modelaudit 0.2.34__tar.gz → 0.2.36__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- modelaudit-0.2.36/.release-please-manifest.json +3 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/AGENTS.md +3 -2
- {modelaudit-0.2.34 → modelaudit-0.2.36}/CHANGELOG.md +54 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/PKG-INFO +1 -1
- {modelaudit-0.2.34 → modelaudit-0.2.36}/docs/agents/architecture.md +5 -2
- {modelaudit-0.2.34 → modelaudit-0.2.36}/docs/agents/new-scanner-quickstart.md +2 -1
- {modelaudit-0.2.34 → modelaudit-0.2.36}/docs/agents/picklescan-package-split.md +15 -3
- modelaudit-0.2.36/docs/agents/repo-correctness-audit.md +209 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/docs/maintainers/format-gap-plans/coreml-mlmodel.md +2 -2
- {modelaudit-0.2.34 → modelaudit-0.2.36}/docs/maintainers/format-gap-plans/mxnet-models.md +2 -2
- {modelaudit-0.2.34 → modelaudit-0.2.36}/docs/maintainers/format-gap-plans/torchserve-mar.md +4 -4
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/cache/cache_policy.py +10 -0
- modelaudit-0.2.36/modelaudit/config/constants.py +21 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/core.py +23 -592
- modelaudit-0.2.36/modelaudit/core_results.py +499 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/detectors/suspicious_symbols.py +15 -6
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanner_registry_metadata.py +99 -2
- modelaudit-0.2.36/modelaudit/scanners/__init__.py +450 -0
- modelaudit-0.2.36/modelaudit/scanners/_archive_outcomes.py +26 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/catboost_scanner.py +16 -9
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/compressed_scanner.py +317 -72
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/gguf_scanner.py +113 -71
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/jinja2_template_scanner.py +148 -21
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/keras_h5_scanner.py +151 -20
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/keras_zip_scanner.py +213 -61
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/manifest_scanner.py +182 -91
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/mxnet_scanner.py +40 -19
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/nemo_scanner.py +92 -14
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/numpy_scanner.py +32 -4
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/onnx_scanner.py +38 -4
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/paddle_scanner.py +2 -2
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/pickle_scanner.py +91 -22
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/picklescan_adapter.py +58 -10
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/safetensors_scanner.py +147 -33
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/sevenzip_scanner.py +22 -4
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/tar_scanner.py +18 -4
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/tflite_scanner.py +17 -1
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/zip_scanner.py +31 -18
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/utils/file/detection.py +7 -146
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/utils/file/handlers.py +104 -5
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/utils/file/streaming.py +36 -18
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/utils/model_extensions.py +2 -8
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/utils/sources/cloud_storage.py +2 -35
- {modelaudit-0.2.34 → modelaudit-0.2.36}/packages/modelaudit-picklescan/README.md +18 -2
- modelaudit-0.2.36/packages/modelaudit-picklescan/src/modelaudit_picklescan/engine/nested.py +126 -0
- modelaudit-0.2.36/packages/modelaudit-picklescan/src/modelaudit_picklescan/engine/policy.py +248 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/packages/modelaudit-picklescan/src/modelaudit_picklescan/engine/scanner.py +355 -337
- modelaudit-0.2.36/packages/modelaudit-picklescan/src/modelaudit_picklescan/engine/stream.py +141 -0
- modelaudit-0.2.36/packages/modelaudit-picklescan/src/modelaudit_picklescan/options.py +74 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/packages/modelaudit-picklescan/src/modelaudit_picklescan/report.py +48 -8
- modelaudit-0.2.36/packages/modelaudit-picklescan/tests/test_api.py +1030 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/packages/modelaudit-picklescan/tests/test_options.py +6 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/packages/modelaudit-picklescan/tests/test_report.py +39 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/pyproject.toml +1 -1
- {modelaudit-0.2.34 → modelaudit-0.2.36}/scripts/README.md +3 -1
- {modelaudit-0.2.34 → modelaudit-0.2.36}/scripts/compare_pickle_scanners.py +69 -47
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/cache/test_cache_correctness.py +37 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/conftest.py +1 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/integrations/test_jfrog.py +6 -6
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_catboost_scanner.py +24 -1
- modelaudit-0.2.36/tests/scanners/test_compressed_scanner.py +694 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_gguf_scanner.py +151 -10
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_jinja2_template_scanner.py +114 -2
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_keras_h5_scanner.py +252 -3
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_keras_zip_scanner.py +273 -6
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_manifest_scanner.py +183 -2
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_mxnet_scanner.py +139 -3
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_nemo_scanner.py +97 -2
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_numpy_scanner.py +54 -1
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_onnx_scanner.py +51 -1
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_paddle_scanner.py +36 -1
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_pickle_scanner.py +359 -2
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_picklescan_adapter.py +154 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_safetensors_scanner.py +111 -2
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_scanner_registry.py +59 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_sevenzip_scanner.py +48 -2
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_tar_scanner.py +79 -2
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_tensorrt_scanner.py +20 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_tflite_scanner.py +68 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_zip_scanner.py +128 -1
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scripts/test_compare_pickle_scanners.py +14 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_core.py +30 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_core_asset_extraction.py +3 -3
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_huggingface_extensions.py +4 -1
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_lazy_loading_integration.py +8 -9
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_streaming_scan.py +57 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_telemetry.py +1 -1
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/utils/file/test_advanced_file_handler.py +143 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/utils/file/test_filetype.py +9 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/utils/file/test_streaming_analysis.py +78 -1
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/utils/sources/test_cloud_storage.py +5 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/uv.lock +1 -1
- modelaudit-0.2.34/.release-please-manifest.json +0 -3
- modelaudit-0.2.34/modelaudit/config/constants.py +0 -64
- modelaudit-0.2.34/modelaudit/scanners/__init__.py +0 -919
- modelaudit-0.2.34/packages/modelaudit-picklescan/src/modelaudit_picklescan/options.py +0 -40
- modelaudit-0.2.34/packages/modelaudit-picklescan/tests/test_api.py +0 -515
- modelaudit-0.2.34/tests/scanners/test_compressed_scanner.py +0 -360
- {modelaudit-0.2.34 → modelaudit-0.2.36}/.dockerignore +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/.editorconfig +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/.gitattributes +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/.github/CODEOWNERS +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/.github/ISSUE_TEMPLATE/bug_report.yml +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/.github/ISSUE_TEMPLATE/feature_request.yml +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/.github/PULL_REQUEST_TEMPLATE.md +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/.github/markdown-link-check-config.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/.github/workflows/README.md +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/.github/workflows/codeql.yml +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/.github/workflows/docker-image-test.yml +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/.github/workflows/docker-publish.yml +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/.github/workflows/docs-check.yml +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/.github/workflows/nightly.yml +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/.github/workflows/perf.yml +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/.github/workflows/release-please.yml +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/.github/workflows/test.yml +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/.github/workflows/validate-pr-title.yml +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/.gitignore +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/.mailmap +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/.modelaudit.toml.example +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/.prettierignore +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/CLAUDE.md +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/CODE_OF_CONDUCT.md +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/CONTRIBUTING.md +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/Dockerfile +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/Dockerfile.full +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/Dockerfile.tensorflow +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/LICENSE +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/MAINTAINERS.md +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/MANIFEST.in +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/README.md +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/RULES.md +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/SECURITY.md +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/SUPPORT.md +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/THIRD_PARTY_NOTICES.md +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/codecov.yml +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/docker-compose.yml +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/docker-entrypoint.sh +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/docs/agents/dependencies.md +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/docs/agents/release-process.md +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/docs/maintainers/cve-gap-pr-plan-2026-03-20.md +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/docs/maintainers/cve-process.md +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/docs/maintainers/dependency-policy.md +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/docs/maintainers/format-gap-plans/tensorflow-metagraph.md +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/docs/maintainers/triage-playbook.md +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/docs/security/threat-model.md +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/docs/user/compatibility-matrix.md +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/docs/user/metadata-extraction.md +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/docs/user/offline-air-gapped.md +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/docs/user/security-model.md +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/__init__.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/__main__.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/analysis/__init__.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/analysis/anomaly_detector.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/analysis/enhanced_pattern_detector.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/analysis/entropy_analyzer.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/analysis/framework_patterns.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/analysis/integrated_analyzer.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/analysis/ml_context_analyzer.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/analysis/opcode_sequence_analyzer.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/analysis/semantic_analyzer.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/analysis/unified_context.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/auth/__init__.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/auth/client.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/auth/config.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/cache/__init__.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/cache/adaptive_cache_keys.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/cache/batch_operations.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/cache/cache_manager.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/cache/optimized_config.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/cache/scan_results_cache.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/cache/trusted_config_store.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/cli.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/config/__init__.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/config/data/spdx_licenses.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/config/explanations.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/config/generated_keras_layers.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/config/local_config.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/config/name_blacklist.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/config/rule_config.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/detectors/__init__.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/detectors/cve_patterns.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/detectors/jit_script.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/detectors/network_comm.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/detectors/secrets.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/integrations/__init__.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/integrations/jfrog.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/integrations/license_checker.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/integrations/mlflow.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/integrations/sarif_formatter.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/integrations/sbom_generator.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/metadata_extractor.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/models.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/progress/__init__.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/progress/base.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/progress/console.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/progress/file.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/progress/hooks.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/progress/multi_phase.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/LICENSE +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/NOTICE +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/__init__.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/py.typed +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/__init__.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/__init__.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/framework/__init__.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/framework/allocation_description_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/framework/api_def_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/framework/attr_value_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/framework/cost_graph_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/framework/cpp_shape_inference_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/framework/dataset_metadata_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/framework/dataset_options_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/framework/dataset_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/framework/device_attributes_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/framework/full_type_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/framework/function_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/framework/graph_debug_info_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/framework/graph_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/framework/graph_transfer_info_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/framework/kernel_def_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/framework/log_memory_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/framework/model_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/framework/node_def_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/framework/op_def_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/framework/optimized_function_graph_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/framework/reader_base_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/framework/resource_handle_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/framework/step_stats_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/framework/tensor_description_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/framework/tensor_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/framework/tensor_shape_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/framework/tensor_slice_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/framework/types_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/framework/variable_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/framework/versions_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/protobuf/__init__.