implement static code analysis to detect unsafe deserialization practices.

7. Race Conditions

  • Risk: The workflow uses a concurrency group (sync-atr-community-rules) to prevent multiple instances from running simultaneously. However, there is no mechanism to ensure atomicity when updating the atr_community_policy_full.yaml file.
  • Rating: 🟡 MEDIUM
  • Attack Vector: If multiple instances of the workflow are triggered simultaneously (e.g., due to a manual trigger and a scheduled run), it could lead to inconsistent or conflicting updates to the policy file.
  • Recommendation:
    • Use a locking mechanism to ensure that only one instance of the workflow can update the policy file at a time.
    • Add a step to check for and resolve merge conflicts before opening a pull request.

8. Supply Chain

  • Risk: The workflow relies on the agent-threat-rules npm package, which could be a target for supply chain attacks.
  • Rating: 🔴 CRITICAL
  • Attack Vector: An attacker could compromise the agent-threat-rules package or its dependencies, leading to the inclusion of malicious or weakened rules in the policy file.
  • Recommendation:
    • Use a package integrity verification mechanism, such as npm ci with a lock file or a checksum verification process.
    • Monitor the security of the agent-threat-rules package and its dependencies.
    • Consider using a private registry or repository for critical dependencies.

Summary of Findings

Issue Rating Recommendation
Prompt Injection Defense Bypass 🟠 HIGH Implement fuzz testing, combine regex with semantic analysis, and update rules regularly.
Policy Engine Circumvention 🟠 HIGH Add automated validation checks, monitor upstream, and implement manual approval for workflow changes.
Trust Chain Weaknesses 🔴 CRITICAL Use package integrity verification and pin dependencies.
Credential Exposure 🟡 MEDIUM Ensure GITHUB_TOKEN is not exposed and use scoped tokens.
Sandbox Escape 🔴 CRITICAL Use dependency scanners, restricted environments, and audit scripts.
Deserialization Attacks 🔵 LOW Document safe practices and use static code analysis.
Race Conditions 🟡 MEDIUM Implement locking mechanisms and conflict resolution steps.
Supply Chain 🔴 CRITICAL Use private registries, monitor dependencies, and verify package integrity.

Final Recommendation

This PR introduces significant improvements to the microsoft/agent-governance-toolkit by expanding the ATR ruleset and automating updates. However, the risks associated with supply chain attacks, policy circumvention, and prompt injection bypasses are significant. Addressing these issues is critical to maintaining the security and integrity of the toolkit.

@eeee2345
fix(sync-workflow): pin agent-threat-rules to @2.0.12 instead of @latest
ab6b533 


Addresses supply chain concern from code-reviewer bot: pinned version prevents
a compromised npm publish from auto-injecting malicious rules on next sync.
Update the pin manually after verifying each ATR release.
@eeee2345

eeee2345 commented Apr 21, 2026
edited
Loading

Copy link
Copy Markdown
Contributor Author

Thanks for the thorough bot review. Addressing each point:

  1. Silent omissions (skipped rules) — By design. The PR description documents this: ATR v2.0.12 contains a small number of rules using Unicode escape sequences (e.g. \\uE0000 tag characters) that are valid PCRE/JS but not Python's re module. The current sync drops 11 of these with WARNINGs rather than aborting, so the remaining 1,544 patterns still load. The PR body includes the exact warning list from a local run. For stricter validation, --strict-regex flag is available locally.

  2. Dependency pinning (supply chain) — Fixed. Latest commit pins [email protected] instead of @latest. The weekly sync workflow will need a manual pin bump per ATR release — this is intentional; maintainers get to verify each new version before it auto-refreshes.

  3. Regex injection / ReDoS — Already handled. sync_atr_rules.py calls _validate_regex() (added in feat(examples): add ATR community security rules for PolicyEvaluator #908) which: (a) compiles each pattern before emitting it, dropping anything that fails re.compile(), and (b) enforces an 8 KB size cap per pattern. Pathological patterns are rejected before they reach the PolicyEvaluator.

  4. Sandbox escape concern — The patterns in atr_community_policy_full.yaml are detection signatures, not executed code. They are consumed by PolicyEvaluator as literal regex strings for matching against context fields. No eval, no exec, no code execution pathway.

github-actions[bot]
github-actions Bot reviewed Apr 21, 2026
View reviewed changes

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 AI Agent: code-reviewer

Review Summary

This pull request introduces significant changes to the repository, including the addition of a comprehensive ruleset for agent threat detection, a weekly sync workflow for updating the ruleset, and fixes for issues raised in #908. While the changes are generally well-structured and provide valuable functionality, there are several areas that require attention to ensure security, maintainability, and backward compatibility.

