codejury 0.10.3__tar.gz → 0.10.4__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (192) hide show
  1. {codejury-0.10.3 → codejury-0.10.4}/PKG-INFO +2 -2
  2. {codejury-0.10.3 → codejury-0.10.4}/README.md +1 -1
  3. codejury-0.10.4/codejury/data/capabilities/model_supply_chain.yaml +59 -0
  4. codejury-0.10.4/codejury/data/golden/sc_pinned_safe.yaml +11 -0
  5. codejury-0.10.4/codejury/data/golden/sc_safetensors_safe.yaml +12 -0
  6. codejury-0.10.4/codejury/data/golden/sc_torch_load_vuln.yaml +11 -0
  7. codejury-0.10.4/codejury/data/golden/sc_trust_remote_code_vuln.yaml +11 -0
  8. {codejury-0.10.3 → codejury-0.10.4}/codejury.egg-info/PKG-INFO +2 -2
  9. {codejury-0.10.3 → codejury-0.10.4}/codejury.egg-info/SOURCES.txt +5 -0
  10. {codejury-0.10.3 → codejury-0.10.4}/pyproject.toml +1 -1
  11. {codejury-0.10.3 → codejury-0.10.4}/LICENSE +0 -0
  12. {codejury-0.10.3 → codejury-0.10.4}/codejury/__init__.py +0 -0
  13. {codejury-0.10.3 → codejury-0.10.4}/codejury/agents/__init__.py +0 -0
  14. {codejury-0.10.3 → codejury-0.10.4}/codejury/agents/base.py +0 -0
  15. {codejury-0.10.3 → codejury-0.10.4}/codejury/agents/debate.py +0 -0
  16. {codejury-0.10.3 → codejury-0.10.4}/codejury/agents/mock.py +0 -0
  17. {codejury-0.10.3 → codejury-0.10.4}/codejury/agents/parsing.py +0 -0
  18. {codejury-0.10.3 → codejury-0.10.4}/codejury/agents/refuter.py +0 -0
  19. {codejury-0.10.3 → codejury-0.10.4}/codejury/agents/verifier.py +0 -0
  20. {codejury-0.10.3 → codejury-0.10.4}/codejury/analysis/__init__.py +0 -0
  21. {codejury-0.10.3 → codejury-0.10.4}/codejury/analysis/provenance.py +0 -0
  22. {codejury-0.10.3 → codejury-0.10.4}/codejury/analysis/taint.py +0 -0
  23. {codejury-0.10.3 → codejury-0.10.4}/codejury/assembly.py +0 -0
  24. {codejury-0.10.3 → codejury-0.10.4}/codejury/baseline.py +0 -0
  25. {codejury-0.10.3 → codejury-0.10.4}/codejury/cli.py +0 -0
  26. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/capabilities/authentication.yaml +0 -0
  27. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/capabilities/authorization.yaml +0 -0
  28. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/capabilities/business_logic.yaml +0 -0
  29. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/capabilities/crypto.yaml +0 -0
  30. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/capabilities/data_protection.yaml +0 -0
  31. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/capabilities/dependency_config.yaml +0 -0
  32. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/capabilities/error_logging.yaml +0 -0
  33. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/capabilities/excessive_agency.yaml +0 -0
  34. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/capabilities/input_validation.yaml +0 -0
  35. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/capabilities/insecure_output_handling.yaml +0 -0
  36. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/capabilities/output_encoding.yaml +0 -0
  37. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/capabilities/prompt_injection.yaml +0 -0
  38. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/capabilities/secrets.yaml +0 -0
  39. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/capabilities/session.yaml +0 -0
  40. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/ag_allowlist_safe.yaml +0 -0
  41. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/ag_arbitrary_tool_vuln.yaml +0 -0
  42. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/ag_destructive_no_confirm_vuln.yaml +0 -0
  43. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/ag_fixed_enum_safe.yaml +0 -0
  44. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/ag_human_approval_safe.yaml +0 -0
  45. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/ag_model_confirmed_vuln.yaml +0 -0
  46. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/authn_bcrypt_password.yaml +0 -0
  47. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/authn_jwt_noverify_vuln.yaml +0 -0
  48. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/authn_jwt_verified_safe.yaml +0 -0
  49. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/authn_sha256_checksum_safe.yaml +0 -0
