modelaudit 0.2.34__tar.gz → 0.2.35__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (637) hide show
  1. modelaudit-0.2.35/.release-please-manifest.json +3 -0
  2. {modelaudit-0.2.34 → modelaudit-0.2.35}/CHANGELOG.md +48 -0
  3. {modelaudit-0.2.34 → modelaudit-0.2.35}/PKG-INFO +1 -1
  4. {modelaudit-0.2.34 → modelaudit-0.2.35}/docs/agents/picklescan-package-split.md +15 -3
  5. modelaudit-0.2.35/docs/agents/repo-correctness-audit.md +209 -0
  6. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/cache/cache_policy.py +10 -0
  7. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/core.py +24 -1
  8. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/detectors/suspicious_symbols.py +15 -6
  9. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanner_registry_metadata.py +1 -0
  10. modelaudit-0.2.35/modelaudit/scanners/_archive_outcomes.py +26 -0
  11. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/catboost_scanner.py +16 -9
  12. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/compressed_scanner.py +317 -72
  13. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/gguf_scanner.py +113 -71
  14. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/jinja2_template_scanner.py +148 -21
  15. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/keras_h5_scanner.py +151 -20
  16. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/keras_zip_scanner.py +213 -61
  17. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/manifest_scanner.py +182 -91
  18. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/mxnet_scanner.py +40 -19
  19. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/nemo_scanner.py +92 -14
  20. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/numpy_scanner.py +32 -4
  21. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/onnx_scanner.py +38 -4
  22. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/paddle_scanner.py +2 -2
  23. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/pickle_scanner.py +91 -22
  24. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/picklescan_adapter.py +58 -10
  25. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/safetensors_scanner.py +147 -33
  26. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/sevenzip_scanner.py +22 -4
  27. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/tar_scanner.py +18 -4
  28. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/tflite_scanner.py +17 -1
  29. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/zip_scanner.py +31 -18
  30. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/utils/file/detection.py +2 -0
  31. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/utils/file/handlers.py +104 -5
  32. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/utils/file/streaming.py +36 -18
  33. {modelaudit-0.2.34 → modelaudit-0.2.35}/packages/modelaudit-picklescan/README.md +18 -2
  34. modelaudit-0.2.35/packages/modelaudit-picklescan/src/modelaudit_picklescan/engine/nested.py +126 -0
  35. modelaudit-0.2.35/packages/modelaudit-picklescan/src/modelaudit_picklescan/engine/policy.py +248 -0
  36. {modelaudit-0.2.34 → modelaudit-0.2.35}/packages/modelaudit-picklescan/src/modelaudit_picklescan/engine/scanner.py +355 -337
  37. modelaudit-0.2.35/packages/modelaudit-picklescan/src/modelaudit_picklescan/engine/stream.py +141 -0
  38. modelaudit-0.2.35/packages/modelaudit-picklescan/src/modelaudit_picklescan/options.py +74 -0
  39. {modelaudit-0.2.34 → modelaudit-0.2.35}/packages/modelaudit-picklescan/src/modelaudit_picklescan/report.py +48 -8
  40. modelaudit-0.2.35/packages/modelaudit-picklescan/tests/test_api.py +1030 -0
  41. {modelaudit-0.2.34 → modelaudit-0.2.35}/packages/modelaudit-picklescan/tests/test_options.py +6 -0
  42. {modelaudit-0.2.34 → modelaudit-0.2.35}/packages/modelaudit-picklescan/tests/test_report.py +39 -0
  43. {modelaudit-0.2.34 → modelaudit-0.2.35}/pyproject.toml +1 -1
  44. {modelaudit-0.2.34 → modelaudit-0.2.35}/scripts/README.md +3 -1
  45. {modelaudit-0.2.34 → modelaudit-0.2.35}/scripts/compare_pickle_scanners.py +69 -47
  46. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/cache/test_cache_correctness.py +37 -0
  47. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/conftest.py +1 -0
  48. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_catboost_scanner.py +24 -1
  49. modelaudit-0.2.35/tests/scanners/test_compressed_scanner.py +694 -0
  50. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_gguf_scanner.py +151 -10
  51. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_jinja2_template_scanner.py +114 -2
  52. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_keras_h5_scanner.py +252 -3
  53. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_keras_zip_scanner.py +273 -6
  54. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_manifest_scanner.py +183 -2
  55. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_mxnet_scanner.py +139 -3
  56. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_nemo_scanner.py +97 -2
  57. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_numpy_scanner.py +54 -1
  58. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_onnx_scanner.py +51 -1
  59. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_paddle_scanner.py +36 -1
  60. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_pickle_scanner.py +359 -2
  61. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_picklescan_adapter.py +154 -0
  62. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_safetensors_scanner.py +111 -2
  63. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_sevenzip_scanner.py +48 -2
  64. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_tar_scanner.py +79 -2
  65. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_tensorrt_scanner.py +20 -0
  66. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_tflite_scanner.py +68 -0
  67. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_zip_scanner.py +128 -1
  68. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scripts/test_compare_pickle_scanners.py +14 -0
  69. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_core.py +30 -0
  70. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_streaming_scan.py +57 -0
  71. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/utils/file/test_advanced_file_handler.py +143 -0
  72. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/utils/file/test_streaming_analysis.py +78 -1
  73. {modelaudit-0.2.34 → modelaudit-0.2.35}/uv.lock +1 -1
  74. modelaudit-0.2.34/.release-please-manifest.json +0 -3
  75. modelaudit-0.2.34/packages/modelaudit-picklescan/src/modelaudit_picklescan/options.py +0 -40
  76. modelaudit-0.2.34/packages/modelaudit-picklescan/tests/test_api.py +0 -515
  77. modelaudit-0.2.34/tests/scanners/test_compressed_scanner.py +0 -360
  78. {modelaudit-0.2.34 → modelaudit-0.2.35}/.dockerignore +0 -0
  79. {modelaudit-0.2.34 → modelaudit-0.2.35}/.editorconfig +0 -0
  80. {modelaudit-0.2.34 → modelaudit-0.2.35}/.gitattributes +0 -0
  81. {modelaudit-0.2.34 → modelaudit-0.2.35}/.github/CODEOWNERS +0 -0
  82. {modelaudit-0.2.34 → modelaudit-0.2.35}/.github/ISSUE_TEMPLATE/bug_report.yml +0 -0
  83. {modelaudit-0.2.34 → modelaudit-0.2.35}/.github/ISSUE_TEMPLATE/feature_request.yml +0 -0
  84. {modelaudit-0.2.34 → modelaudit-0.2.35}/.github/PULL_REQUEST_TEMPLATE.md +0 -0
  85. {modelaudit-0.2.34 → modelaudit-0.2.35}/.github/markdown-link-check-config.json +0 -0
  86. {modelaudit-0.2.34 → modelaudit-0.2.35}/.github/workflows/README.md +0 -0
  87. {modelaudit-0.2.34 → modelaudit-0.2.35}/.github/workflows/codeql.yml +0 -0
  88. {modelaudit-0.2.34 → modelaudit-0.2.35}/.github/workflows/docker-image-test.yml +0 -0
  89. {modelaudit-0.2.34 → modelaudit-0.2.35}/.github/workflows/docker-publish.yml +0 -0
  90. {modelaudit-0.2.34 → modelaudit-0.2.35}/.github/workflows/docs-check.yml +0 -0
  91. {modelaudit-0.2.34 → modelaudit-0.2.35}/.github/workflows/nightly.yml +0 -0
  92. {modelaudit-0.2.34 → modelaudit-0.2.35}/.github/workflows/perf.yml +0 -0
  93. {modelaudit-0.2.34 → modelaudit-0.2.35}/.github/workflows/release-please.yml +0 -0
  94. {modelaudit-0.2.34 → modelaudit-0.2.35}/.github/workflows/test.yml +0 -0
  95. {modelaudit-0.2.34 → modelaudit-0.2.35}/.github/workflows/validate-pr-title.yml +0 -0
  96. {modelaudit-0.2.34 → modelaudit-0.2.35}/.gitignore +0 -0
  97. {modelaudit-0.2.34 → modelaudit-0.2.35}/.mailmap +0 -0
  98. {modelaudit-0.2.34 → modelaudit-0.2.35}/.modelaudit.toml.example +0 -0
  99. {modelaudit-0.2.34 → modelaudit-0.2.35}/.prettierignore +0 -0
  100. {modelaudit-0.2.34 → modelaudit-0.2.35}/AGENTS.md +0 -0
  101. {modelaudit-0.2.34 → modelaudit-0.2.35}/CLAUDE.md +0 -0
  102. {modelaudit-0.2.34 → modelaudit-0.2.35}/CODE_OF_CONDUCT.md +0 -0
  103. {modelaudit-0.2.34 → modelaudit-0.2.35}/CONTRIBUTING.md +0 -0
  104. {modelaudit-0.2.34 → modelaudit-0.2.35}/Dockerfile +0 -0
  105. {modelaudit-0.2.34 → modelaudit-0.2.35}/Dockerfile.full +0 -0
  106. {modelaudit-0.2.34 → modelaudit-0.2.35}/Dockerfile.tensorflow +0 -0
  107. {modelaudit-0.2.34 → modelaudit-0.2.35}/LICENSE +0 -0
  108. {modelaudit-0.2.34 → modelaudit-0.2.35}/MAINTAINERS.md +0 -0
  109. {modelaudit-0.2.34 → modelaudit-0.2.35}/MANIFEST.in +0 -0
  110. {modelaudit-0.2.34 → modelaudit-0.2.35}/README.md +0 -0
  111. {modelaudit-0.2.34 → modelaudit-0.2.35}/RULES.md +0 -0
  112. {modelaudit-0.2.34 → modelaudit-0.2.35}/SECURITY.md +0 -0
  113. {modelaudit-0.2.34 → modelaudit-0.2.35}/SUPPORT.md +0 -0
  114. {modelaudit-0.2.34 → modelaudit-0.2.35}/THIRD_PARTY_NOTICES.md +0 -0
  115. {modelaudit-0.2.34 → modelaudit-0.2.35}/codecov.yml +0 -0
  116. {modelaudit-0.2.34 → modelaudit-0.2.35}/docker-compose.yml +0 -0
  117. {modelaudit-0.2.34 → modelaudit-0.2.35}/docker-entrypoint.sh +0 -0
  118. {modelaudit-0.2.34 → modelaudit-0.2.35}/docs/agents/architecture.md +0 -0
  119. {modelaudit-0.2.34 → modelaudit-0.2.35}/docs/agents/dependencies.md +0 -0
  120. {modelaudit-0.2.34 → modelaudit-0.2.35}/docs/agents/new-scanner-quickstart.md +0 -0
  121. {modelaudit-0.2.34 → modelaudit-0.2.35}/docs/agents/release-process.md +0 -0
  122. {modelaudit-0.2.34 → modelaudit-0.2.35}/docs/maintainers/cve-gap-pr-plan-2026-03-20.md +0 -0
  123. {modelaudit-0.2.34 → modelaudit-0.2.35}/docs/maintainers/cve-process.md +0 -0
  124. {modelaudit-0.2.34 → modelaudit-0.2.35}/docs/maintainers/dependency-policy.md +0 -0
  125. {modelaudit-0.2.34 → modelaudit-0.2.35}/docs/maintainers/format-gap-plans/coreml-mlmodel.md +0 -0
  126. {modelaudit-0.2.34 → modelaudit-0.2.35}/docs/maintainers/format-gap-plans/mxnet-models.md +0 -0
  127. {modelaudit-0.2.34 → modelaudit-0.2.35}/docs/maintainers/format-gap-plans/tensorflow-metagraph.md +0 -0
  128. {modelaudit-0.2.34 → modelaudit-0.2.35}/docs/maintainers/format-gap-plans/torchserve-mar.md +0 -0
  129. {modelaudit-0.2.34 → modelaudit-0.2.35}/docs/maintainers/triage-playbook.md +0 -0
  130. {modelaudit-0.2.34 → modelaudit-0.2.35}/docs/security/threat-model.md +0 -0
  131. {modelaudit-0.2.34 → modelaudit-0.2.35}/docs/user/compatibility-matrix.md +0 -0
  132. {modelaudit-0.2.34 → modelaudit-0.2.35}/docs/user/metadata-extraction.md +0 -0
  133. {modelaudit-0.2.34 → modelaudit-0.2.35}/docs/user/offline-air-gapped.md +0 -0
  134. {modelaudit-0.2.34 → modelaudit-0.2.35}/docs/user/security-model.md +0 -0
  135. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/__init__.py +0 -0
  136. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/__main__.py +0 -0
  137. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/analysis/__init__.py +0 -0
  138. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/analysis/anomaly_detector.py +0 -0
  139. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/analysis/enhanced_pattern_detector.py +0 -0
  140. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/analysis/entropy_analyzer.py +0 -0
  141. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/analysis/framework_patterns.py +0 -0
  142. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/analysis/integrated_analyzer.py +0 -0
  143. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/analysis/ml_context_analyzer.py +0 -0
  144. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/analysis/opcode_sequence_analyzer.py +0 -0
  145. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/analysis/semantic_analyzer.py +0 -0
  146. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/analysis/unified_context.py +0 -0
  147. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/auth/__init__.py +0 -0
  148. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/auth/client.py +0 -0
  149. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/auth/config.py +0 -0
  150. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/cache/__init__.py +0 -0
  151. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/cache/adaptive_cache_keys.py +0 -0
  152. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/cache/batch_operations.py +0 -0
  153. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/cache/cache_manager.py +0 -0
  154. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/cache/optimized_config.py +0 -0
  155. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/cache/scan_results_cache.py +0 -0
  156. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/cache/trusted_config_store.py +0 -0
  157. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/cli.py +0 -0
  158. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/config/__init__.py +0 -0
  159. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/config/constants.py +0 -0
  160. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/config/data/spdx_licenses.json +0 -0
  161. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/config/explanations.py +0 -0
  162. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/config/generated_keras_layers.py +0 -0
  163. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/config/local_config.py +0 -0
  164. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/config/name_blacklist.py +0 -0
  165. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/config/rule_config.py +0 -0
  166. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/detectors/__init__.py +0 -0
  167. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/detectors/cve_patterns.py +0 -0
  168. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/detectors/jit_script.py +0 -0
  169. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/detectors/network_comm.py +0 -0
  170. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/detectors/secrets.py +0 -0
  171. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/integrations/__init__.py +0 -0
  172. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/integrations/jfrog.py +0 -0
  173. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/integrations/license_checker.py +0 -0
  174. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/integrations/mlflow.py +0 -0
  175. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/integrations/sarif_formatter.py +0 -0
  176. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/integrations/sbom_generator.py +0 -0
  177. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/metadata_extractor.py +0 -0
  178. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/models.py +0 -0
  179. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/progress/__init__.py +0 -0
  180. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/progress/base.py +0 -0
  181. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/progress/console.py +0 -0
  182. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/progress/file.py +0 -0
  183. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/progress/hooks.py +0 -0
  184. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/progress/multi_phase.py +0 -0
  185. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/LICENSE +0 -0
  186. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/NOTICE +0 -0
  187. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/__init__.py +0 -0
  188. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/py.typed +0 -0
  189. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/__init__.py +0 -0
  190. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/__init__.py +0 -0
  191. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/framework/__init__.py +0 -0
  192. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/framework/allocation_description_pb2.py +0 -0
  193. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/framework/api_def_pb2.py +0 -0
  194. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/framework/attr_value_pb2.py +0 -0
  195. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/framework/cost_graph_pb2.py +0 -0
  196. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/framework/cpp_shape_inference_pb2.py +0 -0
  197. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/framework/dataset_metadata_pb2.py +0 -0
  198. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/framework/dataset_options_pb2.py +0 -0
  199. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/framework/dataset_pb2.py +0 -0
  200. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/framework/device_attributes_pb2.py +0 -0
  201. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/framework/full_type_pb2.py +0 -0
  202. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/framework/function_pb2.py +0 -0
  203. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/framework/graph_debug_info_pb2.py +0 -0
  204. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/framework/graph_pb2.py +0 -0
  205. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/framework/graph_transfer_info_pb2.py +0 -0
  206. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/framework/kernel_def_pb2.py +0 -0
  207. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/framework/log_memory_pb2.py +0 -0
  208. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/framework/model_pb2.py +0 -0
  209. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/framework/node_def_pb2.py +0 -0
  210. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/framework/op_def_pb2.py +0 -0
  211. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/framework/optimized_function_graph_pb2.py +0 -0
  212. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/framework/reader_base_pb2.py +0 -0
  213. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/framework/resource_handle_pb2.py +0 -0
  214. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/framework/step_stats_pb2.py +0 -0
  215. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/framework/tensor_description_pb2.py +0 -0
  216. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/framework/tensor_pb2.py +0 -0
  217. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/framework/tensor_shape_pb2.py +0 -0
  218. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/framework/tensor_slice_pb2.py +0 -0
  219. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/framework/types_pb2.py +0 -0
  220. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/framework/variable_pb2.py +0 -0
  221. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/framework/versions_pb2.py +0 -0
  222. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/protobuf/__init__.py +0 -0
  223. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/protobuf/cluster_pb2.py +0 -0
  224. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/protobuf/composite_tensor_variant_pb2.py +0 -0
  225. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/protobuf/control_flow_pb2.py +0 -0
  226. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/protobuf/core_platform_payloads_pb2.py +0 -0
  227. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/protobuf/critical_section_pb2.py +0 -0
  228. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/protobuf/data_service_pb2.py +0 -0
  229. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/protobuf/debug_event_pb2.py +0 -0
  230. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/protobuf/debug_pb2.py +0 -0
  231. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/protobuf/device_filters_pb2.py +0 -0
  232. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/protobuf/device_properties_pb2.py +0 -0
  233. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/protobuf/fingerprint_pb2.py +0 -0
  234. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/protobuf/meta_graph_pb2.py +0 -0
  235. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/protobuf/named_tensor_pb2.py +0 -0
  236. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/protobuf/remote_tensor_handle_pb2.py +0 -0
  237. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/protobuf/rewriter_config_pb2.py +0 -0
  238. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/protobuf/saved_model_pb2.py +0 -0
  239. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/protobuf/saved_object_graph_pb2.py +0 -0
  240. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/protobuf/saver_pb2.py +0 -0
  241. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/protobuf/service_config_pb2.py +0 -0
  242. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/protobuf/snapshot_pb2.py +0 -0
  243. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/protobuf/struct_pb2.py +0 -0
  244. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/protobuf/tensor_bundle_pb2.py +0 -0
  245. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/protobuf/trackable_object_graph_pb2.py +0 -0
  246. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/protobuf/transport_options_pb2.py +0 -0
  247. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/protos/tensorflow/core/protobuf/verifier_config_pb2.py +0 -0
  248. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/py.typed +0 -0
  249. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/rule_catalog.py +0 -0
  250. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/rules.py +0 -0
  251. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanner_results.py +0 -0
  252. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/__init__.py +0 -0
  253. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/_archive_config.py +0 -0
  254. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/_archive_locations.py +0 -0
  255. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/_string_extraction.py +0 -0
  256. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/archive_dispatch.py +0 -0
  257. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/archive_member_security.py +0 -0
  258. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/base.py +0 -0
  259. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/cntk_scanner.py +0 -0
  260. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/coreml_scanner.py +0 -0
  261. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/executorch_scanner.py +0 -0
  262. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/flax_msgpack_scanner.py +0 -0
  263. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/jax_checkpoint_scanner.py +0 -0
  264. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/joblib_scanner.py +0 -0
  265. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/keras_utils.py +0 -0
  266. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/lightgbm_scanner.py +0 -0
  267. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/llamafile_scanner.py +0 -0
  268. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/metadata_scanner.py +0 -0
  269. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/oci_layer_scanner.py +0 -0
  270. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/openvino_scanner.py +0 -0
  271. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/pickle_support/__init__.py +0 -0
  272. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/pickle_support/opcode_stream.py +0 -0
  273. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/pmml_scanner.py +0 -0
  274. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/pytorch_binary_scanner.py +0 -0
  275. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/pytorch_zip_scanner.py +0 -0
  276. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/pytorch_zip_support/__init__.py +0 -0
  277. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/pytorch_zip_support/archive_members.py +0 -0
  278. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/r_serialized_scanner.py +0 -0
  279. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/rknn_scanner.py +0 -0
  280. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/rule_mapper.py +0 -0
  281. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/skops_scanner.py +0 -0
  282. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/tensorrt_scanner.py +0 -0
  283. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/text_scanner.py +0 -0
  284. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/tf_metagraph_scanner.py +0 -0
  285. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/tf_savedmodel_scanner.py +0 -0
  286. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/torch7_scanner.py +0 -0
  287. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/torchserve_mar_scanner.py +0 -0
  288. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/weight_distribution_scanner.py +0 -0
  289. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/xgboost_scanner.py +0 -0
  290. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/telemetry.py +0 -0
  291. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/utils/__init__.py +0 -0
  292. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/utils/_path_hardening.py +0 -0
  293. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/utils/auto_defaults.py +0 -0
  294. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/utils/file/__init__.py +0 -0
  295. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/utils/file/_compression.py +0 -0
  296. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/utils/file/filtering.py +0 -0
  297. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/utils/file/large_file_handler.py +0 -0
  298. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/utils/helpers/__init__.py +0 -0
  299. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/utils/helpers/assets.py +0 -0
  300. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/utils/helpers/auto_defaults.py +0 -0
  301. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/utils/helpers/cache_decorator.py +0 -0
  302. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/utils/helpers/code_validation.py +0 -0
  303. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/utils/helpers/disk_space.py +0 -0
  304. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/utils/helpers/file_hash.py +0 -0
  305. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/utils/helpers/file_iterator.py +0 -0
  306. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/utils/helpers/interrupt_handler.py +0 -0
  307. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/utils/helpers/ml_context.py +0 -0
  308. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/utils/helpers/result_conversion.py +0 -0
  309. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/utils/helpers/retry.py +0 -0
  310. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/utils/helpers/secure_hasher.py +0 -0
  311. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/utils/helpers/types.py +0 -0
  312. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/utils/lfs.py +0 -0
  313. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/utils/model_extensions.py +0 -0
  314. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/utils/sources/__init__.py +0 -0
  315. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/utils/sources/_huggingface_cache.py +0 -0
  316. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/utils/sources/cloud_storage.py +0 -0
  317. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/utils/sources/dvc.py +0 -0
  318. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/utils/sources/huggingface.py +0 -0
  319. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/utils/sources/huggingface_paths.py +0 -0
  320. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/utils/sources/jfrog.py +0 -0
  321. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/utils/sources/pytorch_hub.py +0 -0
  322. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/utils/tensorflow_compat.py +0 -0
  323. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/version.py +0 -0
  324. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/whitelists/__init__.py +0 -0
  325. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/whitelists/huggingface_organizations.py +0 -0
  326. {modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/whitelists/huggingface_popular.py +0 -0
  327. {modelaudit-0.2.34 → modelaudit-0.2.35}/package-lock.json +0 -0
  328. {modelaudit-0.2.34 → modelaudit-0.2.35}/package.json +0 -0
  329. {modelaudit-0.2.34 → modelaudit-0.2.35}/packages/modelaudit-picklescan/pyproject.toml +0 -0
  330. {modelaudit-0.2.34 → modelaudit-0.2.35}/packages/modelaudit-picklescan/src/modelaudit_picklescan/__init__.py +0 -0
  331. {modelaudit-0.2.34 → modelaudit-0.2.35}/packages/modelaudit-picklescan/src/modelaudit_picklescan/api.py +0 -0
  332. {modelaudit-0.2.34 → modelaudit-0.2.35}/packages/modelaudit-picklescan/src/modelaudit_picklescan/engine/__init__.py +0 -0
  333. {modelaudit-0.2.34 → modelaudit-0.2.35}/packages/modelaudit-picklescan/src/modelaudit_picklescan/py.typed +0 -0
  334. {modelaudit-0.2.34 → modelaudit-0.2.35}/packages/modelaudit-picklescan/tests/conftest.py +0 -0
  335. {modelaudit-0.2.34 → modelaudit-0.2.35}/packages/modelaudit-picklescan/tests/test_import_boundary.py +0 -0
  336. {modelaudit-0.2.34 → modelaudit-0.2.35}/packages/modelaudit-picklescan/uv.lock +0 -0
  337. {modelaudit-0.2.34 → modelaudit-0.2.35}/pyproject.toml.example +0 -0
  338. {modelaudit-0.2.34 → modelaudit-0.2.35}/release-please-config.json +0 -0
  339. {modelaudit-0.2.34 → modelaudit-0.2.35}/renovate.json +0 -0
  340. {modelaudit-0.2.34 → modelaudit-0.2.35}/scripts/benchmark_report.py +0 -0
  341. {modelaudit-0.2.34 → modelaudit-0.2.35}/scripts/check_circular_imports.py +0 -0
  342. {modelaudit-0.2.34 → modelaudit-0.2.35}/scripts/compare_pickle_scanners_fixture_labels.json +0 -0
  343. {modelaudit-0.2.34 → modelaudit-0.2.35}/scripts/compile_tensorflow_protos.sh +0 -0
  344. {modelaudit-0.2.34 → modelaudit-0.2.35}/scripts/fetch_hf_org_models.py +0 -0
  345. {modelaudit-0.2.34 → modelaudit-0.2.35}/scripts/fetch_hf_top_models.py +0 -0
  346. {modelaudit-0.2.34 → modelaudit-0.2.35}/scripts/generate_keras_layer_inventory.py +0 -0
  347. {modelaudit-0.2.34 → modelaudit-0.2.35}/scripts/jax_flax_scanning_demo.py +0 -0
  348. {modelaudit-0.2.34 → modelaudit-0.2.35}/scripts/minimal_circular_check.py +0 -0
  349. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/__init__.py +0 -0
  350. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/analysis/test_analysis_modules.py +0 -0
  351. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/analysis/test_anomaly_detector.py +0 -0
  352. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/analysis/test_enhanced_pattern_detector.py +0 -0
  353. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/analysis/test_entropy_analyzer.py +0 -0
  354. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/analysis/test_framework_patterns.py +0 -0
  355. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/analysis/test_ml_context_analyzer.py +0 -0
  356. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/analysis/test_opcode_sequence_analyzer.py +0 -0
  357. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/analysis/test_unified_context.py +0 -0
  358. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/exploits/exploit1_basic_torch_bypass.pkl +0 -0
  359. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/exploits/exploit2_advanced_torch_bypass.pkl +0 -0
  360. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/exploits/exploit3_sophisticated_hybrid.pkl +0 -0
  361. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/exploits/exploit4_supply_chain_attack.pkl +0 -0
  362. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/exploits/exploit5_ultra_high_confidence.pkl +0 -0
  363. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/exploits/exploit6_ordereddict_bypass.pkl +0 -0
  364. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/exploits/exploit7_nested_collections.pkl +0 -0
  365. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/exploits/exploit9_manual_construction.pkl +0 -0
  366. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/exploits/exploit_ultimate_50pct.pkl +0 -0
  367. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/generators/generate_7z_test_assets.py +0 -0
  368. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/generators/generate_advanced_pickle_tests.py +0 -0
  369. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/generators/generate_evil_pickle.py +0 -0
  370. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/generators/generate_jinja2_test_assets.py +0 -0
  371. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/generators/generate_nested_pickle_assets.py +0 -0
  372. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/generators/generate_os_alias_tests.py +0 -0
  373. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/generators/generate_safe_nested_assets.py +0 -0
  374. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/generators/generate_safetensors_assets.py +0 -0
  375. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/generators/generate_security_assets.py +0 -0
  376. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/pickles/bypass_pocs/gen_bypass_v4.py +0 -0
  377. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/pickles/memo_attack.pkl +0 -0
  378. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/pickles/multiple_stream_attack.pkl +0 -0
  379. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/pickles/nt_alias_attack.pkl +0 -0
  380. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/pickles/posix_alias_attack.pkl +0 -0
  381. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/pickles/stack_global_attack.pkl +0 -0
  382. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/archives/path_traversal.zip +0 -0
  383. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/archives/safe_model.zip +0 -0
  384. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/benign/chatml_format.json +0 -0
  385. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/benign/complex_legitimate.json +0 -0
  386. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/benign/conditional_system.json +0 -0
  387. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/benign/huggingface_llama.json +0 -0
  388. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/benign/simple_roles.json +0 -0
  389. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/benign/special_tokens.json +0 -0
  390. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/benign_conditional_format.json +0 -0
  391. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/benign_huggingface_chat.json +0 -0
  392. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/benign_simple_template.json +0 -0
  393. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/benign_template.j2 +0 -0
  394. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/edge_cases/empty_template.json +0 -0
  395. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/edge_cases/malformed_template.json +0 -0
  396. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/edge_cases/multiple_templates.json +0 -0
  397. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/edge_cases/no_template.json +0 -0
  398. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/edge_cases/oversized_template.json +0 -0
  399. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/malicious/attr_bypass.json +0 -0
  400. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/malicious/combined_attack.json +0 -0
  401. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/malicious/config_exploit.json +0 -0
  402. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/malicious/cve_2024_34359_original.json +0 -0
  403. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/malicious/direct_eval.json +0 -0
  404. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/malicious/env_extraction.json +0 -0
  405. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/malicious/file_access.json +0 -0
  406. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/malicious/hex_bypass.json +0 -0
  407. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/malicious/loop_discovery.json +0 -0
  408. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/malicious/network_exfil.json +0 -0
  409. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/malicious/request_exploit.json +0 -0
  410. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/malicious/subprocess_injection.json +0 -0
  411. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/malicious_cve_2024_34359.json +0 -0
  412. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/malicious_env_vars.json +0 -0
  413. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/malicious_file_read.json +0 -0
  414. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/malicious_loop_exploit.json +0 -0
  415. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/malicious_obfuscated.json +0 -0
  416. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/malicious_subprocess.template +0 -0
  417. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/obfuscated/base64_payload.json +0 -0
  418. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/obfuscated/char_construction.json +0 -0
  419. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/obfuscated/format_bypass.json +0 -0
  420. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/obfuscated/getattr_bypass.json +0 -0
  421. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/standalone/benign_chat.j2 +0 -0
  422. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/standalone/malicious_standalone.jinja +0 -0
  423. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/standalone/suspicious_benign.template +0 -0
  424. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/tokenizer_config.json +0 -0
  425. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/yaml/malicious_config.yaml +0 -0
  426. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/jinja2/yaml/model_config.yaml +0 -0
  427. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/keras/basic_lambda_layer.h5 +0 -0
  428. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/keras/custom_layer_attack.h5 +0 -0
  429. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/keras/keras_zip_format.keras +0 -0
  430. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/keras/lambda_exfiltration.h5 +0 -0
  431. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/keras/lambda_with_imports.h5 +0 -0
  432. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/keras/loss_injection.h5 +0 -0
  433. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/keras/malicious_lambda.h5 +0 -0
  434. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/keras/metric_injection.h5 +0 -0
  435. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/keras/safe_model.h5 +0 -0
  436. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/manifests/safe_config.json +0 -0
  437. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/manifests/suspicious_config.json +0 -0
  438. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/pickles/decode_exec_chain.pkl +0 -0
  439. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/pickles/dill_func.pkl +0 -0
  440. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/pickles/malicious_model_realistic.pkl +0 -0
  441. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/pickles/malicious_system_call.pkl +0 -0
  442. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/pickles/nested_pickle_base64.pkl +0 -0
  443. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/pickles/nested_pickle_hex.pkl +0 -0
  444. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/pickles/nested_pickle_multistage.pkl +0 -0
  445. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/pickles/nested_pickle_raw.pkl +0 -0
  446. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/pickles/safe_data.pkl +0 -0
  447. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/pickles/safe_large_model.pkl +0 -0
  448. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/pickles/safe_model_with_binary.pkl +0 -0
  449. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/pickles/safe_model_with_encoding.pkl +0 -0
  450. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/pickles/safe_model_with_tokens.pkl +0 -0
  451. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/pickles/safe_nested_structure.pkl +0 -0
  452. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/pickles/simple_nested.pkl +0 -0
  453. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/pipeline.skops +0 -0
  454. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/pytorch/malicious_eval.pt +0 -0
  455. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/pytorch/safe_model.pt +0 -0
  456. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/safetensors/malicious_import.safetensors +0 -0
  457. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/safetensors/multiple_patterns.safetensors +0 -0
  458. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/safetensors/obfuscated_metadata.safetensors +0 -0
  459. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/safetensors/safe_model.safetensors +0 -0
  460. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/safetensors/script_injection.safetensors +0 -0
  461. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/safetensors/shell_commands.safetensors +0 -0
  462. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/safetensors/suspicious_url.safetensors +0 -0
  463. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/tensorflow/malicious_pyfunc/saved_model.pb +0 -0
  464. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/samples/tensorflow/safe_savedmodel/saved_model.pb +0 -0
  465. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/scenarios/license_scenarios/agpl_component/agpl_model.pkl +0 -0
  466. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/scenarios/license_scenarios/agpl_component/neural_network.py +0 -0
  467. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/scenarios/license_scenarios/mit_model/config.json +0 -0
  468. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/scenarios/license_scenarios/mit_model/model.py +0 -0
  469. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/scenarios/license_scenarios/mit_model/model_weights.pkl +0 -0
  470. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/scenarios/license_scenarios/mixed_licenses/LICENSE +0 -0
  471. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/scenarios/license_scenarios/mixed_licenses/apache_component.py +0 -0
  472. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/scenarios/license_scenarios/mixed_licenses/dataset_cc_nc.json +0 -0
  473. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/scenarios/license_scenarios/mixed_licenses/gpl_utility.py +0 -0
  474. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/scenarios/license_scenarios/mixed_licenses/mixed_model.pkl +0 -0
  475. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/scenarios/license_scenarios/unlicensed_dataset/embeddings.npy +0 -0
  476. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/scenarios/license_scenarios/unlicensed_dataset/features.csv +0 -0
  477. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/scenarios/license_scenarios/unlicensed_dataset/training_data.json +0 -0
  478. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/scenarios/security_scenarios/mixed_malicious_model/config.json +0 -0
  479. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/assets/scenarios/security_scenarios/mixed_malicious_model/model.pkl +0 -0
  480. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/benchmarks/test_scan_benchmarks.py +0 -0
  481. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/cache/__init__.py +0 -0
  482. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/cache/test_optimized_config.py +0 -0
  483. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/cli_output.py +0 -0
  484. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/config/__init__.py +0 -0
  485. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/config/test_name_blacklist.py +0 -0
  486. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/demo_license_functionality.py +0 -0
  487. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/detectors/test_builtin_detection.py +0 -0
  488. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/detectors/test_compile_eval_variants.py +0 -0
  489. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/detectors/test_cve_detection.py +0 -0
  490. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/detectors/test_jit_script_detector.py +0 -0
  491. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/detectors/test_network_comm_detector.py +0 -0
  492. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/detectors/test_runpy_detection.py +0 -0
  493. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/detectors/test_secrets_detector.py +0 -0
  494. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/detectors/test_suspicious_symbols.py +0 -0
  495. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/helpers/__init__.py +0 -0
  496. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/helpers/file_creators.py +0 -0
  497. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/helpers/frameworks.py +0 -0
  498. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/integrations/test_jfrog.py +0 -0
  499. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/integrations/test_jfrog_integration.py +0 -0
  500. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/integrations/test_license_checker.py +0 -0
  501. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/integrations/test_license_integration.py +0 -0
  502. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/integrations/test_mlflow_integration.py +0 -0
  503. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/integrations/test_sarif_formatter.py +0 -0
  504. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/integrations/test_sbom_license_integration.py +0 -0
  505. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/integrations/test_sbom_url_fixes.py +0 -0
  506. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/progress/__init__.py +0 -0
  507. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/progress/test_base.py +0 -0
  508. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_base_scanner.py +0 -0
  509. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_cntk_scanner.py +0 -0
  510. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_coreml_scanner.py +0 -0
  511. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_executorch_scanner.py +0 -0
  512. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_flax_msgpack_scanner.py +0 -0
  513. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_jax_checkpoint_scanner.py +0 -0
  514. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_joblib_scanner.py +0 -0
  515. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_joblib_scanner_codecs.py +0 -0
  516. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_lightgbm_scanner.py +0 -0
  517. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_llamafile_scanner.py +0 -0
  518. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_metadata_scanner.py +0 -0
  519. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_oci_layer_scanner.py +0 -0
  520. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_onnx_dependency_handling.py +0 -0
  521. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_openvino_scanner.py +0 -0
  522. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_pmml_scanner.py +0 -0
  523. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_pytorch_binary_scanner.py +0 -0
  524. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_pytorch_zip_scanner.py +0 -0
  525. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_r_serialized_scanner.py +0 -0
  526. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_rknn_scanner.py +0 -0
  527. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_rule_code_registry_consistency.py +0 -0
  528. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_rule_mapper.py +0 -0
  529. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_scanner_registry.py +0 -0
  530. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_skops_content_analysis.py +0 -0
  531. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_skops_scanner.py +0 -0
  532. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_tf_metagraph_scanner.py +0 -0
  533. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_tf_savedmodel_scanner.py +0 -0
  534. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_torch7_scanner.py +0 -0
  535. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_torchserve_mar_scanner.py +0 -0
  536. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_weight_distribution_scanner.py +0 -0
  537. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/scanners/test_xgboost_scanner.py +0 -0
  538. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_asset_inventory_integration.py +0 -0
  539. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_asset_list.py +0 -0
  540. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_auth_config.py +0 -0
  541. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_basic.py +0 -0
  542. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_benchmark_report.py +0 -0
  543. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_bug1_confidence_exploit.py +0 -0
  544. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_cache_cli.py +0 -0
  545. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_cache_optimizations.py +0 -0
  546. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_checks_recording.py +0 -0
  547. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_cli.py +0 -0
  548. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_cli_cache_dir.py +0 -0
  549. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_cli_default_command.py +0 -0
  550. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_cli_file_filtering.py +0 -0
  551. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_cli_license_integration.py +0 -0
  552. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_cli_logging_handlers.py +0 -0
  553. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_cli_output.py +0 -0
  554. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_cloud_url_detection.py +0 -0
  555. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_core_asset_extraction.py +0 -0
  556. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_cve_2025_10155_bin_pickle.py +0 -0
  557. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_debug_command.py +0 -0
  558. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_dill_joblib_enhanced.py +0 -0
  559. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_directory_file_filtering.py +0 -0
  560. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_double_interrupt.py +0 -0
  561. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_exit_codes.py +0 -0
  562. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_false_positive_fixes.py +0 -0
  563. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_file_hash.py +0 -0
  564. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_gguf_sbom_integration.py +0 -0
  565. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_graceful_degradation.py +0 -0
  566. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_header_discrepancy.py +0 -0
  567. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_huggingface_extensions.py +0 -0
  568. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_huggingface_symlinks.py +0 -0
  569. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_importlib_detection.py +0 -0
  570. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_integration.py +0 -0
  571. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_jax_flax_integration.py +0 -0
  572. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_jit_script_integration.py +0 -0
  573. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_lazy_loading.py +0 -0
  574. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_lazy_loading_integration.py +0 -0
  575. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_manifest_name_policy.py +0 -0
  576. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_metadata_extractor.py +0 -0
  577. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_models.py +0 -0
  578. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_nested_pickle_integration.py +0 -0
  579. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_network_comm_integration.py +0 -0
  580. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_os_alias_detection.py +0 -0
  581. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_os_subprocess_detection.py +0 -0
  582. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_path_traversal.py +0 -0
  583. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_performance_benchmarks.py +0 -0
  584. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_pickle_context_filtering.py +0 -0
  585. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_progress.py +0 -0
  586. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_pydantic_models.py +0 -0
  587. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_python_version_warning.py +0 -0
  588. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_pytorch_zip_detection.py +0 -0
  589. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_real_world_dill_joblib.py +0 -0
  590. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_regression_corpus.py +0 -0
  591. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_regular_scan_hash.py +0 -0
  592. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_rules.py +0 -0
  593. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_safetensors_optimization.py +0 -0
  594. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_secure_hasher.py +0 -0
  595. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_security_asset_integration.py +0 -0
  596. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_security_enhancements.py +0 -0
  597. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_shebang_context.py +0 -0
  598. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_simple_jinja2.py +0 -0
  599. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_sklearn_joblib_false_positive.py +0 -0
  600. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_telemetry.py +0 -0
  601. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_telemetry_decoupling.py +0 -0
  602. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_tensorflow_lambda_detection.py +0 -0
  603. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_timeout_configuration.py +0 -0
  604. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_utils.py +0 -0
  605. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_weak_hash_detection.py +0 -0
  606. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_webbrowser_detection.py +0 -0
  607. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_why_explanations.py +0 -0
  608. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/test_xdist_status.py +0 -0
  609. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/utils/__init__.py +0 -0
  610. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/utils/file/__init__.py +0 -0
  611. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/utils/file/test_advanced_size_limits.py +0 -0
  612. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/utils/file/test_file_filter.py +0 -0
  613. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/utils/file/test_file_type_validation_integration.py +0 -0
  614. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/utils/file/test_filetype.py +0 -0
  615. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/utils/file/test_integration_file_type_demo.py +0 -0
  616. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/utils/file/test_large_file_handler.py +0 -0
  617. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/utils/file/test_streaming_preview.py +0 -0
  618. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/utils/helpers/test_asset_from_scan_result.py +0 -0
  619. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/utils/helpers/test_auto_defaults.py +0 -0
  620. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/utils/helpers/test_code_validation.py +0 -0
  621. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/utils/helpers/test_disk_space.py +0 -0
  622. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/utils/helpers/test_file_iterator.py +0 -0
  623. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/utils/helpers/test_interrupt_handling.py +0 -0
  624. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/utils/helpers/test_ml_context_false_positives.py +0 -0
  625. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/utils/helpers/test_py_compile_improvements.py +0 -0
  626. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/utils/helpers/test_secure_hasher.py +0 -0
  627. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/utils/sources/test_cloud_storage.py +0 -0
  628. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/utils/sources/test_dvc_integration.py +0 -0
  629. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/utils/sources/test_huggingface.py +0 -0
  630. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/utils/sources/test_pytorch_hub.py +0 -0
  631. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/utils/test_lfs.py +0 -0
  632. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/utils/test_result_conversion.py +0 -0
  633. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/whitelists/__init__.py +0 -0
  634. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/whitelists/test_combined.py +0 -0
  635. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/whitelists/test_huggingface_popular.py +0 -0
  636. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/whitelists/test_organizations.py +0 -0
  637. {modelaudit-0.2.34 → modelaudit-0.2.35}/tests/xdist_status.py +0 -0
modelaudit-0.2.35/.release-please-manifest.json ADDED
@@ -0,0 +1,3 @@
1
+ {
2
+ ".": "0.2.35"
3
+ }
{modelaudit-0.2.34 → modelaudit-0.2.35}/CHANGELOG.md RENAMED
@@ -5,10 +5,52 @@ All notable changes to this project will be documented in this file.
5
5
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
6
6
  and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
7
7
 
8
+ ## [0.2.35](https://github.com/promptfoo/modelaudit/compare/v0.2.34...v0.2.35) (2026-04-11)
9
+
10
+ ### Bug Fixes
11
+
12
+ - clean up oversized zip entry temps ([#911](https://github.com/promptfoo/modelaudit/issues/911)) ([66b4871](https://github.com/promptfoo/modelaudit/commit/66b4871f49e367dea545f36af85c9cc75303d615))
13
+ - flag Paddle code patterns as warnings ([#925](https://github.com/promptfoo/modelaudit/issues/925)) ([32fa0b7](https://github.com/promptfoo/modelaudit/commit/32fa0b7551c13059515c464b0118851fa1fbe671))
14
+ - harden manifest parse boundaries ([#922](https://github.com/promptfoo/modelaudit/issues/922)) ([6f5b516](https://github.com/promptfoo/modelaudit/commit/6f5b516bec8492b2f062ba5ea10498c705d972ca))
15
+ - harden standalone pickle scanner ([#901](https://github.com/promptfoo/modelaudit/issues/901)) ([31f7dd3](https://github.com/promptfoo/modelaudit/commit/31f7dd38c6bd77631ccdca90438312c4db2ac857))
16
+ - mark corrupt NumPy object payloads inconclusive ([#912](https://github.com/promptfoo/modelaudit/issues/912)) ([ecba19d](https://github.com/promptfoo/modelaudit/commit/ecba19dc585d5bfbfbfbd687e81cd734a7b0103b))
17
+ - mark incomplete MXNet scans inconclusive ([#923](https://github.com/promptfoo/modelaudit/issues/923)) ([a928ed7](https://github.com/promptfoo/modelaudit/commit/a928ed723a220185c3c0ea4b046b8885c74e8f62))
18
+ - mark incomplete sharded scans inconclusive ([#909](https://github.com/promptfoo/modelaudit/issues/909)) ([510d0fb](https://github.com/promptfoo/modelaudit/commit/510d0fbe45ae9f1b7e213227ebb1210b15a35991))
19
+ - mark malformed GGUF scans inconclusive ([#914](https://github.com/promptfoo/modelaudit/issues/914)) ([9b3e216](https://github.com/promptfoo/modelaudit/commit/9b3e21607309b846b15f809af6fd1bef31268b6a))
20
+ - mark malformed Keras H5 configs inconclusive ([#917](https://github.com/promptfoo/modelaudit/issues/917)) ([23671c3](https://github.com/promptfoo/modelaudit/commit/23671c38796293978b0538eb4c7ce30c8cfa5160))
21
+ - mark malformed Keras ZIP configs inconclusive ([#918](https://github.com/promptfoo/modelaudit/issues/918)) ([d4ad8d8](https://github.com/promptfoo/modelaudit/commit/d4ad8d8717c4f1ca647b292035f68bbf570d9904))
22
+ - mark malformed SafeTensors scans inconclusive ([#913](https://github.com/promptfoo/modelaudit/issues/913)) ([43913d6](https://github.com/promptfoo/modelaudit/commit/43913d65c5eb89014d1bb137768f89e93b8d0d41))
23
+ - mark malformed tflite scans inconclusive ([#916](https://github.com/promptfoo/modelaudit/issues/916)) ([07c871a](https://github.com/promptfoo/modelaudit/commit/07c871a8d19e9181bdcd568fffa9a165883585de))
24
+ - mark partial archive scans inconclusive ([#907](https://github.com/promptfoo/modelaudit/issues/907)) ([c8eb918](https://github.com/promptfoo/modelaudit/commit/c8eb918b8d0a717460be93097cfc1cf0a47e6689))
25
+ - mark partial streaming scans inconclusive ([#908](https://github.com/promptfoo/modelaudit/issues/908)) ([3d47a10](https://github.com/promptfoo/modelaudit/commit/3d47a1055d09c20995c21ebe75a50a2c3d1105f0))
26
+ - mark unknown ONNX tensor dtypes inconclusive ([#915](https://github.com/promptfoo/modelaudit/issues/915)) ([35661b6](https://github.com/promptfoo/modelaudit/commit/35661b6ac166f38f7642ac9a3ea89b6cea538928))
27
+ - preserve picklescan stack state ([#910](https://github.com/promptfoo/modelaudit/issues/910)) ([fabac5c](https://github.com/promptfoo/modelaudit/commit/fabac5c9ead49c2ed5f8357dfa53ccdcce946527))
28
+ - recover malformed Jinja template configs ([#920](https://github.com/promptfoo/modelaudit/issues/920)) ([d619c8f](https://github.com/promptfoo/modelaudit/commit/d619c8f185040c7b3c772a4b94631edddde9d8a8))
29
+ - route corrupt catboost scans fail closed ([#924](https://github.com/promptfoo/modelaudit/issues/924)) ([052bb5f](https://github.com/promptfoo/modelaudit/commit/052bb5f4e6dbc5e48a3fe5d134e0ec8d9605e292))
30
+ - traverse nemo yaml list configs ([#919](https://github.com/promptfoo/modelaudit/issues/919)) ([0d8d4fd](https://github.com/promptfoo/modelaudit/commit/0d8d4fd4dc2ef774db093fb9e7daf27c32b5a0a8))
31
+ - **zip:** fail closed on MAR handler parse errors ([#896](https://github.com/promptfoo/modelaudit/issues/896)) ([a06a620](https://github.com/promptfoo/modelaudit/commit/a06a620f011d120072b1e8619e543a7306d5a4fc))
32
+
33
+ ### Documentation
34
+
35
+ - add repo correctness audit ledger ([#921](https://github.com/promptfoo/modelaudit/issues/921)) ([06be0b6](https://github.com/promptfoo/modelaudit/commit/06be0b6eaeb53f5f238612a386665c45f3c27dc2))
36
+
8
37
  ## [0.2.34](https://github.com/promptfoo/modelaudit/compare/v0.2.33...v0.2.34) (2026-04-10)
9
38
 
10
39
  ### Bug Fixes
11
40
 
41
+ - flag Paddle code patterns as warnings instead of failing benign scans
42
+ - route corrupt CatBoost scans to fail closed outcomes
43
+ - mark incomplete MXNet scans inconclusive instead of clean
44
+ - harden manifest parse boundaries around malformed metadata
45
+ - recover malformed Jinja template configs as inconclusive scan outcomes
46
+ - traverse NeMo YAML list configs when checking suspicious targets
47
+ - mark malformed Keras ZIP configs inconclusive instead of clean
48
+ - mark malformed Keras H5 scans inconclusive instead of clean
49
+ - mark malformed TFLite scans inconclusive instead of clean
50
+ - mark malformed GGUF scans inconclusive instead of clean
51
+ - mark malformed SafeTensors scans inconclusive instead of clean
52
+ - preserve picklescan stack state across reused scanner runs
53
+ - mark partial streaming scans inconclusive when large-file streaming coverage is incomplete
12
54
  - harden native code detection in model scanners ([#897](https://github.com/promptfoo/modelaudit/issues/897)) ([f4f661a](https://github.com/promptfoo/modelaudit/commit/f4f661a09be0032e15aa8895864413e3878233f8))
13
55
 
14
56
  ## [0.2.33](https://github.com/promptfoo/modelaudit/compare/v0.2.32...v0.2.33) (2026-04-09)
@@ -41,17 +83,23 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
41
83
 
42
84
  ### Bug Fixes
43
85
 
86
+ - mark trailing bytes after NumPy object-array pickle payloads inconclusive without escalating to security findings
44
87
  - avoid CoreML nested parse failures on bounded-read truncation
88
+ - mark incomplete sharded-model scans as inconclusive, ignore shard-name prefix matches, and skip caching explicit incomplete outcomes
45
89
  - flag TensorFlow `LoadLibrary` and `LoadLibraryV2` graph ops as dangerous native-library loading
46
90
  - detect split CNTK native-user-function and native-library references
47
91
  - detect Linux/macOS native-library members in Keras archives and uppercase native-library members in PyTorch ZIPs
48
92
  - detect embedded Windows DLL/PE, Linux ELF shared-object, and TensorRT plugin entry-point markers in TensorRT engines
49
93
  - detect punctuation-delimited TensorRT `/tmp` plugin paths
94
+ - clean up temporary ZIP entry files when extraction fails on entry size limits
50
95
  - preserve HuggingFace cache provenance for symlinked custom cache roots
96
+ - mark ONNX tensor dtype validation failures inconclusive instead of allowing clean scans
51
97
  - ignore remote OCI `layers[].urls` entries during local layer discovery
52
98
  - fail closed on unterminated OpenVINO DOCTYPE declarations
53
99
  - avoid PMML `<Extension>` false positives for benign `subprocess` prose while preserving `subprocess.getoutput()`, `subprocess.getstatusoutput()`, and `importlib.import_module("subprocess")` detections
100
+ - mark incomplete ZIP, TAR, and 7z archive traversals as inconclusive in scan metadata
54
101
  - route helper-level ZIP-backed `.ckpt`/`.pkl` checkpoints through archive scanners
102
+ - harden standalone pickle scanner dangerous global coverage, nested payload bounds, incomplete-scan reporting, and standalone-primary migration behavior
55
103
 
56
104
  ## [0.2.31](https://github.com/promptfoo/modelaudit/compare/v0.2.30...v0.2.31) (2026-04-04)
57
105
 
{modelaudit-0.2.34 → modelaudit-0.2.35}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: modelaudit
3
- Version: 0.2.34
3
+ Version: 0.2.35
4
4
  Summary: Static scanning library for detecting malicious code, backdoors, and other security risks in ML model files
5
5
  Project-URL: Repository, https://github.com/promptfoo/modelaudit
6
6
  Project-URL: Homepage, https://github.com/promptfoo/modelaudit
{modelaudit-0.2.34 → modelaudit-0.2.35}/docs/agents/picklescan-package-split.md RENAMED
@@ -36,6 +36,10 @@ modelaudit/
36
36
  - `modelaudit` owns file routing, archive/container orchestration, CLI, cache,
37
37
  telemetry, SARIF/export integrations, and `PickleReport -> ScanResult`
38
38
  adaptation.
39
+ - During the migration period, `modelaudit.scanners.pickle_scanner.PickleScanner`
40
+ still merges legacy-only checks after the standalone pass. Keep this fallback
41
+ until the parity harness shows that standalone verdict, status, and required
42
+ rule coverage are sufficient for the root scanner to depend on it alone.
39
43
  - Wrapper scanners in `modelaudit` pass embedded pickle streams into
40
44
  `modelaudit-picklescan`; archive parsing stays in `modelaudit`.
41
45
  - The root `modelaudit` wheel bundles `modelaudit_picklescan` as a second import
@@ -56,6 +60,9 @@ scanner = PickleScanner(options=ScanOptions(timeout_s=30.0, max_opcodes=1_000_00
56
60
  report = scanner.scan_stream(stream, source="archive.pt:data.pkl", size=pickle_size)
57
61
  ```
58
62
 
63
+ Resource controls include opcode and wall-clock limits, post-budget tail bytes,
64
+ string-literal scan characters, nested-pickle bytes, and nested scan depth.
65
+
59
66
  Report semantics keep these concepts separate:
60
67
 
61
68
  - `status`: scan completeness (`complete`, `inconclusive`, `error`)
@@ -63,12 +70,17 @@ Report semantics keep these concepts separate:
63
70
  - `findings`: `WARNING`/`CRITICAL` security findings only
64
71
  - `notices`: `DEBUG`/`INFO` coverage or explainability notes
65
72
  - `errors`: operational failures
73
+ - report mappings are read-only after construction; call `to_dict()` for mutable
74
+ serialized data
66
75
 
67
76
  ## Current Integration
68
77
 
69
- - `modelaudit.scanners.pickle_scanner.PickleScanner` scans through the
70
- standalone package first, adapts the `PickleReport` into a `ScanResult`, and
71
- merges in any legacy-only checks that are still needed for compatibility.
78
+ - `modelaudit.scanners.pickle_scanner.PickleScanner` scans through both engines.
79
+ The default root result is still legacy-primary for compatibility while the
80
+ migration is in progress. Set `use_standalone_pickle_primary=True` in scanner
81
+ config to exercise the intended standalone-primary merge path, where the
82
+ adapted `PickleReport` owns the result and legacy-only checks are merged as
83
+ compatibility evidence.
72
84
  - Embedded-pickle wrapper scanners (`pytorch_zip`, `joblib`, `numpy`, and
73
85
  `executorch`) call the public `scan_stream(..., source=...)` API and preserve
74
86
  archive-member context in result locations/details.
modelaudit-0.2.35/docs/agents/repo-correctness-audit.md ADDED
@@ -0,0 +1,209 @@
1
+ # ModelAudit Correctness Audit Ledger
2
+
3
+ Status: active
4
+ Owner: agent-maintained
5
+ Started: 2026-04-10
6
+
7
+ This file is the running plan, evidence log, and findings ledger for a repo-wide
8
+ correctness audit. It is intentionally conservative: a finite audit cannot prove
9
+ that every future input is safe or that the code is "perfect." The practical goal
10
+ is stronger than ad hoc review: define explicit proof obligations, record which
11
+ ones have evidence, and turn every concrete gap into a small PR with regression
12
+ tests.
13
+
14
+ ## Correctness Standard
15
+
16
+ A component is not considered proven until it has evidence for all relevant
17
+ obligations below.
18
+
19
+ 1. Routing correctness
20
+ - Content/structure wins over suffix-only routing where feasible.
21
+ - Spoofed extensions and nested archive members route to the intended scanner.
22
+ - Benign near-matches stay clean.
23
+ - Malicious positives hit the security scanner that owns the format.
24
+
25
+ 2. Parser and structure boundaries
26
+ - Malformed input does not crash.
27
+ - Malformed or unsupported structure is not reported as clean when coverage is
28
+ incomplete.
29
+ - If scanning cannot cover the intended security surface, the result is
30
+ operationally explicit: `scan_outcome=inconclusive`, `success=False`, or an
31
+ operational error depending on the component contract.
32
+ - If a bounded raw fallback can safely recover security evidence, it runs
33
+ before returning inconclusive.
34
+
35
+ 3. Security precedence
36
+ - Warning/critical security findings keep exit code 1 even when the scan is
37
+ also inconclusive.
38
+ - Operational or coverage failures without security findings return exit code 2.
39
+ - INFO-only review notes do not create security failures.
40
+
41
+ 4. Bounded resource use
42
+ - Reads are size-limited for metadata, archive members, tensors, and embedded
43
+ payloads.
44
+ - Recursive archive scans have depth, file count, byte, and timeout budgets.
45
+ - Temporary extraction paths are sanitized, contained, and cleaned up.
46
+
47
+ 5. Cache and repeatability
48
+ - Cached results preserve `scan_outcome`, issue severity, scanner name, and
49
+ exit-code semantics.
50
+ - Deterministic fixtures do not depend on host paths, global temp names, or
51
+ installed heavyweight frameworks unless explicitly gated.
52
+
53
+ 6. Optional dependency behavior
54
+ - Missing optional dependencies fail gracefully.
55
+ - A missing parser cannot silently turn security coverage into a clean pass.
56
+ - Tests cover at least one missing-dependency path for dependency-sensitive
57
+ scanners.
58
+
59
+ 7. Output and integration consistency
60
+ - CLI, JSON, SARIF, asset inventory, cache, and programmatic APIs agree on
61
+ success, issue severity, scanner name, and exit code.
62
+ - File metadata can round-trip through Pydantic models without dropping
63
+ safety-relevant fields.
64
+
65
+ ## Evidence Levels
66
+
67
+ - E0: Inventory only. No current audit evidence.
68
+ - E1: Existing test coverage observed, but proof obligations not fully checked.
69
+ - E2: Focused audit found no defect for the selected obligations.
70
+ - E3: Focused audit found a defect and a PR was opened with regression tests.
71
+ - E4: Full obligation suite implemented and passing for the component.
72
+
73
+ E4 is the target. Most components start below E4.
74
+
75
+ ## Audit Scope Map
76
+
77
+ ### Core and Cross-Cutting Layers
78
+
79
+ | Area | Files | Initial risks | Evidence |
80
+ | ------------------------- | ------------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------- | -------------------------------- |
81
+ | Core orchestration | `modelaudit/core.py`, `modelaudit/models.py`, `modelaudit/scanner_results.py` | exit-code precedence, scan metadata preservation, directory dedupe, cache and stream behavior | E1 |
82
+ | Scanner registry/routing | `modelaudit/scanners/__init__.py`, `modelaudit/scanner_registry_metadata.py`, `modelaudit/utils/file/detection.py` | suffix routing, header aliases, optional dependency fallback, lazy loading | E1 |
83
+ | CLI/output | `modelaudit/cli.py`, output helpers, SARIF/JFrog integrations | JSON/SARIF consistency, exit codes, partial scans | E0 |
84
+ | Cache | `modelaudit/cache/`, `modelaudit/utils/helpers/cache_decorator.py` | stale safety metadata, inconclusive persistence, config-sensitive keys | E1 |
85
+ | Archive recursion | `zip`, `tar`, `sevenzip`, `compressed`, `oci_layer`, `torchserve_mar` scanners | traversal, temp cleanup, nested routing, partial coverage | E3 through recent PRs |
86
+ | Standalone pickle package | `packages/modelaudit-picklescan/` | parity with adapter, opcode budgets, immutable results | E3 through recent PRs |
87
+ | Test infrastructure | `tests/conftest.py`, CI allowlists | regression tests skipped in reduced Python lanes | E3 for current allowlist updates |
88
+
89
+ ### Scanner Inventory
90
+
91
+ | Scanner | Primary files/formats | Current evidence | Next proof target |
92
+ | --------------------- | ---------------------------------------------------------- | ---------------- | --------------------------------------------------------------- |
93
+ | `pickle` | `.pkl`, `.pickle`, `.dill`, `.bin`, `.pt`, `.pth`, `.ckpt` | E3 | post-budget and malformed opcode corpus parity |
94
+ | `picklescan_adapter` | standalone picklescan bridge | E3 | adapter/cache equivalence for inconclusive reports |
95
+ | `pytorch_zip` | ZIP-backed PyTorch checkpoints | E3 | ZIP metadata parse boundaries and nested pickle cache semantics |
96
+ | `pytorch_binary` | raw `.bin` PyTorch-like blobs | E1 | bounded binary fallback and benign weight near-matches |
97
+ | `joblib` | `.joblib`, compressed/raw pickle wrappers | E3 | codec failure semantics and cache preservation |
98
+ | `jax_checkpoint` | JAX/Orbax/checkpoint pickles | E1 | index/metadata structure failures and nested pickle routing |
99
+ | `flax_msgpack` | `.msgpack`, `.flax`, `.orbax`, `.jax` | E1 | msgpack extension types, depth, and partial unpack coverage |
100
+ | `numpy` | `.npy`, `.npz` | E3 | object-array pickle failures and `.npz` member routing |
101
+ | `safetensors` | `.safetensors` | E3 | malformed header/schema and dtype consistency |
102
+ | `keras_h5` | HDF5 Keras models | E3, PR #917 | cache and aggregate semantics after malformed config fixes |
103
+ | `keras_zip` | `.keras` ZIP models | E3, PR #918 | metadata/weights alias ambiguity after malformed config fixes |
104
+ | `tf_savedmodel` | SavedModel dirs, `.pb` | E1 | protobuf parse budgets and function library edges |
105
+ | `tf_metagraph` | `.meta` | E1 | protobuf parse budgets and attr truncation semantics |
106
+ | `tflite` | `.tflite`, routed `.bin` | E3, PR #916 | flatbuffer table bounds and custom-op recovery |
107
+ | `onnx` | `.onnx` | E3, PR #915 | external data path policy and dtype coverage |
108
+ | `coreml` | `.mlmodel` | E3 | protobuf truncation, linked model paths, custom layer strings |
109
+ | `openvino` | `.xml` IR | E3 | XML parse failures, entity/DOCTYPE boundaries, companion `.bin` |
110
+ | `gguf` | `.gguf`, `.ggml`, related | E3, PR #914 | metadata value type matrix and tensor offset checks |
111
+ | `xgboost` | `.bst`, `.model`, `.json`, `.ubj` | E1 | JSON/UBJSON malformed root, subprocess isolation |
112
+ | `lightgbm` | `.model`, `.txt`, `.lgb`, `.lightgbm` | E1 | text parser bounds and native-library indicators |
113
+ | `catboost` | `.cbm` | E3, PR #924 | binary marker bounds and metadata strings |
114
+ | `mxnet` | `*-symbol.json`, `*-NNNN.params` | E3, PR #923 | graph reference traversal and metadata payload recovery |
115
+ | `nemo` | `.nemo` tar archives | E3, PR #919 | multi-config precedence and malformed member combinations |
116
+ | `jinja2_template` | tokenizer configs, YAML, templates, GGUF metadata | E3, PR #920 | cache preservation and GGUF metadata extraction failures |
117
+ | `skops` | `.skops` ZIP archives | E3 | JSON schema variations and duplicate member precedence |
118
+ | `torchserve_mar` | `.mar` archives | E3 | manifest schema roots and handler AST edge cases |
119
+ | `oci_layer` | OCI `.manifest` | E3 | manifest schema roots, local-vs-remote layer resolution |
120
+ | `zip` | generic ZIP/NPZ/MAR fallback | E3 | unsupported member failure semantics and cleanup |
121
+ | `tar` | tar families | E3 | unsupported member failure semantics and cleanup |
122
+ | `sevenzip` | `.7z` | E3 | nested routing parity with ZIP/TAR |
123
+ | `compressed` | `.gz`, `.bz2`, `.xz`, `.lz4`, `.zlib` | E3 | wrapper extension inference and temporary cleanup |
124
+ | `manifest` | model/config manifests | E3, PR #922 | JSON/YAML/TOML malformed roots and nested scanning |
125
+ | `metadata` | model cards/docs/text | E1 | secret/security pattern false positives and truncation |
126
+ | `text` | general text docs | E0 | duplicate responsibility with metadata/manifest |
127
+ | `pmml` | `.pmml` | E3 | XML parse boundaries and extension payload recovery |
128
+ | `paddle` | `.pdmodel`, `.pdiparams` | E3, PR #925 | protobuf/op descriptor parse failures |
129
+ | `cntk` | `.dnn`, `.cmf` | E3 | split reference tracking and malformed binary handling |
130
+ | `rknn` | `.rknn` | E1 | marker and string extraction bounds |
131
+ | `torch7` | `.t7`, `.th`, `.net` | E1 | legacy serialization parse failures |
132
+ | `r_serialized` | `.rds`, `.rda`, `.rdata` | E1 | format header variants and string extraction bounds |
133
+ | `executorch` | `.ptl`, `.pte` | E1 | archive/table parse failures and nested payloads |
134
+ | `tensorrt` | `.engine`, `.plan`, `.trt` | E3 | plugin marker matrix and binary truncation |
135
+ | `llamafile` | `.llamafile`, `.exe`, extensionless | E1 | executable header routing and model payload boundaries |
136
+ | `weight_distribution` | optional secondary analysis | E0 | optional dependency isolation and non-security failure behavior |
137
+
138
+ ## Current Findings and PR Ledger
139
+
140
+ Recent concrete fixes from this audit stream:
141
+
142
+ | PR | Component | Finding | Status |
143
+ | ---- | ----------------- | ---------------------------------------------------------------------------------------------------------------------------------- | -------------------- |
144
+ | #917 | Keras H5 | Malformed config/training config could be treated as clean or wrong security failure instead of inconclusive coverage | Open, review pending |
145
+ | #918 | Keras ZIP | Malformed `config.json` structures could scan clean or crash as the wrong failure type | Open, review pending |
146
+ | #919 | NeMo | Top-level YAML lists were not traversed for Hydra `_target_`; malformed/scalar configs looked like missing config | Open, review pending |
147
+ | #920 | Jinja2 template | Malformed tokenizer/YAML configs swallowed parse failures and returned "No templates found"; raw visible SSTI payloads were missed | Open, review pending |
148
+ | #922 | Manifest | `.config` INI manifests with section headers could skip structured parsing and lose URL/hash checks | Open, review pending |
149
+ | #923 | MXNet | Malformed symbol artifacts needed routing into fail-closed scanner outcomes instead of aggregate clean/unknown results | Open, review pending |
150
+ | #924 | CatBoost | Corrupt declared-section scans fail closed as inconclusive instead of returning incomplete coverage as clean | Open, review pending |
151
+ | #925 | Paddle | Suspicious Paddle code indicators are warnings, preserving signal without escalating review-only findings to errors | Open, review pending |
152
+ | #926 | Native code tests | Expanded native-code detection regression coverage and benign executable-suffix near-match negatives | Open, review pending |
153
+
154
+ Earlier open PRs from the same boundary-hardening campaign include #901 and
155
+ #907 through #916. All open PR entries remain provisional until CI and review
156
+ complete; treat them as evidence of audited findings, not landed behavior.
157
+
158
+ ## Audit Workflow
159
+
160
+ Each iteration should do the following:
161
+
162
+ 1. Sync from `main` and check open PR CI/review state.
163
+ 2. Pick one high-risk component from the inventory, preferring E0/E1 items and
164
+ parser/routing boundaries that can create clean false negatives.
165
+ 3. Reproduce a concrete failure before editing.
166
+ 4. Patch the narrow behavior with existing architecture patterns.
167
+ 5. Add typed, deterministic tests:
168
+ - malicious positive
169
+ - benign near-match negative
170
+ - malformed/unsupported structure
171
+ - aggregate exit-code semantics
172
+ - cache semantics when safety metadata is involved
173
+ 6. Run targeted tests, then the canonical validation gate from `AGENTS.md`.
174
+ 7. Update this ledger with the finding, evidence level, residual risk, and PR.
175
+ 8. Open or update a PR.
176
+
177
+ ## High-Risk Backlog
178
+
179
+ 1. `manifest_scanner`: structured config parser failures and unsupported roots.
180
+ Check JSON/YAML/TOML/INI parse behavior, nested list roots, and whether
181
+ malformed AIML manifests can return clean.
182
+ 2. `torchserve_mar_scanner`: manifest schema roots and parse errors. Verify that
183
+ handler AST findings and manifest failures preserve security precedence.
184
+ 3. `oci_layer_scanner`: manifest schema roots and local-vs-remote layer
185
+ resolution. Confirm remote URLs cannot be treated as local layers and local
186
+ malformed manifests fail closed.
187
+ 4. `mxnet_scanner`: symbol JSON schema and metadata payload traversal. Verify
188
+ list/dict roots, malformed JSON, and encoded payload recovery.
189
+ 5. `xgboost_scanner`: JSON/UBJSON parse failures and subprocess isolation.
190
+ Confirm malformed model configs cannot hide suspicious attributes.
191
+ 6. `tf_savedmodel` and `tf_metagraph`: protobuf parse budgets, attr truncation,
192
+ and function references.
193
+ 7. `llamafile`, `rknn`, `torch7`, `r_serialized`: binary string extraction
194
+ bounds and malformed file semantics.
195
+ 8. Cross-cutting cache tests for all inconclusive scanner families.
196
+ 9. SARIF/CLI/asset output consistency for inconclusive scans with and without
197
+ security findings.
198
+
199
+ ## Notes Log
200
+
201
+ ### 2026-04-10
202
+
203
+ - Established this repo-wide audit ledger and proof standard.
204
+ - Confirmed loop mode is enabled for continued audit iterations.
205
+ - Current strongest recurring defect class: structured parser failures or
206
+ unsupported root shapes collapsing into clean scans. Fixed examples exist in
207
+ Keras H5, Keras ZIP, NeMo, and Jinja2 template scanners.
208
+ - Next recommended target: `manifest_scanner`, because it owns many AIML config
209
+ filenames and parses several structured formats.
{modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/cache/cache_policy.py RENAMED
@@ -2,6 +2,8 @@
2
2
 
3
3
  from typing import Any
4
4
 
5
+ from modelaudit.scanner_results import INCONCLUSIVE_SCAN_OUTCOME
6
+
5
7
  _OPERATIONAL_ERROR_INDICATORS = (
6
8
  "error during scan",
7
9
  "error checking file size",
@@ -33,6 +35,14 @@ _OPERATIONAL_ERROR_INDICATORS = (
33
35
 
34
36
  def should_cache_scan_result(scan_result: dict[str, Any]) -> bool:
35
37
  """Return True when a scan result is stable enough to cache safely."""
38
+ metadata = scan_result.get("metadata")
39
+ if isinstance(metadata, dict) and (
40
+ bool(metadata.get("operational_error"))
41
+ or bool(metadata.get("analysis_incomplete"))
42
+ or metadata.get("scan_outcome") == INCONCLUSIVE_SCAN_OUTCOME
43
+ ):
44
+ return False
45
+
36
46
  for collection_name in ("issues", "checks"):
37
47
  collection = scan_result.get(collection_name)
38
48
  if not isinstance(collection, list):
{modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/core.py RENAMED
@@ -58,6 +58,8 @@ _OPERATIONAL_ERROR_REASON_METADATA_KEY = "operational_error_reason"
58
58
  _SCAN_OUTCOME_METADATA_KEY = "scan_outcome"
59
59
 
60
60
  HEADER_FORMAT_TO_SCANNER_ID = _registry.get_header_format_to_scanner_ids()
61
+ _COMPRESSED_HEADER_FORMATS = frozenset({"compressed", "gzip", "bzip2", "xz", "lz4", "zlib"})
62
+ _R_SERIALIZED_EXTENSIONS = frozenset({".rds", ".rda", ".rdata"})
61
63
 
62
64
 
63
65
  def _mark_operational_scan_error(scan_result: ScanResult, reason: str) -> None:
@@ -66,6 +68,22 @@ def _mark_operational_scan_error(scan_result: ScanResult, reason: str) -> None:
66
68
  scan_result.metadata[_OPERATIONAL_ERROR_REASON_METADATA_KEY] = reason
67
69
 
68
70
 
71
+ def _mark_inconclusive_scan_outcome(scan_result: ScanResult, reason: str) -> None:
72
+ """Mark a scan result as explicitly inconclusive for exit-code aggregation."""
73
+ scan_result.metadata["analysis_incomplete"] = True
74
+ scan_result.metadata[_SCAN_OUTCOME_METADATA_KEY] = INCONCLUSIVE_SCAN_OUTCOME
75
+ scan_result.metadata.setdefault(
76
+ "scan_outcome_message",
77
+ "Scan analysis incomplete; failed closed because full coverage was not available.",
78
+ )
79
+
80
+ existing_reasons = scan_result.metadata.get("scan_outcome_reasons")
81
+ reasons = existing_reasons if isinstance(existing_reasons, list) else []
82
+ if reason not in reasons:
83
+ reasons.append(reason)
84
+ scan_result.metadata["scan_outcome_reasons"] = reasons
85
+
86
+
69
87
  def _scan_result_has_operational_error(scan_result: ScanResult) -> bool:
70
88
  """Return True when a scan result represents an operational failure."""
71
89
  metadata = scan_result.metadata or {}
@@ -238,9 +256,12 @@ def _select_preferred_scanner_id(path: str, header_format: str, ext: str) -> str
238
256
  return "pickle"
239
257
  return "zip"
240
258
 
241
- if ext == ".joblib" and header_format in {"compressed", "pickle"}:
259
+ if ext == ".joblib" and header_format in _COMPRESSED_HEADER_FORMATS | {"pickle"}:
242
260
  return "joblib"
243
261
 
262
+ if ext in _R_SERIALIZED_EXTENSIONS and header_format in _COMPRESSED_HEADER_FORMATS | {"r_serialized"}:
263
+ return "r_serialized"
264
+
244
265
  if header_format == "tar" and ext == ".nemo":
245
266
  return "nemo"
246
267
 
@@ -787,6 +808,8 @@ def scan_model_directory_or_file(
787
808
  if scanner:
788
809
  scan_result, was_complete = stream_analyze_file(stream_url, scanner)
789
810
  if scan_result:
811
+ if not was_complete:
812
+ _mark_inconclusive_scan_outcome(scan_result, "streaming_analysis_incomplete")
790
813
  results.files_scanned += 1
791
814
 
792
815
  # Use helper function to add scan result to Pydantic model
{modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/detectors/suspicious_symbols.py RENAMED
@@ -175,8 +175,17 @@ SUSPICIOUS_GLOBALS = {
175
175
  # Dynamic resolution / import trampolines
176
176
  "pkgutil": ["resolve_name", "get_importer", "walk_packages"],
177
177
  "zipimport": "*",
178
- # uuid _get_command_stdout/_popen internally call subprocess.Popen
179
- "uuid": ["_get_command_stdout", "_popen"],
178
+ # uuid private helpers that invoke platform commands through subprocess wrappers
179
+ "uuid": [
180
+ "_arp_getnode",
181
+ "_get_command_stdout",
182
+ "_ifconfig_getnode",
183
+ "_ip_getnode",
184
+ "_lanscan_getnode",
185
+ "_netstat_getnode",
186
+ "_popen",
187
+ "getnode",
188
+ ],
180
189
  # Network / exfiltration
181
190
  "smtplib": "*",
182
191
  "xmlrpc": "*",
@@ -211,7 +220,7 @@ SUSPICIOUS_GLOBALS = {
211
220
  "timeit": ["timeit", "repeat"],
212
221
  "trace": "*",
213
222
  # Operator / functools bypasses
214
- "functools": ["reduce", "partial"],
223
+ "functools": ["reduce", "partial", "partialmethod"],
215
224
  "_operator": "*",
216
225
  # Pickle recursion
217
226
  "cloudpickle": "*",
@@ -237,10 +246,10 @@ SUSPICIOUS_GLOBALS = {
237
246
  "_sqlite3": "*",
238
247
  "select": "*",
239
248
  "selectors": "*",
240
- "logging": ["config"],
249
+ "logging.config": ["dictConfig", "fileConfig", "listen"],
241
250
  "syslog": "*",
242
- "tarfile": "*",
243
- "zipfile": "*",
251
+ "tarfile": ["open"],
252
+ "zipfile": ["ZipFile", "PyZipFile"],
244
253
  "shelve": "*",
245
254
  # Documentation / tooling (can execute code)
246
255
  "doctest": "*",
{modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanner_registry_metadata.py RENAMED
@@ -422,6 +422,7 @@ SCANNER_REGISTRY_METADATA: dict[str, dict[str, Any]] = {
422
422
  "class": "CompressedScanner",
423
423
  "description": "Scans standalone compressed wrappers and routes inner payloads to existing scanners",
424
424
  "extensions": [".gz", ".bz2", ".xz", ".lz4", ".zlib"],
425
+ "header_formats": ["gzip", "bzip2", "xz", "lz4", "zlib"],
425
426
  "priority": 95,
426
427
  "dependencies": [],
427
428
  "numpy_sensitive": False,
modelaudit-0.2.35/modelaudit/scanners/_archive_outcomes.py ADDED
@@ -0,0 +1,26 @@
1
+ """Shared metadata helpers for archive scans that intentionally stop early."""
2
+
3
+ from __future__ import annotations
4
+
5
+ from .base import INCONCLUSIVE_SCAN_OUTCOME, ScanResult
6
+
7
+
8
+ def mark_archive_scan_incomplete(result: ScanResult, reason: str) -> None:
9
+ """Mark an archive result as explicitly inconclusive without changing findings."""
10
+ result.metadata["analysis_incomplete"] = True
11
+ result.metadata["scan_outcome"] = INCONCLUSIVE_SCAN_OUTCOME
12
+
13
+ existing_reasons = result.metadata.get("scan_outcome_reasons")
14
+ reasons = existing_reasons if isinstance(existing_reasons, list) else []
15
+ if reason not in reasons:
16
+ reasons.append(reason)
17
+ result.metadata["scan_outcome_reasons"] = reasons
18
+
19
+
20
+ def member_scan_incomplete(result: ScanResult) -> bool:
21
+ """Return whether a nested archive member scan stopped before complete analysis."""
22
+ return (
23
+ result.metadata.get("analysis_incomplete") is True
24
+ or result.metadata.get("scan_outcome") == INCONCLUSIVE_SCAN_OUTCOME
25
+ or (not result.success and not result.has_errors)
26
+ )
{modelaudit-0.2.34 → modelaudit-0.2.35}/modelaudit/scanners/catboost_scanner.py RENAMED
@@ -10,7 +10,7 @@ import struct
10
10
  from typing import Any, ClassVar
11
11
  from urllib.parse import urlparse
12
12
 
13
- from .base import BaseScanner, IssueSeverity, ScanResult
13
+ from .base import INCONCLUSIVE_SCAN_OUTCOME, BaseScanner, IssueSeverity, ScanResult
14
14
 
15
15
  CATBOOST_MAGIC = b"CBM1"
16
16
  _SIZE_SENTINEL = 0xFFFFFFFF
@@ -99,22 +99,16 @@ class CatBoostScanner(BaseScanner):
99
99
 
100
100
  try:
101
101
  file_size = os.path.getsize(path)
102
- if file_size < 8:
102
+ if file_size < 4:
103
103
  return False
104
104
 
105
105
  with open(path, "rb") as f:
106
106
  if f.read(4) != CATBOOST_MAGIC:
107
107
  return False
108
- core_size, header_size = cls._read_core_size(f)
109
108
 
110
- if core_size <= 0:
111
- return False
112
-
113
- return header_size + core_size <= file_size
109
+ return True
114
110
  except OSError:
115
111
  return False
116
- except (_CatBoostParseError, struct.error):
117
- return False
118
112
 
119
113
  @staticmethod
120
114
  def _read_core_size(file_obj: Any) -> tuple[int, int]:
@@ -160,6 +154,7 @@ class CatBoostScanner(BaseScanner):
160
154
  details={"error_type": type(error).__name__},
161
155
  why="Corrupted or truncated model files should be treated as suspicious input.",
162
156
  )
157
+ self._mark_inconclusive_scan_result(result, "catboost_structure_parse_failed")
163
158
  result.finish(success=False)
164
159
  return result
165
160
  except OSError as error:
@@ -171,6 +166,7 @@ class CatBoostScanner(BaseScanner):
171
166
  location=path,
172
167
  details={"error": str(error), "error_type": type(error).__name__},
173
168
  )
169
+ self._mark_inconclusive_scan_result(result, "catboost_read_failed")
174
170
  result.finish(success=False)
175
171
  return result
176
172
 
@@ -195,6 +191,17 @@ class CatBoostScanner(BaseScanner):
195
191
  result.finish(success=not result.has_errors)
196
192
  return result
197
193
 
194
+ def _mark_inconclusive_scan_result(self, result: ScanResult, reason: str) -> None:
195
+ """Mark CatBoost analysis as incomplete for aggregate exit-code handling."""
196
+ existing_reasons = result.metadata.get("scan_outcome_reasons")
197
+ reasons = existing_reasons if isinstance(existing_reasons, list) else []
198
+ if reason not in reasons:
199
+ reasons.append(reason)
200
+
201
+ result.metadata["scan_outcome"] = INCONCLUSIVE_SCAN_OUTCOME
202
+ result.metadata["scan_outcome_reasons"] = reasons
203
+ result.metadata["analysis_incomplete"] = True
204
+
198
205
  def _parse_sections(
199
206
  self,
200
207
  path: str,