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/protobuf/cluster_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/protobuf/composite_tensor_variant_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/protobuf/control_flow_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/protobuf/core_platform_payloads_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/protobuf/critical_section_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/protobuf/data_service_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/protobuf/debug_event_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/protobuf/debug_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/protobuf/device_filters_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/protobuf/device_properties_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/protobuf/fingerprint_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/protobuf/meta_graph_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/protobuf/named_tensor_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/protobuf/remote_tensor_handle_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/protobuf/rewriter_config_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/protobuf/saved_model_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/protobuf/saved_object_graph_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/protobuf/saver_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/protobuf/service_config_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/protobuf/snapshot_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/protobuf/struct_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/protobuf/tensor_bundle_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/protobuf/trackable_object_graph_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/protobuf/transport_options_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/protos/tensorflow/core/protobuf/verifier_config_pb2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/py.typed +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/rule_catalog.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/rules.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanner_results.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/_archive_config.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/_archive_locations.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/_string_extraction.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/archive_dispatch.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/archive_member_security.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/base.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/cntk_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/coreml_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/executorch_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/flax_msgpack_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/jax_checkpoint_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/joblib_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/keras_utils.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/lightgbm_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/llamafile_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/metadata_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/oci_layer_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/openvino_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/pickle_support/__init__.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/pickle_support/opcode_stream.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/pmml_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/pytorch_binary_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/pytorch_zip_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/pytorch_zip_support/__init__.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/pytorch_zip_support/archive_members.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/r_serialized_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/rknn_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/rule_mapper.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/skops_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/tensorrt_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/text_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/tf_metagraph_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/tf_savedmodel_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/torch7_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/torchserve_mar_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/weight_distribution_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/scanners/xgboost_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/telemetry.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/utils/__init__.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/utils/_path_hardening.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/utils/auto_defaults.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/utils/file/__init__.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/utils/file/_compression.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/utils/file/filtering.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/utils/file/large_file_handler.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/utils/helpers/__init__.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/utils/helpers/assets.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/utils/helpers/auto_defaults.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/utils/helpers/cache_decorator.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/utils/helpers/code_validation.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/utils/helpers/disk_space.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/utils/helpers/file_hash.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/utils/helpers/file_iterator.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/utils/helpers/interrupt_handler.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/utils/helpers/ml_context.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/utils/helpers/result_conversion.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/utils/helpers/retry.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/utils/helpers/secure_hasher.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/utils/helpers/types.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/utils/lfs.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/utils/sources/__init__.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/utils/sources/_huggingface_cache.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/utils/sources/dvc.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/utils/sources/huggingface.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/utils/sources/huggingface_paths.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/utils/sources/jfrog.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/utils/sources/pytorch_hub.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/utils/tensorflow_compat.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/version.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/whitelists/__init__.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/whitelists/huggingface_organizations.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/modelaudit/whitelists/huggingface_popular.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/package-lock.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/package.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/packages/modelaudit-picklescan/pyproject.toml +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/packages/modelaudit-picklescan/src/modelaudit_picklescan/__init__.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/packages/modelaudit-picklescan/src/modelaudit_picklescan/api.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/packages/modelaudit-picklescan/src/modelaudit_picklescan/engine/__init__.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/packages/modelaudit-picklescan/src/modelaudit_picklescan/py.typed +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/packages/modelaudit-picklescan/tests/conftest.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/packages/modelaudit-picklescan/tests/test_import_boundary.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/packages/modelaudit-picklescan/uv.lock +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/pyproject.toml.example +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/release-please-config.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/renovate.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/scripts/benchmark_report.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/scripts/check_circular_imports.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/scripts/compare_pickle_scanners_fixture_labels.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/scripts/compile_tensorflow_protos.sh +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/scripts/fetch_hf_org_models.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/scripts/fetch_hf_top_models.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/scripts/generate_keras_layer_inventory.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/scripts/jax_flax_scanning_demo.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/scripts/minimal_circular_check.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/__init__.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/analysis/test_analysis_modules.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/analysis/test_anomaly_detector.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/analysis/test_enhanced_pattern_detector.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/analysis/test_entropy_analyzer.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/analysis/test_framework_patterns.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/analysis/test_ml_context_analyzer.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/analysis/test_opcode_sequence_analyzer.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/analysis/test_unified_context.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/exploits/exploit1_basic_torch_bypass.pkl +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/exploits/exploit2_advanced_torch_bypass.pkl +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/exploits/exploit3_sophisticated_hybrid.pkl +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/exploits/exploit4_supply_chain_attack.pkl +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/exploits/exploit5_ultra_high_confidence.pkl +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/exploits/exploit6_ordereddict_bypass.pkl +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/exploits/exploit7_nested_collections.pkl +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/exploits/exploit9_manual_construction.pkl +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/exploits/exploit_ultimate_50pct.pkl +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/generators/generate_7z_test_assets.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/generators/generate_advanced_pickle_tests.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/generators/generate_evil_pickle.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/generators/generate_jinja2_test_assets.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/generators/generate_nested_pickle_assets.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/generators/generate_os_alias_tests.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/generators/generate_safe_nested_assets.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/generators/generate_safetensors_assets.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/generators/generate_security_assets.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/pickles/bypass_pocs/gen_bypass_v4.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/pickles/memo_attack.pkl +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/pickles/multiple_stream_attack.pkl +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/pickles/nt_alias_attack.pkl +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/pickles/posix_alias_attack.pkl +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/pickles/stack_global_attack.pkl +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/archives/path_traversal.zip +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/archives/safe_model.zip +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/benign/chatml_format.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/benign/complex_legitimate.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/benign/conditional_system.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/benign/huggingface_llama.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/benign/simple_roles.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/benign/special_tokens.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/benign_conditional_format.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/benign_huggingface_chat.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/benign_simple_template.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/benign_template.j2 +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/edge_cases/empty_template.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/edge_cases/malformed_template.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/edge_cases/multiple_templates.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/edge_cases/no_template.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/edge_cases/oversized_template.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/malicious/attr_bypass.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/malicious/combined_attack.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/malicious/config_exploit.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/malicious/cve_2024_34359_original.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/malicious/direct_eval.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/malicious/env_extraction.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/malicious/file_access.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/malicious/hex_bypass.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/malicious/loop_discovery.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/malicious/network_exfil.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/malicious/request_exploit.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/malicious/subprocess_injection.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/malicious_cve_2024_34359.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/malicious_env_vars.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/malicious_file_read.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/malicious_loop_exploit.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/malicious_obfuscated.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/malicious_subprocess.template +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/obfuscated/base64_payload.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/obfuscated/char_construction.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/obfuscated/format_bypass.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/obfuscated/getattr_bypass.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/standalone/benign_chat.j2 +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/standalone/malicious_standalone.jinja +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/standalone/suspicious_benign.template +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/tokenizer_config.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/yaml/malicious_config.yaml +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/jinja2/yaml/model_config.yaml +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/keras/basic_lambda_layer.h5 +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/keras/custom_layer_attack.h5 +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/keras/keras_zip_format.keras +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/keras/lambda_exfiltration.h5 +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/keras/lambda_with_imports.h5 +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/keras/loss_injection.h5 +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/keras/malicious_lambda.h5 +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/keras/metric_injection.h5 +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/keras/safe_model.h5 +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/manifests/safe_config.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/manifests/suspicious_config.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/pickles/decode_exec_chain.pkl +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/pickles/dill_func.pkl +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/pickles/malicious_model_realistic.pkl +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/pickles/malicious_system_call.pkl +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/pickles/nested_pickle_base64.pkl +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/pickles/nested_pickle_hex.pkl +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/pickles/nested_pickle_multistage.pkl +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/pickles/nested_pickle_raw.pkl +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/pickles/safe_data.pkl +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/pickles/safe_large_model.pkl +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/pickles/safe_model_with_binary.pkl +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/pickles/safe_model_with_encoding.pkl +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/pickles/safe_model_with_tokens.pkl +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/pickles/safe_nested_structure.pkl +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/pickles/simple_nested.pkl +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/pipeline.skops +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/pytorch/malicious_eval.pt +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/pytorch/safe_model.pt +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/safetensors/malicious_import.safetensors +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/safetensors/multiple_patterns.safetensors +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/safetensors/obfuscated_metadata.safetensors +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/safetensors/safe_model.safetensors +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/safetensors/script_injection.safetensors +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/safetensors/shell_commands.safetensors +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/safetensors/suspicious_url.safetensors +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/tensorflow/malicious_pyfunc/saved_model.pb +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/samples/tensorflow/safe_savedmodel/saved_model.pb +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/scenarios/license_scenarios/agpl_component/agpl_model.pkl +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/scenarios/license_scenarios/agpl_component/neural_network.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/scenarios/license_scenarios/mit_model/config.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/scenarios/license_scenarios/mit_model/model.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/scenarios/license_scenarios/mit_model/model_weights.pkl +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/scenarios/license_scenarios/mixed_licenses/LICENSE +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/scenarios/license_scenarios/mixed_licenses/apache_component.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/scenarios/license_scenarios/mixed_licenses/dataset_cc_nc.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/scenarios/license_scenarios/mixed_licenses/gpl_utility.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/scenarios/license_scenarios/mixed_licenses/mixed_model.pkl +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/scenarios/license_scenarios/unlicensed_dataset/embeddings.npy +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/scenarios/license_scenarios/unlicensed_dataset/features.csv +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/scenarios/license_scenarios/unlicensed_dataset/training_data.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/scenarios/security_scenarios/mixed_malicious_model/config.json +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/assets/scenarios/security_scenarios/mixed_malicious_model/model.pkl +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/benchmarks/test_scan_benchmarks.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/cache/__init__.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/cache/test_optimized_config.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/cli_output.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/config/__init__.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/config/test_name_blacklist.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/demo_license_functionality.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/detectors/test_builtin_detection.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/detectors/test_compile_eval_variants.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/detectors/test_cve_detection.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/detectors/test_jit_script_detector.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/detectors/test_network_comm_detector.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/detectors/test_runpy_detection.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/detectors/test_secrets_detector.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/detectors/test_suspicious_symbols.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/helpers/__init__.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/helpers/file_creators.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/helpers/frameworks.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/integrations/test_jfrog_integration.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/integrations/test_license_checker.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/integrations/test_license_integration.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/integrations/test_mlflow_integration.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/integrations/test_sarif_formatter.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/integrations/test_sbom_license_integration.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/integrations/test_sbom_url_fixes.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/progress/__init__.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/progress/test_base.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_base_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_cntk_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_coreml_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_executorch_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_flax_msgpack_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_jax_checkpoint_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_joblib_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_joblib_scanner_codecs.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_lightgbm_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_llamafile_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_metadata_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_oci_layer_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_onnx_dependency_handling.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_openvino_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_pmml_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_pytorch_binary_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_pytorch_zip_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_r_serialized_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_rknn_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_rule_code_registry_consistency.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_rule_mapper.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_skops_content_analysis.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_skops_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_tf_metagraph_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_tf_savedmodel_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_torch7_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_torchserve_mar_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_weight_distribution_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/scanners/test_xgboost_scanner.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_asset_inventory_integration.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_asset_list.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_auth_config.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_basic.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_benchmark_report.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_bug1_confidence_exploit.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_cache_cli.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_cache_optimizations.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_checks_recording.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_cli.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_cli_cache_dir.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_cli_default_command.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_cli_file_filtering.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_cli_license_integration.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_cli_logging_handlers.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_cli_output.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_cloud_url_detection.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_cve_2025_10155_bin_pickle.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_debug_command.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_dill_joblib_enhanced.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_directory_file_filtering.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_double_interrupt.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_exit_codes.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_false_positive_fixes.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_file_hash.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_gguf_sbom_integration.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_graceful_degradation.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_header_discrepancy.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_huggingface_symlinks.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_importlib_detection.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_integration.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_jax_flax_integration.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_jit_script_integration.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_lazy_loading.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_manifest_name_policy.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_metadata_extractor.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_models.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_nested_pickle_integration.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_network_comm_integration.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_os_alias_detection.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_os_subprocess_detection.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_path_traversal.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_performance_benchmarks.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_pickle_context_filtering.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_progress.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_pydantic_models.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_python_version_warning.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_pytorch_zip_detection.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_real_world_dill_joblib.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_regression_corpus.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_regular_scan_hash.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_rules.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_safetensors_optimization.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_secure_hasher.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_security_asset_integration.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_security_enhancements.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_shebang_context.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_simple_jinja2.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_sklearn_joblib_false_positive.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_telemetry_decoupling.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_tensorflow_lambda_detection.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_timeout_configuration.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_utils.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_weak_hash_detection.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_webbrowser_detection.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_why_explanations.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/test_xdist_status.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/utils/__init__.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/utils/file/__init__.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/utils/file/test_advanced_size_limits.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/utils/file/test_file_filter.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/utils/file/test_file_type_validation_integration.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/utils/file/test_integration_file_type_demo.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/utils/file/test_large_file_handler.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/utils/file/test_streaming_preview.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/utils/helpers/test_asset_from_scan_result.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/utils/helpers/test_auto_defaults.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/utils/helpers/test_code_validation.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/utils/helpers/test_disk_space.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/utils/helpers/test_file_iterator.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/utils/helpers/test_interrupt_handling.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/utils/helpers/test_ml_context_false_positives.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/utils/helpers/test_py_compile_improvements.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/utils/helpers/test_secure_hasher.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/utils/sources/test_dvc_integration.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/utils/sources/test_huggingface.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/utils/sources/test_pytorch_hub.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/utils/test_lfs.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/utils/test_result_conversion.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/whitelists/__init__.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/whitelists/test_combined.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/whitelists/test_huggingface_popular.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/whitelists/test_organizations.py +0 -0
- {modelaudit-0.2.34 → modelaudit-0.2.36}/tests/xdist_status.py +0 -0
|
@@ -28,7 +28,7 @@ uv sync --extra all-ci
|
|
|
28
28
|
uv run ruff format modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/
|
|
29
29
|
uv run ruff check --fix modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/
|
|
30
30
|
uv run mypy modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/
|
|
31
|
-
uv run pytest -n auto -m "not slow and not integration" --maxfail=1
|
|
31
|
+
PROMPTFOO_DISABLE_TELEMETRY=1 uv run pytest -n auto -m "not slow and not integration" --maxfail=1
|
|
32
32
|
```
|
|
33
33
|
|
|
34
34
|
## Standard Workflow
|
|
@@ -74,7 +74,7 @@ gh pr create --title "feat: descriptive title" --body "Brief description"
|
|
|
74
74
|
uv run ruff check modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/ # Lint (no errors)
|
|
75
75
|
uv run ruff format --check modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/ # Format (no changes)
|
|
76
76
|
uv run mypy modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/ # Types (no errors)
|
|
77
|
-
uv run pytest -n auto -m "not slow and not integration" --maxfail=1
|
|
77
|
+
PROMPTFOO_DISABLE_TELEMETRY=1 uv run pytest -n auto -m "not slow and not integration" --maxfail=1
|
|
78
78
|
```
|
|
79
79
|
|
|
80
80
|
| Issue | Fix |
|
|
@@ -111,6 +111,7 @@ uv run pytest -n auto -m "not slow and not integration" --maxfail=1
|
|
|
111
111
|
- Keep fixtures deterministic and self-contained under `tmp_path`; never rely on host paths or global temp filenames.
|
|
112
112
|
- If a new regression test must run on reduced CI lanes, add the file to `allowed_test_files` in `tests/conftest.py`.
|
|
113
113
|
- Match local validation to the CI lane that will exercise the change when possible; if optional dependencies or Python-version gates prevent that, call it out explicitly in the PR.
|
|
114
|
+
- Disable telemetry for local validation unless the task explicitly tests telemetry behavior: prefix pytest runs with `PROMPTFOO_DISABLE_TELEMETRY=1` (or `NO_ANALYTICS=1`). Do not request approval to contact `a.promptfoo.app` for normal unit, scanner, or integration-excluded test runs; telemetry tests must mock the transport or make network intent explicit before running.
|
|
114
115
|
- For file routing, prefiltering, or archive-triage changes, add at least one malicious positive regression and one benign near-match negative regression.
|
|
115
116
|
- Reuse shared fixture helpers for container formats. For PyTorch ZIP tests, prefer
|
|
116
117
|
`tests.helpers.create_mock_pytorch_zip`; if you hand-roll a ZIP-backed `.pt`/`.pkl`,
|
|
@@ -5,10 +5,58 @@ All notable changes to this project will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [0.2.36](https://github.com/promptfoo/modelaudit/compare/v0.2.35...v0.2.36) (2026-04-11)
|
|
9
|
+
|
|
10
|
+
### Documentation
|
|
11
|
+
|
|
12
|
+
- disable telemetry during agent validation ([#928](https://github.com/promptfoo/modelaudit/issues/928)) ([69a1986](https://github.com/promptfoo/modelaudit/commit/69a1986aa2a63ab07e63871507e96bf857c1c882))
|
|
13
|
+
|
|
14
|
+
## [0.2.35](https://github.com/promptfoo/modelaudit/compare/v0.2.34...v0.2.35) (2026-04-11)
|
|
15
|
+
|
|
16
|
+
### Bug Fixes
|
|
17
|
+
|
|
18
|
+
- clean up oversized zip entry temps ([#911](https://github.com/promptfoo/modelaudit/issues/911)) ([66b4871](https://github.com/promptfoo/modelaudit/commit/66b4871f49e367dea545f36af85c9cc75303d615))
|
|
19
|
+
- flag Paddle code patterns as warnings ([#925](https://github.com/promptfoo/modelaudit/issues/925)) ([32fa0b7](https://github.com/promptfoo/modelaudit/commit/32fa0b7551c13059515c464b0118851fa1fbe671))
|
|
20
|
+
- harden manifest parse boundaries ([#922](https://github.com/promptfoo/modelaudit/issues/922)) ([6f5b516](https://github.com/promptfoo/modelaudit/commit/6f5b516bec8492b2f062ba5ea10498c705d972ca))
|
|
21
|
+
- harden standalone pickle scanner ([#901](https://github.com/promptfoo/modelaudit/issues/901)) ([31f7dd3](https://github.com/promptfoo/modelaudit/commit/31f7dd38c6bd77631ccdca90438312c4db2ac857))
|
|
22
|
+
- mark corrupt NumPy object payloads inconclusive ([#912](https://github.com/promptfoo/modelaudit/issues/912)) ([ecba19d](https://github.com/promptfoo/modelaudit/commit/ecba19dc585d5bfbfbfbd687e81cd734a7b0103b))
|
|
23
|
+
- mark incomplete MXNet scans inconclusive ([#923](https://github.com/promptfoo/modelaudit/issues/923)) ([a928ed7](https://github.com/promptfoo/modelaudit/commit/a928ed723a220185c3c0ea4b046b8885c74e8f62))
|
|
24
|
+
- mark incomplete sharded scans inconclusive ([#909](https://github.com/promptfoo/modelaudit/issues/909)) ([510d0fb](https://github.com/promptfoo/modelaudit/commit/510d0fbe45ae9f1b7e213227ebb1210b15a35991))
|
|
25
|
+
- mark malformed GGUF scans inconclusive ([#914](https://github.com/promptfoo/modelaudit/issues/914)) ([9b3e216](https://github.com/promptfoo/modelaudit/commit/9b3e21607309b846b15f809af6fd1bef31268b6a))
|
|
26
|
+
- mark malformed Keras H5 configs inconclusive ([#917](https://github.com/promptfoo/modelaudit/issues/917)) ([23671c3](https://github.com/promptfoo/modelaudit/commit/23671c38796293978b0538eb4c7ce30c8cfa5160))
|
|
27
|
+
- mark malformed Keras ZIP configs inconclusive ([#918](https://github.com/promptfoo/modelaudit/issues/918)) ([d4ad8d8](https://github.com/promptfoo/modelaudit/commit/d4ad8d8717c4f1ca647b292035f68bbf570d9904))
|
|
28
|
+
- mark malformed SafeTensors scans inconclusive ([#913](https://github.com/promptfoo/modelaudit/issues/913)) ([43913d6](https://github.com/promptfoo/modelaudit/commit/43913d65c5eb89014d1bb137768f89e93b8d0d41))
|
|
29
|
+
- mark malformed tflite scans inconclusive ([#916](https://github.com/promptfoo/modelaudit/issues/916)) ([07c871a](https://github.com/promptfoo/modelaudit/commit/07c871a8d19e9181bdcd568fffa9a165883585de))
|
|
30
|
+
- mark partial archive scans inconclusive ([#907](https://github.com/promptfoo/modelaudit/issues/907)) ([c8eb918](https://github.com/promptfoo/modelaudit/commit/c8eb918b8d0a717460be93097cfc1cf0a47e6689))
|
|
31
|
+
- mark partial streaming scans inconclusive ([#908](https://github.com/promptfoo/modelaudit/issues/908)) ([3d47a10](https://github.com/promptfoo/modelaudit/commit/3d47a1055d09c20995c21ebe75a50a2c3d1105f0))
|
|
32
|
+
- mark unknown ONNX tensor dtypes inconclusive ([#915](https://github.com/promptfoo/modelaudit/issues/915)) ([35661b6](https://github.com/promptfoo/modelaudit/commit/35661b6ac166f38f7642ac9a3ea89b6cea538928))
|
|
33
|
+
- preserve picklescan stack state ([#910](https://github.com/promptfoo/modelaudit/issues/910)) ([fabac5c](https://github.com/promptfoo/modelaudit/commit/fabac5c9ead49c2ed5f8357dfa53ccdcce946527))
|
|
34
|
+
- recover malformed Jinja template configs ([#920](https://github.com/promptfoo/modelaudit/issues/920)) ([d619c8f](https://github.com/promptfoo/modelaudit/commit/d619c8f185040c7b3c772a4b94631edddde9d8a8))
|
|
35
|
+
- route corrupt catboost scans fail closed ([#924](https://github.com/promptfoo/modelaudit/issues/924)) ([052bb5f](https://github.com/promptfoo/modelaudit/commit/052bb5f4e6dbc5e48a3fe5d134e0ec8d9605e292))
|
|
36
|
+
- traverse nemo yaml list configs ([#919](https://github.com/promptfoo/modelaudit/issues/919)) ([0d8d4fd](https://github.com/promptfoo/modelaudit/commit/0d8d4fd4dc2ef774db093fb9e7daf27c32b5a0a8))
|
|
37
|
+
- **zip:** fail closed on MAR handler parse errors ([#896](https://github.com/promptfoo/modelaudit/issues/896)) ([a06a620](https://github.com/promptfoo/modelaudit/commit/a06a620f011d120072b1e8619e543a7306d5a4fc))
|
|
38
|
+
|
|
39
|
+
### Documentation
|
|
40
|
+
|
|
41
|
+
- add repo correctness audit ledger ([#921](https://github.com/promptfoo/modelaudit/issues/921)) ([06be0b6](https://github.com/promptfoo/modelaudit/commit/06be0b6eaeb53f5f238612a386665c45f3c27dc2))
|
|
42
|
+
|
|
8
43
|
## [0.2.34](https://github.com/promptfoo/modelaudit/compare/v0.2.33...v0.2.34) (2026-04-10)
|
|
9
44
|
|
|
10
45
|
### Bug Fixes
|
|
11
46
|
|
|
47
|
+
- flag Paddle code patterns as warnings instead of failing benign scans
|
|
48
|
+
- route corrupt CatBoost scans to fail closed outcomes
|
|
49
|
+
- mark incomplete MXNet scans inconclusive instead of clean
|
|
50
|
+
- harden manifest parse boundaries around malformed metadata
|
|
51
|
+
- recover malformed Jinja template configs as inconclusive scan outcomes
|
|
52
|
+
- traverse NeMo YAML list configs when checking suspicious targets
|
|
53
|
+
- mark malformed Keras ZIP configs inconclusive instead of clean
|
|
54
|
+
- mark malformed Keras H5 scans inconclusive instead of clean
|
|
55
|
+
- mark malformed TFLite scans inconclusive instead of clean
|
|
56
|
+
- mark malformed GGUF scans inconclusive instead of clean
|
|
57
|
+
- mark malformed SafeTensors scans inconclusive instead of clean
|
|
58
|
+
- preserve picklescan stack state across reused scanner runs
|
|
59
|
+
- mark partial streaming scans inconclusive when large-file streaming coverage is incomplete
|
|
12
60
|
- harden native code detection in model scanners ([#897](https://github.com/promptfoo/modelaudit/issues/897)) ([f4f661a](https://github.com/promptfoo/modelaudit/commit/f4f661a09be0032e15aa8895864413e3878233f8))
|
|
13
61
|
|
|
14
62
|
## [0.2.33](https://github.com/promptfoo/modelaudit/compare/v0.2.32...v0.2.33) (2026-04-09)
|
|
@@ -41,17 +89,23 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
41
89
|
|
|
42
90
|
### Bug Fixes
|
|
43
91
|
|
|
92
|
+
- mark trailing bytes after NumPy object-array pickle payloads inconclusive without escalating to security findings
|
|
44
93
|
- avoid CoreML nested parse failures on bounded-read truncation
|
|
94
|
+
- mark incomplete sharded-model scans as inconclusive, ignore shard-name prefix matches, and skip caching explicit incomplete outcomes
|
|
45
95
|
- flag TensorFlow `LoadLibrary` and `LoadLibraryV2` graph ops as dangerous native-library loading
|
|
46
96
|
- detect split CNTK native-user-function and native-library references
|
|
47
97
|
- detect Linux/macOS native-library members in Keras archives and uppercase native-library members in PyTorch ZIPs
|
|
48
98
|
- detect embedded Windows DLL/PE, Linux ELF shared-object, and TensorRT plugin entry-point markers in TensorRT engines
|
|
49
99
|
- detect punctuation-delimited TensorRT `/tmp` plugin paths
|
|
100
|
+
- clean up temporary ZIP entry files when extraction fails on entry size limits
|
|
50
101
|
- preserve HuggingFace cache provenance for symlinked custom cache roots
|
|
102
|
+
- mark ONNX tensor dtype validation failures inconclusive instead of allowing clean scans
|
|
51
103
|
- ignore remote OCI `layers[].urls` entries during local layer discovery
|
|
52
104
|
- fail closed on unterminated OpenVINO DOCTYPE declarations
|
|
53
105
|
- avoid PMML `<Extension>` false positives for benign `subprocess` prose while preserving `subprocess.getoutput()`, `subprocess.getstatusoutput()`, and `importlib.import_module("subprocess")` detections
|
|
106
|
+
- mark incomplete ZIP, TAR, and 7z archive traversals as inconclusive in scan metadata
|
|
54
107
|
- route helper-level ZIP-backed `.ckpt`/`.pkl` checkpoints through archive scanners
|
|
108
|
+
- harden standalone pickle scanner dangerous global coverage, nested payload bounds, incomplete-scan reporting, and standalone-primary migration behavior
|
|
55
109
|
|
|
56
110
|
## [0.2.31](https://github.com/promptfoo/modelaudit/compare/v0.2.30...v0.2.31) (2026-04-04)
|
|
57
111
|
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: modelaudit
|
|
3
|
-
Version: 0.2.
|
|
3
|
+
Version: 0.2.36
|
|
4
4
|
Summary: Static scanning library for detecting malicious code, backdoors, and other security risks in ML model files
|
|
5
5
|
Project-URL: Repository, https://github.com/promptfoo/modelaudit
|
|
6
6
|
Project-URL: Homepage, https://github.com/promptfoo/modelaudit
|
|
@@ -3,7 +3,8 @@
|
|
|
3
3
|
## Core Components
|
|
4
4
|
|
|
5
5
|
- `cli.py`: Click-based CLI interface
|
|
6
|
-
- `core.py`: Main scanning logic and
|
|
6
|
+
- `core.py`: Main scanning logic, file traversal, routing, and scanner invocation
|
|
7
|
+
- `core_results.py`: Aggregate result helpers, exit-code semantics, check consolidation, and asset/metadata attachment
|
|
7
8
|
- `metadata_extractor.py`: Metadata extraction command backend (`modelaudit metadata`)
|
|
8
9
|
- `scanner_results.py`: Leaf result/check/issue contracts re-exported by `scanners/base.py`
|
|
9
10
|
- `scanner_registry_metadata.py`: Static scanner metadata consumed by registry loading and extension utilities
|
|
@@ -15,7 +16,8 @@
|
|
|
15
16
|
## Routing & Coverage Invariants
|
|
16
17
|
|
|
17
18
|
- Prefer trusted file structure and bounded content sniffing over extension-only routing, especially for ZIP-like containers and nested archives.
|
|
18
|
-
- Keep scanner routing metadata descriptor-owned in `
|
|
19
|
+
- Keep scanner routing metadata descriptor-owned in `scanner_registry_metadata.py`; header-format aliases, content-routed extensions, extension-only format policy, and lazy class exports should come from that descriptor module, with `can_handle()` as the final content gate.
|
|
20
|
+
- Source discovery filters should consume the registry-backed scannable extension set instead of carrying local allowlists.
|
|
19
21
|
- For routing, prefiltering, or archive-recursion changes, add one malicious positive regression and one benign near-match negative regression.
|
|
20
22
|
- If a scanner aborts to avoid partial coverage, make the result operationally explicit (`success=False` with a clear error message) and preserve consistent exit-code and cache behavior.
|
|
21
23
|
|
|
@@ -103,6 +105,7 @@ result.add_check(
|
|
|
103
105
|
- `modelaudit/scanners/base.py`: Scanner interface and base classes
|
|
104
106
|
- `modelaudit/scanners/<scanner>_support/`: Extracted helper modules for large scanners while preserving public `<scanner>_scanner.py` entrypoints
|
|
105
107
|
- `modelaudit/core.py`: Main scanning orchestration logic
|
|
108
|
+
- `modelaudit/core_results.py`: Shared result aggregation/finalization logic used by core scan flows
|
|
106
109
|
- `modelaudit/cli.py`: Command-line interface
|
|
107
110
|
- `pyproject.toml`: Dependencies and project configuration
|
|
108
111
|
- `tests/conftest.py`: Test configuration and fixtures
|
|
@@ -55,12 +55,13 @@ class ExampleScanner(BaseScanner):
|
|
|
55
55
|
|
|
56
56
|
## 3. Register the scanner
|
|
57
57
|
|
|
58
|
-
Update `modelaudit/
|
|
58
|
+
Update `modelaudit/scanner_registry_metadata.py`:
|
|
59
59
|
|
|
60
60
|
- Add one scanner descriptor entry with module/class metadata
|
|
61
61
|
- Set priority, direct extensions, and any descriptor-owned `header_formats` / `content_routed_extensions` carefully
|
|
62
62
|
- Declare dependency names for load-time diagnostics
|
|
63
63
|
- Document intentional descriptor/class extension differences with `scanner_only_extensions` instead of leaving silent drift
|
|
64
|
+
- If the extension is authoritative enough for extension-only format validation, add it to the descriptor-owned `EXTENSION_FORMAT_MAP`; leave generic text/config extensions out
|
|
64
65
|
- Do not add a second class map in `__getattr__`; lazy exports are resolved from descriptor metadata
|
|
65
66
|
|
|
66
67
|
## 4. Dependency handling rules
|
|
@@ -36,6 +36,10 @@ modelaudit/
|
|
|
36
36
|
- `modelaudit` owns file routing, archive/container orchestration, CLI, cache,
|
|
37
37
|
telemetry, SARIF/export integrations, and `PickleReport -> ScanResult`
|
|
38
38
|
adaptation.
|
|
39
|
+
- During the migration period, `modelaudit.scanners.pickle_scanner.PickleScanner`
|
|
40
|
+
still merges legacy-only checks after the standalone pass. Keep this fallback
|
|
41
|
+
until the parity harness shows that standalone verdict, status, and required
|
|
42
|
+
rule coverage are sufficient for the root scanner to depend on it alone.
|
|
39
43
|
- Wrapper scanners in `modelaudit` pass embedded pickle streams into
|
|
40
44
|
`modelaudit-picklescan`; archive parsing stays in `modelaudit`.
|
|
41
45
|
- The root `modelaudit` wheel bundles `modelaudit_picklescan` as a second import
|
|
@@ -56,6 +60,9 @@ scanner = PickleScanner(options=ScanOptions(timeout_s=30.0, max_opcodes=1_000_00
|
|
|
56
60
|
report = scanner.scan_stream(stream, source="archive.pt:data.pkl", size=pickle_size)
|
|
57
61
|
```
|
|
58
62
|
|
|
63
|
+
Resource controls include opcode and wall-clock limits, post-budget tail bytes,
|
|
64
|
+
string-literal scan characters, nested-pickle bytes, and nested scan depth.
|
|
65
|
+
|
|
59
66
|
Report semantics keep these concepts separate:
|
|
60
67
|
|
|
61
68
|
- `status`: scan completeness (`complete`, `inconclusive`, `error`)
|
|
@@ -63,12 +70,17 @@ Report semantics keep these concepts separate:
|
|
|
63
70
|
- `findings`: `WARNING`/`CRITICAL` security findings only
|
|
64
71
|
- `notices`: `DEBUG`/`INFO` coverage or explainability notes
|
|
65
72
|
- `errors`: operational failures
|
|
73
|
+
- report mappings are read-only after construction; call `to_dict()` for mutable
|
|
74
|
+
serialized data
|
|
66
75
|
|
|
67
76
|
## Current Integration
|
|
68
77
|
|
|
69
|
-
- `modelaudit.scanners.pickle_scanner.PickleScanner` scans through
|
|
70
|
-
|
|
71
|
-
|
|
78
|
+
- `modelaudit.scanners.pickle_scanner.PickleScanner` scans through both engines.
|
|
79
|
+
The default root result is still legacy-primary for compatibility while the
|
|
80
|
+
migration is in progress. Set `use_standalone_pickle_primary=True` in scanner
|
|
81
|
+
config to exercise the intended standalone-primary merge path, where the
|
|
82
|
+
adapted `PickleReport` owns the result and legacy-only checks are merged as
|
|
83
|
+
compatibility evidence.
|
|
72
84
|
- Embedded-pickle wrapper scanners (`pytorch_zip`, `joblib`, `numpy`, and
|
|
73
85
|
`executorch`) call the public `scan_stream(..., source=...)` API and preserve
|
|
74
86
|
archive-member context in result locations/details.
|
|
@@ -0,0 +1,209 @@
|
|
|
1
|
+
# ModelAudit Correctness Audit Ledger
|
|
2
|
+
|
|
3
|
+
Status: active
|
|
4
|
+
Owner: agent-maintained
|
|
5
|
+
Started: 2026-04-10
|
|
6
|
+
|
|
7
|
+
This file is the running plan, evidence log, and findings ledger for a repo-wide
|
|
8
|
+
correctness audit. It is intentionally conservative: a finite audit cannot prove
|
|
9
|
+
that every future input is safe or that the code is "perfect." The practical goal
|
|
10
|
+
is stronger than ad hoc review: define explicit proof obligations, record which
|
|
11
|
+
ones have evidence, and turn every concrete gap into a small PR with regression
|
|
12
|
+
tests.
|
|
13
|
+
|
|
14
|
+
## Correctness Standard
|
|
15
|
+
|
|
16
|
+
A component is not considered proven until it has evidence for all relevant
|
|
17
|
+
obligations below.
|
|
18
|
+
|
|
19
|
+
1. Routing correctness
|
|
20
|
+
- Content/structure wins over suffix-only routing where feasible.
|
|
21
|
+
- Spoofed extensions and nested archive members route to the intended scanner.
|
|
22
|
+
- Benign near-matches stay clean.
|
|
23
|
+
- Malicious positives hit the security scanner that owns the format.
|
|
24
|
+
|
|
25
|
+
2. Parser and structure boundaries
|
|
26
|
+
- Malformed input does not crash.
|
|
27
|
+
- Malformed or unsupported structure is not reported as clean when coverage is
|
|
28
|
+
incomplete.
|
|
29
|
+
- If scanning cannot cover the intended security surface, the result is
|
|
30
|
+
operationally explicit: `scan_outcome=inconclusive`, `success=False`, or an
|
|
31
|
+
operational error depending on the component contract.
|
|
32
|
+
- If a bounded raw fallback can safely recover security evidence, it runs
|
|
33
|
+
before returning inconclusive.
|
|
34
|
+
|
|
35
|
+
3. Security precedence
|
|
36
|
+
- Warning/critical security findings keep exit code 1 even when the scan is
|
|
37
|
+
also inconclusive.
|
|
38
|
+
- Operational or coverage failures without security findings return exit code 2.
|
|
39
|
+
- INFO-only review notes do not create security failures.
|
|
40
|
+
|
|
41
|
+
4. Bounded resource use
|
|
42
|
+
- Reads are size-limited for metadata, archive members, tensors, and embedded
|
|
43
|
+
payloads.
|
|
44
|
+
- Recursive archive scans have depth, file count, byte, and timeout budgets.
|
|
45
|
+
- Temporary extraction paths are sanitized, contained, and cleaned up.
|
|
46
|
+
|
|
47
|
+
5. Cache and repeatability
|
|
48
|
+
- Cached results preserve `scan_outcome`, issue severity, scanner name, and
|
|
49
|
+
exit-code semantics.
|
|
50
|
+
- Deterministic fixtures do not depend on host paths, global temp names, or
|
|
51
|
+
installed heavyweight frameworks unless explicitly gated.
|
|
52
|
+
|
|
53
|
+
6. Optional dependency behavior
|
|
54
|
+
- Missing optional dependencies fail gracefully.
|
|
55
|
+
- A missing parser cannot silently turn security coverage into a clean pass.
|
|
56
|
+
- Tests cover at least one missing-dependency path for dependency-sensitive
|
|
57
|
+
scanners.
|
|
58
|
+
|
|
59
|
+
7. Output and integration consistency
|
|
60
|
+
- CLI, JSON, SARIF, asset inventory, cache, and programmatic APIs agree on
|
|
61
|
+
success, issue severity, scanner name, and exit code.
|
|
62
|
+
- File metadata can round-trip through Pydantic models without dropping
|
|
63
|
+
safety-relevant fields.
|
|
64
|
+
|
|
65
|
+
## Evidence Levels
|
|
66
|
+
|
|
67
|
+
- E0: Inventory only. No current audit evidence.
|
|
68
|
+
- E1: Existing test coverage observed, but proof obligations not fully checked.
|
|
69
|
+
- E2: Focused audit found no defect for the selected obligations.
|
|
70
|
+
- E3: Focused audit found a defect and a PR was opened with regression tests.
|
|
71
|
+
- E4: Full obligation suite implemented and passing for the component.
|
|
72
|
+
|
|
73
|
+
E4 is the target. Most components start below E4.
|
|
74
|
+
|
|
75
|
+
## Audit Scope Map
|
|
76
|
+
|
|
77
|
+
### Core and Cross-Cutting Layers
|
|
78
|
+
|
|
79
|
+
| Area | Files | Initial risks | Evidence |
|
|
80
|
+
| ------------------------- | ------------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------- | -------------------------------- |
|
|
81
|
+
| Core orchestration | `modelaudit/core.py`, `modelaudit/models.py`, `modelaudit/scanner_results.py` | exit-code precedence, scan metadata preservation, directory dedupe, cache and stream behavior | E1 |
|
|
82
|
+
| Scanner registry/routing | `modelaudit/scanners/__init__.py`, `modelaudit/scanner_registry_metadata.py`, `modelaudit/utils/file/detection.py` | suffix routing, header aliases, optional dependency fallback, lazy loading | E1 |
|
|
83
|
+
| CLI/output | `modelaudit/cli.py`, output helpers, SARIF/JFrog integrations | JSON/SARIF consistency, exit codes, partial scans | E0 |
|
|
84
|
+
| Cache | `modelaudit/cache/`, `modelaudit/utils/helpers/cache_decorator.py` | stale safety metadata, inconclusive persistence, config-sensitive keys | E1 |
|
|
85
|
+
| Archive recursion | `zip`, `tar`, `sevenzip`, `compressed`, `oci_layer`, `torchserve_mar` scanners | traversal, temp cleanup, nested routing, partial coverage | E3 through recent PRs |
|
|
86
|
+
| Standalone pickle package | `packages/modelaudit-picklescan/` | parity with adapter, opcode budgets, immutable results | E3 through recent PRs |
|
|
87
|
+
| Test infrastructure | `tests/conftest.py`, CI allowlists | regression tests skipped in reduced Python lanes | E3 for current allowlist updates |
|
|
88
|
+
|
|
89
|
+
### Scanner Inventory
|
|
90
|
+
|
|
91
|
+
| Scanner | Primary files/formats | Current evidence | Next proof target |
|
|
92
|
+
| --------------------- | ---------------------------------------------------------- | ---------------- | --------------------------------------------------------------- |
|
|
93
|
+
| `pickle` | `.pkl`, `.pickle`, `.dill`, `.bin`, `.pt`, `.pth`, `.ckpt` | E3 | post-budget and malformed opcode corpus parity |
|
|
94
|
+
| `picklescan_adapter` | standalone picklescan bridge | E3 | adapter/cache equivalence for inconclusive reports |
|
|
95
|
+
| `pytorch_zip` | ZIP-backed PyTorch checkpoints | E3 | ZIP metadata parse boundaries and nested pickle cache semantics |
|
|
96
|
+
| `pytorch_binary` | raw `.bin` PyTorch-like blobs | E1 | bounded binary fallback and benign weight near-matches |
|
|
97
|
+
| `joblib` | `.joblib`, compressed/raw pickle wrappers | E3 | codec failure semantics and cache preservation |
|
|
98
|
+
| `jax_checkpoint` | JAX/Orbax/checkpoint pickles | E1 | index/metadata structure failures and nested pickle routing |
|
|
99
|
+
| `flax_msgpack` | `.msgpack`, `.flax`, `.orbax`, `.jax` | E1 | msgpack extension types, depth, and partial unpack coverage |
|
|
100
|
+
| `numpy` | `.npy`, `.npz` | E3 | object-array pickle failures and `.npz` member routing |
|
|
101
|
+
| `safetensors` | `.safetensors` | E3 | malformed header/schema and dtype consistency |
|
|
102
|
+
| `keras_h5` | HDF5 Keras models | E3, PR #917 | cache and aggregate semantics after malformed config fixes |
|
|
103
|
+
| `keras_zip` | `.keras` ZIP models | E3, PR #918 | metadata/weights alias ambiguity after malformed config fixes |
|
|
104
|
+
| `tf_savedmodel` | SavedModel dirs, `.pb` | E1 | protobuf parse budgets and function library edges |
|
|
105
|
+
| `tf_metagraph` | `.meta` | E1 | protobuf parse budgets and attr truncation semantics |
|
|
106
|
+
| `tflite` | `.tflite`, routed `.bin` | E3, PR #916 | flatbuffer table bounds and custom-op recovery |
|
|
107
|
+
| `onnx` | `.onnx` | E3, PR #915 | external data path policy and dtype coverage |
|
|
108
|
+
| `coreml` | `.mlmodel` | E3 | protobuf truncation, linked model paths, custom layer strings |
|
|
109
|
+
| `openvino` | `.xml` IR | E3 | XML parse failures, entity/DOCTYPE boundaries, companion `.bin` |
|
|
110
|
+
| `gguf` | `.gguf`, `.ggml`, related | E3, PR #914 | metadata value type matrix and tensor offset checks |
|
|
111
|
+
| `xgboost` | `.bst`, `.model`, `.json`, `.ubj` | E1 | JSON/UBJSON malformed root, subprocess isolation |
|
|
112
|
+
| `lightgbm` | `.model`, `.txt`, `.lgb`, `.lightgbm` | E1 | text parser bounds and native-library indicators |
|
|
113
|
+
| `catboost` | `.cbm` | E3, PR #924 | binary marker bounds and metadata strings |
|
|
114
|
+
| `mxnet` | `*-symbol.json`, `*-NNNN.params` | E3, PR #923 | graph reference traversal and metadata payload recovery |
|
|
115
|
+
| `nemo` | `.nemo` tar archives | E3, PR #919 | multi-config precedence and malformed member combinations |
|
|
116
|
+
| `jinja2_template` | tokenizer configs, YAML, templates, GGUF metadata | E3, PR #920 | cache preservation and GGUF metadata extraction failures |
|
|
117
|
+
| `skops` | `.skops` ZIP archives | E3 | JSON schema variations and duplicate member precedence |
|
|
118
|
+
| `torchserve_mar` | `.mar` archives | E3 | manifest schema roots and handler AST edge cases |
|
|
119
|
+
| `oci_layer` | OCI `.manifest` | E3 | manifest schema roots, local-vs-remote layer resolution |
|
|
120
|
+
| `zip` | generic ZIP/NPZ/MAR fallback | E3 | unsupported member failure semantics and cleanup |
|
|
121
|
+
| `tar` | tar families | E3 | unsupported member failure semantics and cleanup |
|
|
122
|
+
| `sevenzip` | `.7z` | E3 | nested routing parity with ZIP/TAR |
|
|
123
|
+
| `compressed` | `.gz`, `.bz2`, `.xz`, `.lz4`, `.zlib` | E3 | wrapper extension inference and temporary cleanup |
|
|
124
|
+
| `manifest` | model/config manifests | E3, PR #922 | JSON/YAML/TOML malformed roots and nested scanning |
|
|
125
|
+
| `metadata` | model cards/docs/text | E1 | secret/security pattern false positives and truncation |
|
|
126
|
+
| `text` | general text docs | E0 | duplicate responsibility with metadata/manifest |
|
|
127
|
+
| `pmml` | `.pmml` | E3 | XML parse boundaries and extension payload recovery |
|
|
128
|
+
| `paddle` | `.pdmodel`, `.pdiparams` | E3, PR #925 | protobuf/op descriptor parse failures |
|
|
129
|
+
| `cntk` | `.dnn`, `.cmf` | E3 | split reference tracking and malformed binary handling |
|
|
130
|
+
| `rknn` | `.rknn` | E1 | marker and string extraction bounds |
|
|
131
|
+
| `torch7` | `.t7`, `.th`, `.net` | E1 | legacy serialization parse failures |
|
|
132
|
+
| `r_serialized` | `.rds`, `.rda`, `.rdata` | E1 | format header variants and string extraction bounds |
|
|
133
|
+
| `executorch` | `.ptl`, `.pte` | E1 | archive/table parse failures and nested payloads |
|
|
134
|
+
| `tensorrt` | `.engine`, `.plan`, `.trt` | E3 | plugin marker matrix and binary truncation |
|
|
135
|
+
| `llamafile` | `.llamafile`, `.exe`, extensionless | E1 | executable header routing and model payload boundaries |
|
|
136
|
+
| `weight_distribution` | optional secondary analysis | E0 | optional dependency isolation and non-security failure behavior |
|
|
137
|
+
|
|
138
|
+
## Current Findings and PR Ledger
|
|
139
|
+
|
|
140
|
+
Recent concrete fixes from this audit stream:
|
|
141
|
+
|
|
142
|
+
| PR | Component | Finding | Status |
|
|
143
|
+
| ---- | ----------------- | ---------------------------------------------------------------------------------------------------------------------------------- | -------------------- |
|
|
144
|
+
| #917 | Keras H5 | Malformed config/training config could be treated as clean or wrong security failure instead of inconclusive coverage | Open, review pending |
|
|
145
|
+
| #918 | Keras ZIP | Malformed `config.json` structures could scan clean or crash as the wrong failure type | Open, review pending |
|
|
146
|
+
| #919 | NeMo | Top-level YAML lists were not traversed for Hydra `_target_`; malformed/scalar configs looked like missing config | Open, review pending |
|
|
147
|
+
| #920 | Jinja2 template | Malformed tokenizer/YAML configs swallowed parse failures and returned "No templates found"; raw visible SSTI payloads were missed | Open, review pending |
|
|
148
|
+
| #922 | Manifest | `.config` INI manifests with section headers could skip structured parsing and lose URL/hash checks | Open, review pending |
|
|
149
|
+
| #923 | MXNet | Malformed symbol artifacts needed routing into fail-closed scanner outcomes instead of aggregate clean/unknown results | Open, review pending |
|
|
150
|
+
| #924 | CatBoost | Corrupt declared-section scans fail closed as inconclusive instead of returning incomplete coverage as clean | Open, review pending |
|
|
151
|
+
| #925 | Paddle | Suspicious Paddle code indicators are warnings, preserving signal without escalating review-only findings to errors | Open, review pending |
|
|
152
|
+
| #926 | Native code tests | Expanded native-code detection regression coverage and benign executable-suffix near-match negatives | Open, review pending |
|
|
153
|
+
|
|
154
|
+
Earlier open PRs from the same boundary-hardening campaign include #901 and
|
|
155
|
+
#907 through #916. All open PR entries remain provisional until CI and review
|
|
156
|
+
complete; treat them as evidence of audited findings, not landed behavior.
|
|
157
|
+
|
|
158
|
+
## Audit Workflow
|
|
159
|
+
|
|
160
|
+
Each iteration should do the following:
|
|
161
|
+
|
|
162
|
+
1. Sync from `main` and check open PR CI/review state.
|
|
163
|
+
2. Pick one high-risk component from the inventory, preferring E0/E1 items and
|
|
164
|
+
parser/routing boundaries that can create clean false negatives.
|
|
165
|
+
3. Reproduce a concrete failure before editing.
|
|
166
|
+
4. Patch the narrow behavior with existing architecture patterns.
|
|
167
|
+
5. Add typed, deterministic tests:
|
|
168
|
+
- malicious positive
|
|
169
|
+
- benign near-match negative
|
|
170
|
+
- malformed/unsupported structure
|
|
171
|
+
- aggregate exit-code semantics
|
|
172
|
+
- cache semantics when safety metadata is involved
|
|
173
|
+
6. Run targeted tests, then the canonical validation gate from `AGENTS.md`.
|
|
174
|
+
7. Update this ledger with the finding, evidence level, residual risk, and PR.
|
|
175
|
+
8. Open or update a PR.
|
|
176
|
+
|
|
177
|
+
## High-Risk Backlog
|
|
178
|
+
|
|
179
|
+
1. `manifest_scanner`: structured config parser failures and unsupported roots.
|
|
180
|
+
Check JSON/YAML/TOML/INI parse behavior, nested list roots, and whether
|
|
181
|
+
malformed AIML manifests can return clean.
|
|
182
|
+
2. `torchserve_mar_scanner`: manifest schema roots and parse errors. Verify that
|
|
183
|
+
handler AST findings and manifest failures preserve security precedence.
|
|
184
|
+
3. `oci_layer_scanner`: manifest schema roots and local-vs-remote layer
|
|
185
|
+
resolution. Confirm remote URLs cannot be treated as local layers and local
|
|
186
|
+
malformed manifests fail closed.
|
|
187
|
+
4. `mxnet_scanner`: symbol JSON schema and metadata payload traversal. Verify
|
|
188
|
+
list/dict roots, malformed JSON, and encoded payload recovery.
|
|
189
|
+
5. `xgboost_scanner`: JSON/UBJSON parse failures and subprocess isolation.
|
|
190
|
+
Confirm malformed model configs cannot hide suspicious attributes.
|
|
191
|
+
6. `tf_savedmodel` and `tf_metagraph`: protobuf parse budgets, attr truncation,
|
|
192
|
+
and function references.
|
|
193
|
+
7. `llamafile`, `rknn`, `torch7`, `r_serialized`: binary string extraction
|
|
194
|
+
bounds and malformed file semantics.
|
|
195
|
+
8. Cross-cutting cache tests for all inconclusive scanner families.
|
|
196
|
+
9. SARIF/CLI/asset output consistency for inconclusive scans with and without
|
|
197
|
+
security findings.
|
|
198
|
+
|
|
199
|
+
## Notes Log
|
|
200
|
+
|
|
201
|
+
### 2026-04-10
|
|
202
|
+
|
|
203
|
+
- Established this repo-wide audit ledger and proof standard.
|
|
204
|
+
- Confirmed loop mode is enabled for continued audit iterations.
|
|
205
|
+
- Current strongest recurring defect class: structured parser failures or
|
|
206
|
+
unsupported root shapes collapsing into clean scans. Fixed examples exist in
|
|
207
|
+
Keras H5, Keras ZIP, NeMo, and Jinja2 template scanners.
|
|
208
|
+
- Next recommended target: `manifest_scanner`, because it owns many AIML config
|
|
209
|
+
filenames and parses several structured formats.
|
|
@@ -58,8 +58,8 @@ Out of scope:
|
|
|
58
58
|
|
|
59
59
|
1. Routing and registration
|
|
60
60
|
|
|
61
|
-
- Add scanner entry
|
|
62
|
-
- Add `.mlmodel` mapping to extension detection.
|
|
61
|
+
- Add scanner metadata entry.
|
|
62
|
+
- Add `.mlmodel` mapping to descriptor-owned extension detection.
|
|
63
63
|
- Ensure scanner priority is above generic manifest/text handling.
|
|
64
64
|
|
|
65
65
|
1. Optional deep-validation path
|
|
@@ -55,8 +55,8 @@ Out of scope:
|
|
|
55
55
|
1. Routing and integration
|
|
56
56
|
|
|
57
57
|
- Register scanner with proper priority relative to manifest/text scanners.
|
|
58
|
-
- Add extension mapping entries for selected MXNet artifacts.
|
|
59
|
-
- Ensure lazy
|
|
58
|
+
- Add descriptor-owned extension mapping entries for selected MXNet artifacts.
|
|
59
|
+
- Ensure lazy exports resolve from scanner metadata.
|
|
60
60
|
|
|
61
61
|
1. Robustness
|
|
62
62
|
|
|
@@ -31,8 +31,8 @@ Out of scope:
|
|
|
31
31
|
## Deliverables
|
|
32
32
|
|
|
33
33
|
- `modelaudit/scanners/torchserve_mar_scanner.py`
|
|
34
|
-
- Registry
|
|
35
|
-
-
|
|
34
|
+
- Registry metadata in `modelaudit/scanner_registry_metadata.py`
|
|
35
|
+
- Descriptor-owned extension detection updates
|
|
36
36
|
- Unit tests under `tests/scanners/test_torchserve_mar_scanner.py`
|
|
37
37
|
- Fixture allowlist update in `tests/conftest.py`
|
|
38
38
|
- User docs and changelog updates
|
|
@@ -84,8 +84,8 @@ Out of scope:
|
|
|
84
84
|
1. Registry and routing
|
|
85
85
|
|
|
86
86
|
- Add scanner registration entry with priority before generic ZIP scanner.
|
|
87
|
-
-
|
|
88
|
-
- Add extension mapping for `.mar` in `EXTENSION_FORMAT_MAP`.
|
|
87
|
+
- Ensure lazy exports resolve from scanner metadata.
|
|
88
|
+
- Add extension mapping for `.mar` in `modelaudit/scanner_registry_metadata.py` `EXTENSION_FORMAT_MAP`.
|
|
89
89
|
- Ensure fallback behavior keeps `.mar` from being treated as unknown.
|
|
90
90
|
|
|
91
91
|
1. Performance and resilience
|
|
@@ -2,6 +2,8 @@
|
|
|
2
2
|
|
|
3
3
|
from typing import Any
|
|
4
4
|
|
|
5
|
+
from modelaudit.scanner_results import INCONCLUSIVE_SCAN_OUTCOME
|
|
6
|
+
|
|
5
7
|
_OPERATIONAL_ERROR_INDICATORS = (
|
|
6
8
|
"error during scan",
|
|
7
9
|
"error checking file size",
|
|
@@ -33,6 +35,14 @@ _OPERATIONAL_ERROR_INDICATORS = (
|
|
|
33
35
|
|
|
34
36
|
def should_cache_scan_result(scan_result: dict[str, Any]) -> bool:
|
|
35
37
|
"""Return True when a scan result is stable enough to cache safely."""
|
|
38
|
+
metadata = scan_result.get("metadata")
|
|
39
|
+
if isinstance(metadata, dict) and (
|
|
40
|
+
bool(metadata.get("operational_error"))
|
|
41
|
+
or bool(metadata.get("analysis_incomplete"))
|
|
42
|
+
or metadata.get("scan_outcome") == INCONCLUSIVE_SCAN_OUTCOME
|
|
43
|
+
):
|
|
44
|
+
return False
|
|
45
|
+
|
|
36
46
|
for collection_name in ("issues", "checks"):
|
|
37
47
|
collection = scan_result.get(collection_name)
|
|
38
48
|
if not isinstance(collection, list):
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
"""Shared constants for ModelAudit."""
|
|
2
|
+
|
|
3
|
+
from ..scanner_registry_metadata import get_registered_scanner_extensions
|
|
4
|
+
|
|
5
|
+
# Extensions that ModelAudit can route to a scanner.
|
|
6
|
+
SCANNABLE_MODEL_EXTENSIONS: frozenset[str] = frozenset(get_registered_scanner_extensions())
|
|
7
|
+
|
|
8
|
+
# Subset of core model extensions used for license checking (lower risk, common formats)
|
|
9
|
+
COMMON_MODEL_EXTENSIONS: frozenset[str] = frozenset(
|
|
10
|
+
{
|
|
11
|
+
".pkl",
|
|
12
|
+
".joblib",
|
|
13
|
+
".pt",
|
|
14
|
+
".pth",
|
|
15
|
+
".onnx",
|
|
16
|
+
".pb",
|
|
17
|
+
".h5",
|
|
18
|
+
".keras",
|
|
19
|
+
".safetensors",
|
|
20
|
+
}
|
|
21
|
+
)
|