  50. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/authn_sha256_password.yaml +0 -0
  51. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/authn_weak_hash_indirect_vuln.yaml +0 -0
  52. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/authz_idor_vuln.yaml +0 -0
  53. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/authz_owner_safe.yaml +0 -0
  54. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/business_logic_price_tamper_vuln.yaml +0 -0
  55. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/business_logic_server_checked_safe.yaml +0 -0
  56. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/cmdi_fixed_argv_safe.yaml +0 -0
  57. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/cmdi_ossystem_vuln.yaml +0 -0
  58. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/cmdi_subprocess_safe.yaml +0 -0
  59. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/crypto_aesgcm_safe.yaml +0 -0
  60. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/crypto_ecb_vuln.yaml +0 -0
  61. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/data_protection_plaintext_pii_vuln.yaml +0 -0
  62. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/data_protection_tokenized_safe.yaml +0 -0
  63. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/dependency_config_tls_verify_off_vuln.yaml +0 -0
  64. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/dependency_config_tls_verify_on_safe.yaml +0 -0
  65. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/deserialize_json_safe.yaml +0 -0
  66. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/deserialize_pickle_vuln.yaml +0 -0
  67. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/error_logging_redacted_safe.yaml +0 -0
  68. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/error_logging_secret_leak_vuln.yaml +0 -0
  69. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/ioh_escaped_output_safe.yaml +0 -0
  70. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/ioh_exec_output_vuln.yaml +0 -0
  71. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/ioh_innerhtml_output_vuln.yaml +0 -0
  72. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/ioh_json_response_safe.yaml +0 -0
  73. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/ioh_output_to_sql_vuln.yaml +0 -0
  74. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/ioh_schema_validated_safe.yaml +0 -0
  75. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/literal_eval_safe.yaml +0 -0
  76. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/path_basename_safe.yaml +0 -0
  77. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/path_contained_safe.yaml +0 -0
  78. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/path_traversal_vuln.yaml +0 -0
  79. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/pi_delimited_data_safe.yaml +0 -0
  80. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/pi_format_role_vuln.yaml +0 -0
  81. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/pi_indirect_rag_vuln.yaml +0 -0
  82. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/pi_system_concat_vuln.yaml +0 -0
  83. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/pi_user_content_concat_safe.yaml +0 -0
  84. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/pi_user_role_safe.yaml +0 -0
  85. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/secrets_env_safe.yaml +0 -0
  86. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/secrets_hardcoded_vuln.yaml +0 -0
  87. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/session_fixation_vuln.yaml +0 -0
  88. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/session_secure_cookie_safe.yaml +0 -0
  89. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/sql_constant_concat_safe.yaml +0 -0
  90. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/sqli_format_vuln.yaml +0 -0
  91. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/sqli_fstring_query.yaml +0 -0
  92. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/sqli_indirect_var_vuln.yaml +0 -0
  93. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/sqli_parameterized_query.yaml +0 -0
  94. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/ssrf_allowlist_safe.yaml +0 -0