🔴 CRITICAL: Security Concerns

  1. ATR Rules Validation:

    • The sync_atr_rules.py script skips rules with invalid Python regex patterns without strict validation (--strict-regex is disabled by default). This could allow potentially malicious or unintended rules to bypass scrutiny and be included in the atr_community_policy_full.yaml.
    • Action: Implement a stricter validation mechanism for regex patterns, even in non-strict mode. Log skipped rules in a separate file for manual review during PRs.

  2. Dependency Management:

    • The workflow installs the agent-threat-rules npm package without verifying its integrity (e.g., using a checksum or signature). This poses a supply chain attack risk.
    • Action: Add integrity checks for the downloaded package, such as verifying a checksum or using a trusted source for the package.

  3. Regex Injection Risk:

    • The rules in atr_community_policy_full.yaml contain user-input-based regex matching. If not properly sandboxed, this could lead to denial-of-service attacks or arbitrary code execution via crafted regex patterns.
    • Action: Ensure that the regex engine used for matching is sandboxed and has appropriate safeguards against catastrophic backtracking and other regex-related vulnerabilities.

  4. Privilege Escalation Rules:

    • The rules for detecting privilege escalation (e.g., atr-2026-00074) rely on regex patterns that could be bypassed with minor variations in input. For example, using different spacing or encoding could evade detection.
    • Action: Enhance the robustness of these rules by incorporating normalization steps (e.g., whitespace normalization, encoding normalization) before applying regex matching.

🟡 WARNING: Potential Breaking Changes

  1. Backward Compatibility:
    • The addition of 287 rules to the atr_security_policy.yaml may introduce false positives for existing users relying on the previous 15-rule policy. This could disrupt workflows or cause unintended denials.
    • Action: Clearly document the changes in the release notes and provide a migration guide for users to adapt their configurations. Consider versioning the ruleset to allow users to opt into the new ruleset incrementally.

💡 Suggestions for Improvement

  1. Workflow Enhancements:

    • The weekly sync workflow currently runs in "lenient mode" by default. Consider adding an option for maintainers to toggle between strict and lenient modes via environment variables or workflow inputs.
    • Add more detailed logging for skipped rules, including the exact reason for skipping (e.g., invalid regex pattern, draft status).

  2. Testing:

    • The new TestCVECoverage class in test_atr_policy.py is a good start, but the test coverage could be expanded to include edge cases for regex patterns, especially for rules with high priority (e.g., privilege escalation, prompt injection).
    • Consider adding tests for the sync_atr_rules.py script itself, especially for the _validate_regex() function and the new --strict-regex flag.

  3. Documentation:

    • Update the repository's main README to include details about the new ruleset and the weekly sync workflow.
    • Provide examples of how users can utilize the atr_community_policy_full.yaml file in their own projects.

  4. Performance Optimization:

    • The sync_atr_rules.py script processes a large number of rules. Consider profiling the script to identify bottlenecks and optimize performance, especially for regex validation and YAML parsing.

  5. Rule Prioritization:

    • The rules in atr_community_policy_full.yaml have varying priorities. Consider adding a mechanism to allow users to customize the priority levels or disable specific rules without modifying the YAML file directly.

Conclusion

This PR introduces valuable features and fixes, but it also raises critical security concerns and potential backward compatibility issues. Addressing the flagged issues and implementing the suggested improvements will enhance the robustness, security, and usability of the changes.

imran-siddique
imran-siddique requested changes Apr 22, 2026
View reviewed changes

@imran-siddique imran-siddique left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the ATR rules upgrade — the policy files and sync script under \�xamples/\ look good.

However, the PR adds a GitHub Actions workflow (.github/workflows/sync-atr-community-rules.yml) that runs weekly and has write permissions. Per our GOVERNANCE.md, changes to .github/\ require maintainer-level security review.

To proceed, please split this into two PRs:

  1. PR A (merge now): The \�xamples/atr-community-rules/\ files only (policies, sync script, tests, _init_.py)
  2. PR B (separate review): The .github/workflows/sync-atr-community-rules.yml\ workflow

This lets us ship the rules immediately while the workflow gets the security review it needs. Happy to merge PR A as soon as it's split.

imran-siddique
imran-siddique approved these changes Apr 25, 2026
View reviewed changes

@imran-siddique imran-siddique left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM — nice upgrade from 15 to 287 rules. Approve.

