Skip to main content


A rule describes flows that we want to catch (e.g, user input flowing into command execution). A rule is made of a set of source kinds, a set of sink kinds, a name, a code, and a description.

Here is an example of a rule in JSON:

"name": "User input flows into code execution (RCE)",
"code": 1,
"description": "Values from user-controlled source may eventually flow into code execution",
"sources": [
"sinks": [

For guidance on modeling sources and sinks, see the next section, Models and Model Generators.

Rules used by Mariana Trench can be specified with the --rules-paths argument. The default set of rules that run can be found in configuration/rules.json.