  95. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/ssrf_constant_url_safe.yaml +0 -0
  96. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/ssrf_substring_allowlist_bypass_vuln.yaml +0 -0
  97. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/ssrf_user_url_vuln.yaml +0 -0
  98. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/xfile_idor_no_check_vuln.yaml +0 -0
  99. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/xfile_idor_owner_checked_safe.yaml +0 -0
  100. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/xfile_path_sanitized_safe.yaml +0 -0
  101. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/xfile_path_tainted_vuln.yaml +0 -0
  102. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/xss_innerhtml_constant_safe.yaml +0 -0
  103. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/xss_innerhtml_vuln.yaml +0 -0
  104. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/golden/xss_textcontent_safe.yaml +0 -0
  105. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/suppressions.yaml +0 -0
  106. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/taint.yaml +0 -0
  107. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/tasks/audit_diff_debate.yaml +0 -0
  108. {codejury-0.10.3 → codejury-0.10.4}/codejury/data/tasks/quick_scan_single.yaml +0 -0
  109. {codejury-0.10.3 → codejury-0.10.4}/codejury/domain/__init__.py +0 -0
  110. {codejury-0.10.3 → codejury-0.10.4}/codejury/domain/artifact.py +0 -0
  111. {codejury-0.10.3 → codejury-0.10.4}/codejury/domain/capability.py +0 -0
  112. {codejury-0.10.3 → codejury-0.10.4}/codejury/domain/context.py +0 -0
  113. {codejury-0.10.3 → codejury-0.10.4}/codejury/domain/observation.py +0 -0
  114. {codejury-0.10.3 → codejury-0.10.4}/codejury/domain/result.py +0 -0
  115. {codejury-0.10.3 → codejury-0.10.4}/codejury/evaluation.py +0 -0
  116. {codejury-0.10.3 → codejury-0.10.4}/codejury/infrastructure/__init__.py +0 -0
  117. {codejury-0.10.3 → codejury-0.10.4}/codejury/infrastructure/cache.py +0 -0
  118. {codejury-0.10.3 → codejury-0.10.4}/codejury/infrastructure/json_parse.py +0 -0
  119. {codejury-0.10.3 → codejury-0.10.4}/codejury/integrations/__init__.py +0 -0
  120. {codejury-0.10.3 → codejury-0.10.4}/codejury/integrations/github.py +0 -0
  121. {codejury-0.10.3 → codejury-0.10.4}/codejury/orchestrators/__init__.py +0 -0
  122. {codejury-0.10.3 → codejury-0.10.4}/codejury/orchestrators/adaptive.py +0 -0
  123. {codejury-0.10.3 → codejury-0.10.4}/codejury/orchestrators/base.py +0 -0
  124. {codejury-0.10.3 → codejury-0.10.4}/codejury/orchestrators/challenge.py +0 -0
  125. {codejury-0.10.3 → codejury-0.10.4}/codejury/orchestrators/debate.py +0 -0
  126. {codejury-0.10.3 → codejury-0.10.4}/codejury/orchestrators/pipeline.py +0 -0
  127. {codejury-0.10.3 → codejury-0.10.4}/codejury/orchestrators/reflexion.py +0 -0
  128. {codejury-0.10.3 → codejury-0.10.4}/codejury/orchestrators/single.py +0 -0
  129. {codejury-0.10.3 → codejury-0.10.4}/codejury/orchestrators/taint_gate.py +0 -0
  130. {codejury-0.10.3 → codejury-0.10.4}/codejury/providers/__init__.py +0 -0
  131. {codejury-0.10.3 → codejury-0.10.4}/codejury/providers/anthropic.py +0 -0
  132. {codejury-0.10.3 → codejury-0.10.4}/codejury/providers/base.py +0 -0
  133. {codejury-0.10.3 → codejury-0.10.4}/codejury/providers/litellm.py +0 -0
  134. {codejury-0.10.3 → codejury-0.10.4}/codejury/providers/mock.py +0 -0
  135. {codejury-0.10.3 → codejury-0.10.4}/codejury/providers/openai.py +0 -0
  136. {codejury-0.10.3 → codejury-0.10.4}/codejury/providers/openai_format.py +0 -0
  137. {codejury-0.10.3 → codejury-0.10.4}/codejury/providers/retry.py +0 -0
  138. {codejury-0.10.3 → codejury-0.10.4}/codejury/reporting.py +0 -0
  139. {codejury-0.10.3 → codejury-0.10.4}/codejury/resources.py +0 -0
  140. {codejury-0.10.3 → codejury-0.10.4}/codejury/sources/__init__.py +0 -0
  141. {codejury-0.10.3 → codejury-0.10.4}/codejury/sources/base.py +0 -0
  142. {codejury-0.10.3 → codejury-0.10.4}/codejury/sources/callers.py +0 -0
  143. {codejury-0.10.3 → codejury-0.10.4}/codejury/sources/chunker.py +0 -0
  144. {codejury-0.10.3 → codejury-0.10.4}/codejury/sources/diff.py +0 -0
  145. {codejury-0.10.3 → codejury-0.10.4}/codejury/sources/function.py +0 -0