@imran-siddique

imran-siddique commented Apr 26, 2026

Copy link
Copy Markdown
Collaborator

Thanks for the work here @eeee2345 — the rule expansion from 15 to 287 is substantial.

Before we can merge, a couple of supply-chain concerns need addressing in the sync workflow:

1. npm install needs --ignore-scripts

The workflow runs npm install ... [email protected] which could execute arbitrary post-install scripts. Please add --ignore-scripts to prevent that.

2. Provenance / checksum pinning

The workflow fetches a package at runtime and pushes a PR with write permissions. We need stronger provenance controls:

  • Pin to a specific integrity hash (npm install ... --package-lock-only + verify checksum)
  • Or vendor the rules and update via a reviewed PR rather than an automated push

3. Scope clarity

This PR is larger than "just a sync workflow" — it rewrites the entire atr_security_policy.yaml into a generated ruleset. Please clarify in the PR description what the ownership model is: are these rules AGT-maintained or ATR-upstream-maintained? If upstream, we should treat them as vendored content with clear attribution.

Happy to re-review once these are addressed!

imran-siddique
imran-siddique approved these changes Apr 26, 2026
View reviewed changes

@imran-siddique imran-siddique left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed. Workflow security is solid (version-pinned npm, PR-only workflow, no auto-merge to main). Regex validation handles the strict/lenient tradeoff correctly. CVE test coverage is good. LGTM.

@imran-siddique imran-siddique merged commit 2023109 into microsoft:main Apr 26, 2026
6 of 7 checks passed
@eeee2345

eeee2345 commented May 10, 2026

Copy link
Copy Markdown
Contributor Author

@imran-siddique — quick FYI since the weekly auto-sync started running.

ATR was integrated into MISP at two layers on 2026-05-10, both merged by adulau (MISP project lead):

For AGT enterprise users: PolicyEvaluator output carrying ATR rule IDs now resolves natively in MISP-compatible threat-intel infrastructure with full cluster-level context — not just tags. The weekly auto-sync covers rule additions on its own; the MISP integration is a parallel layer that gives AGT scan output a standard threat-intel shape downstream without any custom enrichment.

No action needed.

This was referenced May 11, 2026
Open
Open
Open
MohammadHaroonAbuomar pushed a commit to MohammadHaroonAbuomar/agt-acs that referenced this pull request Jun 1, 2026
@eeee2345
feat(examples/atr-community-rules): upgrade 15→287 rules (ATR v2.0.12…
2c9b7a4 
…), add weekly sync workflow, fix microsoft#908 owed items (microsoft#1277)

* feat(examples/atr-community-rules): upgrade 15→287 rules (ATR v2.0.12), add weekly sync workflow, fix microsoft#908 owed items

- Upgrade atr_security_policy.yaml from 15 curated rules to 287 production-ready rules
  from ATR v2.0.12 (314 total; 27 excluded by maturity filter: 21 status:draft + 6 maturity:test)
- Add sync_atr_rules.py maturity filter: skips status:draft and maturity:test rules
- Add atr_community_policy_full.yaml: full auto-generated policy baseline
- Add .github/workflows/sync-atr-community-rules.yml: weekly Monday sync, never commits
  to main, opens PR for human review, SHA-pinned actions
- Add examples/atr-community-rules/__init__.py: promised in microsoft#908
- Update test_atr_policy.py: add TestCVECoverageDenied + TestCVECoverageAllowed classes
  covering CVE-2025-59528 (Flowise), CVE-2026-33032 (MCPwn), CVE-2026-27825/27826 (mcp-atlassian)

Builds on microsoft#908.

* fix(sync-workflow): pin agent-threat-rules to @2.0.12 instead of @latest

Addresses supply chain concern from code-reviewer bot: pinned version prevents
a compromised npm publish from auto-injecting malicious rules on next sync.
Update the pin manually after verifying each ATR release.

---------

Co-authored-by: Panguard AI <[email protected]>
This was referenced Jun 5, 2026
Open
Open
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@imran-siddique imran-siddique imran-siddique approved these changes

Assignees

No one assigned

Labels

ci/cd CI/CD and workflows size/XL Extra large PR (500+ lines)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@eeee2345 @imran-siddique