  146. {codejury-0.10.3 → codejury-0.10.4}/codejury/sources/mock.py +0 -0
  147. {codejury-0.10.3 → codejury-0.10.4}/codejury/sources/repo.py +0 -0
  148. {codejury-0.10.3 → codejury-0.10.4}/codejury/suppression.py +0 -0
  149. {codejury-0.10.3 → codejury-0.10.4}/codejury/tasks/__init__.py +0 -0
  150. {codejury-0.10.3 → codejury-0.10.4}/codejury/tasks/base.py +0 -0
  151. {codejury-0.10.3 → codejury-0.10.4}/codejury/tasks/registry.py +0 -0
  152. {codejury-0.10.3 → codejury-0.10.4}/codejury.egg-info/dependency_links.txt +0 -0
  153. {codejury-0.10.3 → codejury-0.10.4}/codejury.egg-info/entry_points.txt +0 -0
  154. {codejury-0.10.3 → codejury-0.10.4}/codejury.egg-info/requires.txt +0 -0
  155. {codejury-0.10.3 → codejury-0.10.4}/codejury.egg-info/top_level.txt +0 -0
  156. {codejury-0.10.3 → codejury-0.10.4}/setup.cfg +0 -0
  157. {codejury-0.10.3 → codejury-0.10.4}/tests/test_adaptive.py +0 -0
  158. {codejury-0.10.3 → codejury-0.10.4}/tests/test_anthropic_provider.py +0 -0
  159. {codejury-0.10.3 → codejury-0.10.4}/tests/test_assembly.py +0 -0
  160. {codejury-0.10.3 → codejury-0.10.4}/tests/test_audit_pipeline.py +0 -0
  161. {codejury-0.10.3 → codejury-0.10.4}/tests/test_baseline.py +0 -0
  162. {codejury-0.10.3 → codejury-0.10.4}/tests/test_cache.py +0 -0
  163. {codejury-0.10.3 → codejury-0.10.4}/tests/test_callers.py +0 -0
  164. {codejury-0.10.3 → codejury-0.10.4}/tests/test_capability.py +0 -0
  165. {codejury-0.10.3 → codejury-0.10.4}/tests/test_challenge.py +0 -0
  166. {codejury-0.10.3 → codejury-0.10.4}/tests/test_cli_audit.py +0 -0
  167. {codejury-0.10.3 → codejury-0.10.4}/tests/test_context.py +0 -0
  168. {codejury-0.10.3 → codejury-0.10.4}/tests/test_debate_agents.py +0 -0
  169. {codejury-0.10.3 → codejury-0.10.4}/tests/test_debate_orchestrator.py +0 -0
  170. {codejury-0.10.3 → codejury-0.10.4}/tests/test_diff_source.py +0 -0
  171. {codejury-0.10.3 → codejury-0.10.4}/tests/test_evaluation.py +0 -0
  172. {codejury-0.10.3 → codejury-0.10.4}/tests/test_function_source.py +0 -0
  173. {codejury-0.10.3 → codejury-0.10.4}/tests/test_integrations.py +0 -0
  174. {codejury-0.10.3 → codejury-0.10.4}/tests/test_json_parse.py +0 -0
  175. {codejury-0.10.3 → codejury-0.10.4}/tests/test_litellm_provider.py +0 -0
  176. {codejury-0.10.3 → codejury-0.10.4}/tests/test_openai_provider.py +0 -0
  177. {codejury-0.10.3 → codejury-0.10.4}/tests/test_orchestrator.py +0 -0
  178. {codejury-0.10.3 → codejury-0.10.4}/tests/test_parsing.py +0 -0
  179. {codejury-0.10.3 → codejury-0.10.4}/tests/test_pipeline_orchestrator.py +0 -0
  180. {codejury-0.10.3 → codejury-0.10.4}/tests/test_provenance.py +0 -0
  181. {codejury-0.10.3 → codejury-0.10.4}/tests/test_reflexion_orchestrator.py +0 -0
  182. {codejury-0.10.3 → codejury-0.10.4}/tests/test_repo_source.py +0 -0
  183. {codejury-0.10.3 → codejury-0.10.4}/tests/test_reporting.py +0 -0
  184. {codejury-0.10.3 → codejury-0.10.4}/tests/test_retry_provider.py +0 -0
  185. {codejury-0.10.3 → codejury-0.10.4}/tests/test_review_fixes.py +0 -0
  186. {codejury-0.10.3 → codejury-0.10.4}/tests/test_sarif.py +0 -0
  187. {codejury-0.10.3 → codejury-0.10.4}/tests/test_suppression.py +0 -0
  188. {codejury-0.10.3 → codejury-0.10.4}/tests/test_taint.py +0 -0
  189. {codejury-0.10.3 → codejury-0.10.4}/tests/test_taint_crossfile.py +0 -0
  190. {codejury-0.10.3 → codejury-0.10.4}/tests/test_taint_gate.py +0 -0
  191. {codejury-0.10.3 → codejury-0.10.4}/tests/test_tasks.py +0 -0
  192. {codejury-0.10.3 → codejury-0.10.4}/tests/test_verifier.py +0 -0
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: codejury
3
- Version: 0.10.3
3
+ Version: 0.10.4
4
4
  Summary: General-purpose Application Security AI audit framework: five-layer architecture, capabilities as first-class data
5
5
  Author: AISecLabs
6
6
  License-Expression: MIT
@@ -186,7 +186,7 @@ what `--only` and a task's `capabilities:` accept:
186
186
  `authn`, `authz`, `session`, `input_validation`, `output_encoding`, `crypto`,
187
187
  `secrets`, `data_protection`, `error_logging`, `business_logic`,
188
188
  `dependency_config`, `prompt_injection`, `insecure_output_handling`,
189
- `excessive_agency`.
189
+ `excessive_agency`, `model_supply_chain`.
190
190
 
191
191
  To tune for your codebase, edit these files, adding patterns or sharpening
192
192
  wording. No code change is needed.
@@ -156,7 +156,7 @@ what `--only` and a task's `capabilities:` accept:
156
156
  `authn`, `authz`, `session`, `input_validation`, `output_encoding`, `crypto`,
157
157
  `secrets`, `data_protection`, `error_logging`, `business_logic`,
158
158
  `dependency_config`, `prompt_injection`, `insecure_output_handling`,
159
- `excessive_agency`.
159
+ `excessive_agency`, `model_supply_chain`.
160
160
 
161
161
  To tune for your codebase, edit these files, adding patterns or sharpening
162
162
  wording. No code change is needed.
@@ -0,0 +1,59 @@
1
+ # OWASP LLM Top 10 (2025), LLM03: Supply Chain.
2
+ id: model_supply_chain
3
+ name: Model Supply Chain
4
+ asvs_chapter: "" # OWASP LLM03, not an ASVS chapter
5
+ description: >-
6
+ Loading a model, its code, or its weights from an untrusted or unverified
7
+ source. The high-impact cases run code at load time: executing code shipped
8
+ with a third-party model, or deserializing weights through pickle. Pin and
9
+ verify artifacts, and do not enable remote code execution for a model you do
10
+ not control.
11
+
12
+ sub_capabilities:
13
+ remote_code:
14
+ correct_patterns:
15
+ - id: SC-OK-1
16
+ description: Load a model with remote code execution off and a pinned revision
17
+ signals: ["trust_remote_code=False", "revision="]
18
+ why_ok: The third-party repo cannot run code at load time and the artifact is pinned
19
+
20
+ anti_patterns:
21
+ - id: SC-BAD-1
22
+ cwe: CWE-494
23
+ severity: CRITICAL
24
+ description: >-
25
+ Load a model with trust_remote_code=True, which executes code shipped in
26
+ the model repository at load time
27
+ signals: ["trust_remote_code=True", "from_pretrained"]
28
+ why_bad: A malicious or compromised model repo runs arbitrary code in your process
29
+ example_bad: |
30
+ model = AutoModel.from_pretrained("vendor/model", trust_remote_code=True)
31
+ example_good: |
32
+ model = AutoModel.from_pretrained("vendor/model", revision="a1b2c3d")
33
+
34
+ artifact_integrity:
35
+ correct_patterns:
36
+ - id: SC-OK-2
37
+ description: Load weights from a data-only format such as safetensors
38
+ signals: ["safetensors", "load_file"]
39
+ why_ok: A data-only weights format cannot execute code on load
40
+
41
+ anti_patterns:
42
+ - id: SC-BAD-2
43
+ cwe: CWE-502
44
+ severity: HIGH
45
+ description: >-
46
+ Deserialize model weights or a checkpoint through pickle, for example
47
+ torch.load or joblib.load on a downloaded file, which can run code on load
48
+ signals: ["torch.load", "pickle.load", "joblib.load"]
49
+ why_bad: Pickle-based loaders execute code embedded in the file during deserialization
50
+ example_bad: |
51
+ state = torch.load(downloaded_checkpoint)
52
+ example_good: |
53
+ from safetensors.torch import load_file
54
+ state = load_file("model.safetensors")
55
+
56
+ trigger_signals:
57
+ - from_pretrained or a model or dataset download call
58
+ - trust_remote_code set on a model load
59
+ - torch.load, pickle.load, or joblib.load of model weights
@@ -0,0 +1,11 @@
1
+ capability: model_supply_chain
2
+ vulnerable: false
3
+ expected_verdict: SECURE
4
+ cwe: ""
5
+ source: synthetic
6
+ notes: >
7
+ An ordinary model load: remote code execution is off by default and the
8
+ revision is pinned, so a plain from_pretrained must not be flagged.
9
+ code: |
10
+ def load():
11
+ return AutoModel.from_pretrained("bert-base-uncased", revision="a1b2c3d")
@@ -0,0 +1,12 @@
1
+ capability: model_supply_chain
2
+ vulnerable: false
3
+ expected_verdict: SECURE
4
+ cwe: ""
5
+ source: synthetic
6
+ notes: >
7
+ safetensors is a data-only weights format that cannot execute code on load.
8
+ code: |
9
+ from safetensors.torch import load_file
10
+
11
+ def load_checkpoint(path):
12
+ return load_file(path)
@@ -0,0 +1,11 @@
1
+ capability: model_supply_chain
2
+ vulnerable: true
3
+ expected_verdict: VULNERABLE
4
+ cwe: CWE-502
5
+ source: synthetic
6
+ notes: >
7
+ torch.load deserializes through pickle, so loading a downloaded checkpoint runs
8
+ any code embedded in the file. Use a data-only format such as safetensors.
9
+ code: |
10
+ def load_checkpoint(path):
11
+ return torch.load(path)
@@ -0,0 +1,11 @@
1
+ capability: model_supply_chain
2
+ vulnerable: true
3
+ expected_verdict: VULNERABLE
4
+ cwe: CWE-494
5
+ source: synthetic
6
+ notes: >
7
+ trust_remote_code=True runs code shipped in the third-party model repo at load
8
+ time, so a malicious or compromised repo executes arbitrary code in the process.
9
+ code: |
10
+ def load(name):
11
+ return AutoModel.from_pretrained(name, trust_remote_code=True)
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: codejury
3
- Version: 0.10.3
3
+ Version: 0.10.4
4
4
  Summary: General-purpose Application Security AI audit framework: five-layer architecture, capabilities as first-class data
5
5
  Author: AISecLabs
6
6
  License-Expression: MIT
@@ -186,7 +186,7 @@ what `--only` and a task's `capabilities:` accept:
186
186
  `authn`, `authz`, `session`, `input_validation`, `output_encoding`, `crypto`,
187
187
  `secrets`, `data_protection`, `error_logging`, `business_logic`,
188
188
  `dependency_config`, `prompt_injection`, `insecure_output_handling`,
189
- `excessive_agency`.
189
+ `excessive_agency`, `model_supply_chain`.
190
190
 
191
191
  To tune for your codebase, edit these files, adding patterns or sharpening
192
192
  wording. No code change is needed.
@@ -37,6 +37,7 @@ codejury/data/capabilities/error_logging.yaml
37
37
  codejury/data/capabilities/excessive_agency.yaml
38
38
  codejury/data/capabilities/input_validation.yaml
39
39
  codejury/data/capabilities/insecure_output_handling.yaml
40
+ codejury/data/capabilities/model_supply_chain.yaml
40
41
  codejury/data/capabilities/output_encoding.yaml
41
42
  codejury/data/capabilities/prompt_injection.yaml
42
43
  codejury/data/capabilities/secrets.yaml
@@ -86,6 +87,10 @@ codejury/data/golden/pi_indirect_rag_vuln.yaml
86
87
  codejury/data/golden/pi_system_concat_vuln.yaml
87
88
  codejury/data/golden/pi_user_content_concat_safe.yaml
88
89
  codejury/data/golden/pi_user_role_safe.yaml
90
+ codejury/data/golden/sc_pinned_safe.yaml
91
+ codejury/data/golden/sc_safetensors_safe.yaml
92
+ codejury/data/golden/sc_torch_load_vuln.yaml
93
+ codejury/data/golden/sc_trust_remote_code_vuln.yaml
89
94
  codejury/data/golden/secrets_env_safe.yaml
90
95
  codejury/data/golden/secrets_hardcoded_vuln.yaml
91
96
  codejury/data/golden/session_fixation_vuln.yaml
@@ -1,6 +1,6 @@
1
1
  [project]
2
2
  name = "codejury"
3
- version = "0.10.3"
3
+ version = "0.10.4"
4
4
  description = "General-purpose Application Security AI audit framework: five-layer architecture, capabilities as first-class data"
5
5
  readme = "README.md"
6
6
  requires-python = ">=3.12"
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes