modelaudit 0.2.39__tar.gz → 0.2.41__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {modelaudit-0.2.39 → modelaudit-0.2.41}/.github/markdown-link-check-config.json +3 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/.github/workflows/release-please.yml +9 -9
- modelaudit-0.2.41/.release-please-manifest.json +4 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/AGENTS.md +12 -1
- {modelaudit-0.2.39 → modelaudit-0.2.41}/CHANGELOG.md +200 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/Dockerfile +1 -1
- {modelaudit-0.2.39 → modelaudit-0.2.41}/Dockerfile.full +1 -1
- {modelaudit-0.2.39 → modelaudit-0.2.41}/Dockerfile.tensorflow +5 -3
- {modelaudit-0.2.39 → modelaudit-0.2.41}/PKG-INFO +27 -2
- {modelaudit-0.2.39 → modelaudit-0.2.41}/README.md +26 -1
- {modelaudit-0.2.39 → modelaudit-0.2.41}/SECURITY.md +2 -1
- {modelaudit-0.2.39 → modelaudit-0.2.41}/THIRD_PARTY_NOTICES.md +1 -1
- modelaudit-0.2.41/docs/agents/release-process.md +151 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/framework/api_def_pb2.py +2 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/framework/attr_value_pb2.py +4 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/framework/cost_graph_pb2.py +3 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/framework/cpp_shape_inference_pb2.py +4 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/framework/dataset_options_pb2.py +2 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/framework/dataset_pb2.py +4 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/framework/function_pb2.py +4 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/framework/graph_pb2.py +5 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/framework/graph_transfer_info_pb2.py +2 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/framework/kernel_def_pb2.py +2 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/framework/log_memory_pb2.py +2 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/framework/node_def_pb2.py +3 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/framework/op_def_pb2.py +5 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/framework/optimized_function_graph_pb2.py +3 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/framework/resource_handle_pb2.py +3 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/framework/step_stats_pb2.py +3 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/framework/tensor_description_pb2.py +4 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/framework/tensor_pb2.py +4 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/protobuf/composite_tensor_variant_pb2.py +2 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/protobuf/debug_event_pb2.py +3 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/protobuf/fingerprint_pb2.py +2 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/protobuf/meta_graph_pb2.py +10 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/protobuf/named_tensor_pb2.py +2 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/protobuf/remote_tensor_handle_pb2.py +3 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/protobuf/rewriter_config_pb2.py +3 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/protobuf/saved_model_pb2.py +2 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/protobuf/saved_object_graph_pb2.py +8 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/protobuf/service_config_pb2.py +2 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/protobuf/snapshot_pb2.py +4 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/protobuf/struct_pb2.py +4 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/protobuf/tensor_bundle_pb2.py +5 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/protobuf/trackable_object_graph_pb2.py +2 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/telemetry.py +132 -62
- modelaudit-0.2.41/packages/modelaudit-picklescan/AGENTS.md +103 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/packages/modelaudit-picklescan/CHANGELOG.md +69 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/packages/modelaudit-picklescan/Cargo.lock +2 -2
- {modelaudit-0.2.39 → modelaudit-0.2.41}/packages/modelaudit-picklescan/Cargo.toml +1 -1
- modelaudit-0.2.41/packages/modelaudit-picklescan/README.md +185 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/packages/modelaudit-picklescan/pyproject.toml +1 -1
- modelaudit-0.2.41/packages/modelaudit-picklescan/rust/src/policy.rs +1190 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/packages/modelaudit-picklescan/rust/src/stack.rs +187 -3
- {modelaudit-0.2.39 → modelaudit-0.2.41}/packages/modelaudit-picklescan/rust/src/state.rs +2633 -151
- {modelaudit-0.2.39 → modelaudit-0.2.41}/packages/modelaudit-picklescan/rust/src/strings.rs +146 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/packages/modelaudit-picklescan/src/modelaudit_picklescan/api.py +132 -1
- modelaudit-0.2.41/packages/modelaudit-picklescan/src/modelaudit_picklescan/call_graph.py +2686 -0
- modelaudit-0.2.41/packages/modelaudit-picklescan/tests/test_adversarial_pickle_oracle.py +6681 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/packages/modelaudit-picklescan/tests/test_api.py +1362 -3
- modelaudit-0.2.41/packages/modelaudit-picklescan/tests/test_call_graph_click.py +131 -0
- modelaudit-0.2.41/packages/modelaudit-picklescan/tests/test_call_graph_execnet.py +124 -0
- modelaudit-0.2.41/packages/modelaudit-picklescan/tests/test_call_graph_import_statements.py +6902 -0
- modelaudit-0.2.41/packages/modelaudit-picklescan/tests/test_call_graph_instance_defaults.py +244 -0
- modelaudit-0.2.41/packages/modelaudit-picklescan/tests/test_call_graph_local_imports.py +131 -0
- modelaudit-0.2.41/packages/modelaudit-picklescan/tests/test_call_graph_six.py +305 -0
- modelaudit-0.2.41/packages/modelaudit-picklescan/tests/test_call_graph_tkinter.py +184 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/packages/modelaudit-picklescan/tests/test_rust_engine.py +59 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/packages/modelaudit-picklescan/uv.lock +1 -1
- {modelaudit-0.2.39 → modelaudit-0.2.41}/pyproject.toml +1 -1
- modelaudit-0.2.41/requirements-tensorflow.txt +4 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/scripts/compile_tensorflow_protos.sh +7 -2
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/conftest.py +8 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_tar_scanner.py +42 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_zip_scanner.py +42 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_pytorch_zip_detection.py +33 -17
- modelaudit-0.2.41/tests/test_release_workflow.py +123 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_telemetry.py +221 -16
- {modelaudit-0.2.39 → modelaudit-0.2.41}/uv.lock +5 -5
- modelaudit-0.2.39/.release-please-manifest.json +0 -4
- modelaudit-0.2.39/docs/agents/release-process.md +0 -91
- modelaudit-0.2.39/packages/modelaudit-picklescan/README.md +0 -79
- modelaudit-0.2.39/packages/modelaudit-picklescan/rust/src/policy.rs +0 -276
- modelaudit-0.2.39/packages/modelaudit-picklescan/tests/test_adversarial_pickle_oracle.py +0 -302
- {modelaudit-0.2.39 → modelaudit-0.2.41}/.dockerignore +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/.editorconfig +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/.gitattributes +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/.github/CODEOWNERS +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/.github/ISSUE_TEMPLATE/bug_report.yml +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/.github/ISSUE_TEMPLATE/feature_request.yml +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/.github/PULL_REQUEST_TEMPLATE.md +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/.github/workflows/README.md +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/.github/workflows/codeql.yml +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/.github/workflows/docker-image-test.yml +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/.github/workflows/docker-publish.yml +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/.github/workflows/docs-check.yml +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/.github/workflows/nightly.yml +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/.github/workflows/perf.yml +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/.github/workflows/test.yml +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/.github/workflows/validate-pr-title.yml +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/.gitignore +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/.mailmap +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/.modelaudit.toml.example +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/.prettierignore +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/CLAUDE.md +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/CODE_OF_CONDUCT.md +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/CONTRIBUTING.md +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/LICENSE +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/MAINTAINERS.md +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/MANIFEST.in +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/RULES.md +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/SUPPORT.md +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/codecov.yml +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/docker-compose.yml +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/docker-entrypoint.sh +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/docs/agents/architecture.md +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/docs/agents/dependencies.md +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/docs/agents/new-scanner-quickstart.md +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/docs/agents/picklescan-package-split.md +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/docs/maintainers/cve-process.md +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/docs/maintainers/dependency-policy.md +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/docs/maintainers/scanner-cve-coverage.md +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/docs/maintainers/triage-playbook.md +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/docs/security/threat-model.md +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/docs/user/compatibility-matrix.md +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/docs/user/metadata-extraction.md +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/docs/user/offline-air-gapped.md +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/docs/user/scanner-selection.md +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/docs/user/security-model.md +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/__init__.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/__main__.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/analysis/__init__.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/analysis/anomaly_detector.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/analysis/enhanced_pattern_detector.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/analysis/entropy_analyzer.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/analysis/framework_patterns.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/analysis/integrated_analyzer.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/analysis/ml_context_analyzer.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/analysis/opcode_sequence_analyzer.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/analysis/semantic_analyzer.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/analysis/unified_context.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/auth/__init__.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/auth/client.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/auth/config.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/cache/__init__.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/cache/adaptive_cache_keys.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/cache/batch_operations.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/cache/cache_manager.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/cache/cache_policy.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/cache/optimized_config.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/cache/scan_results_cache.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/cache/trusted_config_store.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/cli.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/config/__init__.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/config/constants.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/config/data/spdx_licenses.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/config/explanations.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/config/generated_keras_layers.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/config/local_config.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/config/name_blacklist.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/config/rule_config.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/core.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/core_results.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/detectors/__init__.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/detectors/cve_patterns.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/detectors/jit_script.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/detectors/network_comm.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/detectors/secrets.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/detectors/suspicious_symbols.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/integrations/__init__.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/integrations/jfrog.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/integrations/license_checker.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/integrations/mlflow.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/integrations/sarif_formatter.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/integrations/sbom_generator.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/metadata_extractor.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/models.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/progress/__init__.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/progress/base.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/progress/console.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/progress/file.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/progress/hooks.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/progress/multi_phase.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/LICENSE +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/NOTICE +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/__init__.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/py.typed +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/__init__.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/__init__.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/framework/__init__.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/framework/allocation_description_pb2.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/framework/dataset_metadata_pb2.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/framework/device_attributes_pb2.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/framework/full_type_pb2.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/framework/graph_debug_info_pb2.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/framework/model_pb2.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/framework/reader_base_pb2.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/framework/tensor_shape_pb2.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/framework/tensor_slice_pb2.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/framework/types_pb2.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/framework/variable_pb2.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/framework/versions_pb2.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/protobuf/__init__.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/protobuf/cluster_pb2.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/protobuf/control_flow_pb2.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/protobuf/core_platform_payloads_pb2.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/protobuf/critical_section_pb2.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/protobuf/data_service_pb2.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/protobuf/debug_pb2.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/protobuf/device_filters_pb2.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/protobuf/device_properties_pb2.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/protobuf/saver_pb2.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/protobuf/transport_options_pb2.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/protos/tensorflow/core/protobuf/verifier_config_pb2.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/py.typed +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/rule_catalog.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/rules.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanner_registry_metadata.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanner_results.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanner_selection.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/__init__.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/_archive_config.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/_archive_locations.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/_archive_outcomes.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/_evidence_redaction.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/_string_extraction.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/archive_dispatch.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/archive_member_security.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/base.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/catboost_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/cntk_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/compressed_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/coreml_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/executorch_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/flax_msgpack_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/gguf_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/jax_checkpoint_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/jinja2_template_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/joblib_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/keras_h5_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/keras_utils.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/keras_zip_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/lightgbm_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/llamafile_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/manifest_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/metadata_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/mxnet_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/nemo_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/numpy_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/oci_layer_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/onnx_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/openvino_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/paddle_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/pickle_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/picklescan_adapter.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/pmml_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/pytorch_binary_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/pytorch_zip_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/pytorch_zip_support/__init__.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/pytorch_zip_support/archive_members.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/r_serialized_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/rar_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/rknn_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/rule_mapper.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/safetensors_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/sevenzip_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/skops_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/tar_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/tensorrt_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/text_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/tf_metagraph_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/tf_savedmodel_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/tflite_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/torch7_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/torchserve_mar_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/weight_distribution_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/xgboost_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/scanners/zip_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/utils/__init__.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/utils/_path_hardening.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/utils/auto_defaults.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/utils/file/__init__.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/utils/file/_compression.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/utils/file/detection.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/utils/file/filtering.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/utils/file/handlers.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/utils/file/large_file_handler.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/utils/file/streaming.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/utils/helpers/__init__.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/utils/helpers/assets.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/utils/helpers/auto_defaults.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/utils/helpers/cache_decorator.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/utils/helpers/code_validation.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/utils/helpers/disk_space.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/utils/helpers/file_hash.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/utils/helpers/file_iterator.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/utils/helpers/interrupt_handler.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/utils/helpers/ml_context.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/utils/helpers/result_conversion.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/utils/helpers/retry.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/utils/helpers/secure_hasher.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/utils/helpers/types.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/utils/lfs.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/utils/model_extensions.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/utils/sources/__init__.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/utils/sources/_huggingface_cache.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/utils/sources/cloud_storage.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/utils/sources/dvc.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/utils/sources/huggingface.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/utils/sources/huggingface_paths.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/utils/sources/jfrog.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/utils/sources/pytorch_hub.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/utils/tensorflow_compat.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/version.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/whitelists/__init__.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/whitelists/huggingface_organizations.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/modelaudit/whitelists/huggingface_popular.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/package-lock.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/package.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/packages/modelaudit-picklescan/rust/README.md +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/packages/modelaudit-picklescan/rust/src/expansion.rs +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/packages/modelaudit-picklescan/rust/src/lib.rs +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/packages/modelaudit-picklescan/rust/src/nested.rs +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/packages/modelaudit-picklescan/rust/src/nested_surface.rs +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/packages/modelaudit-picklescan/rust/src/opcode.rs +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/packages/modelaudit-picklescan/rust/src/options.rs +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/packages/modelaudit-picklescan/rust/src/post_budget.rs +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/packages/modelaudit-picklescan/rust/src/pybridge.rs +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/packages/modelaudit-picklescan/rust/src/report.rs +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/packages/modelaudit-picklescan/rust/src/strings_policy.rs +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/packages/modelaudit-picklescan/src/modelaudit_picklescan/__init__.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/packages/modelaudit-picklescan/src/modelaudit_picklescan/options.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/packages/modelaudit-picklescan/src/modelaudit_picklescan/py.typed +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/packages/modelaudit-picklescan/src/modelaudit_picklescan/report.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/packages/modelaudit-picklescan/tests/conftest.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/packages/modelaudit-picklescan/tests/parity_corpus.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/packages/modelaudit-picklescan/tests/test_import_boundary.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/packages/modelaudit-picklescan/tests/test_native_interface.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/packages/modelaudit-picklescan/tests/test_options.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/packages/modelaudit-picklescan/tests/test_report.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/pyproject.toml.example +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/release-please-config.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/renovate.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/scripts/README.md +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/scripts/benchmark_report.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/scripts/check_circular_imports.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/scripts/fetch_hf_org_models.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/scripts/fetch_hf_top_models.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/scripts/generate_keras_layer_inventory.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/scripts/jax_flax_scanning_demo.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/scripts/large_pickle_corpus_qa.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/scripts/minimal_circular_check.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/scripts/profile_scan.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/__init__.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/analysis/test_analysis_modules.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/analysis/test_anomaly_detector.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/analysis/test_enhanced_pattern_detector.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/analysis/test_entropy_analyzer.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/analysis/test_framework_patterns.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/analysis/test_ml_context_analyzer.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/analysis/test_opcode_sequence_analyzer.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/analysis/test_unified_context.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/exploits/exploit1_basic_torch_bypass.pkl +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/exploits/exploit2_advanced_torch_bypass.pkl +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/exploits/exploit3_sophisticated_hybrid.pkl +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/exploits/exploit4_supply_chain_attack.pkl +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/exploits/exploit5_ultra_high_confidence.pkl +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/exploits/exploit6_ordereddict_bypass.pkl +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/exploits/exploit7_nested_collections.pkl +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/exploits/exploit9_manual_construction.pkl +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/exploits/exploit_ultimate_50pct.pkl +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/generators/generate_7z_test_assets.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/generators/generate_advanced_pickle_tests.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/generators/generate_evil_pickle.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/generators/generate_jinja2_test_assets.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/generators/generate_nested_pickle_assets.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/generators/generate_os_alias_tests.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/generators/generate_safe_nested_assets.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/generators/generate_safetensors_assets.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/generators/generate_security_assets.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/pickles/memo_attack.pkl +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/pickles/multiple_stream_attack.pkl +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/pickles/nt_alias_attack.pkl +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/pickles/posix_alias_attack.pkl +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/pickles/stack_global_attack.pkl +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/archives/path_traversal.zip +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/archives/safe_model.zip +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/jinja2/benign/chatml_format.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/jinja2/benign/complex_legitimate.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/jinja2/benign/conditional_system.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/jinja2/benign/huggingface_llama.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/jinja2/benign/simple_roles.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/jinja2/benign/special_tokens.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/jinja2/edge_cases/empty_template.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/jinja2/edge_cases/malformed_template.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/jinja2/edge_cases/multiple_templates.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/jinja2/edge_cases/no_template.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/jinja2/edge_cases/oversized_template.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/jinja2/malicious/attr_bypass.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/jinja2/malicious/combined_attack.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/jinja2/malicious/config_exploit.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/jinja2/malicious/cve_2024_34359_original.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/jinja2/malicious/direct_eval.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/jinja2/malicious/env_extraction.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/jinja2/malicious/file_access.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/jinja2/malicious/hex_bypass.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/jinja2/malicious/loop_discovery.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/jinja2/malicious/network_exfil.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/jinja2/malicious/request_exploit.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/jinja2/malicious/subprocess_injection.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/jinja2/obfuscated/base64_payload.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/jinja2/obfuscated/char_construction.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/jinja2/obfuscated/format_bypass.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/jinja2/obfuscated/getattr_bypass.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/jinja2/standalone/benign_chat.j2 +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/jinja2/standalone/malicious_standalone.jinja +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/jinja2/standalone/malicious_subprocess.template +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/jinja2/standalone/suspicious_benign.template +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/jinja2/yaml/malicious_config.yaml +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/jinja2/yaml/model_config.yaml +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/keras/custom_layer_attack.h5 +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/keras/loss_injection.h5 +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/keras/malicious_lambda.h5 +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/keras/metric_injection.h5 +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/keras/safe_model.h5 +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/manifests/safe_config.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/manifests/suspicious_config.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/pickles/decode_exec_chain.pkl +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/pickles/dill_func.pkl +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/pickles/malicious_model_realistic.pkl +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/pickles/malicious_system_call.pkl +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/pickles/nested_pickle_base64.pkl +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/pickles/nested_pickle_hex.pkl +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/pickles/nested_pickle_multistage.pkl +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/pickles/nested_pickle_raw.pkl +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/pickles/safe_data.pkl +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/pickles/safe_large_model.pkl +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/pickles/safe_model_with_binary.pkl +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/pickles/safe_model_with_encoding.pkl +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/pickles/safe_model_with_tokens.pkl +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/pickles/safe_nested_structure.pkl +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/pickles/simple_nested.pkl +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/pipeline.skops +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/pytorch/malicious_eval.pt +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/pytorch/safe_model.pt +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/safetensors/malicious_import.safetensors +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/safetensors/safe_model.safetensors +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/tensorflow/malicious_pyfunc/saved_model.pb +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/samples/tensorflow/safe_savedmodel/saved_model.pb +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/scenarios/license_scenarios/agpl_component/agpl_model.pkl +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/scenarios/license_scenarios/agpl_component/neural_network.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/scenarios/license_scenarios/mit_model/config.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/scenarios/license_scenarios/mit_model/model.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/scenarios/license_scenarios/mit_model/model_weights.pkl +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/scenarios/license_scenarios/mixed_licenses/LICENSE +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/scenarios/license_scenarios/mixed_licenses/apache_component.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/scenarios/license_scenarios/mixed_licenses/dataset_cc_nc.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/scenarios/license_scenarios/mixed_licenses/gpl_utility.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/scenarios/license_scenarios/mixed_licenses/mixed_model.pkl +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/scenarios/license_scenarios/unlicensed_dataset/embeddings.npy +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/scenarios/license_scenarios/unlicensed_dataset/features.csv +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/scenarios/license_scenarios/unlicensed_dataset/training_data.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/scenarios/security_scenarios/mixed_malicious_model/config.json +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/assets/scenarios/security_scenarios/mixed_malicious_model/model.pkl +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/benchmarks/test_picklescan_benchmarks.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/benchmarks/test_scan_benchmarks.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/cache/__init__.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/cache/test_cache_correctness.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/cache/test_optimized_config.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/cli_output.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/config/__init__.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/config/test_name_blacklist.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/demo_license_functionality.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/detectors/test_builtin_detection.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/detectors/test_compile_eval_variants.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/detectors/test_cve_detection.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/detectors/test_jit_script_detector.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/detectors/test_network_comm_detector.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/detectors/test_runpy_detection.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/detectors/test_secrets_detector.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/detectors/test_suspicious_symbols.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/helpers/__init__.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/helpers/file_creators.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/helpers/frameworks.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/integrations/test_jfrog.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/integrations/test_jfrog_integration.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/integrations/test_license_checker.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/integrations/test_license_integration.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/integrations/test_mlflow_integration.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/integrations/test_sarif_formatter.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/integrations/test_sbom_license_integration.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/integrations/test_sbom_url_fixes.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/progress/__init__.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/progress/test_base.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_base_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_catboost_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_cntk_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_compressed_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_coreml_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_executorch_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_flax_msgpack_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_gguf_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_jax_checkpoint_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_jinja2_template_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_joblib_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_joblib_scanner_codecs.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_keras_h5_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_keras_zip_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_lightgbm_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_llamafile_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_manifest_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_metadata_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_mxnet_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_nemo_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_numpy_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_oci_layer_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_onnx_dependency_handling.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_onnx_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_openvino_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_paddle_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_pickle_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_picklescan_adapter.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_pmml_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_pytorch_binary_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_pytorch_zip_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_r_serialized_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_rknn_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_rule_code_registry_consistency.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_rule_mapper.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_safetensors_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_scanner_registry.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_sevenzip_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_skops_content_analysis.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_skops_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_tensorrt_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_tf_metagraph_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_tf_savedmodel_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_tflite_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_torch7_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_torchserve_mar_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_weight_distribution_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scanners/test_xgboost_scanner.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/scripts/test_large_pickle_corpus_qa.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_asset_inventory_integration.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_asset_list.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_auth_config.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_basic.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_benchmark_report.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_bug1_confidence_exploit.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_cache_cli.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_cache_optimizations.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_checks_recording.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_cli.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_cli_cache_dir.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_cli_default_command.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_cli_file_filtering.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_cli_license_integration.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_cli_logging_handlers.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_cli_output.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_cloud_url_detection.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_committed_fixture_hygiene.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_core.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_core_asset_extraction.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_cve_2025_10155_bin_pickle.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_debug_command.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_dill_joblib_enhanced.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_directory_file_filtering.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_double_interrupt.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_exit_codes.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_false_positive_fixes.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_file_hash.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_gguf_sbom_integration.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_graceful_degradation.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_header_discrepancy.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_huggingface_extensions.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_huggingface_symlinks.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_importlib_detection.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_integration.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_jax_flax_integration.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_jit_script_integration.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_lazy_loading.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_lazy_loading_integration.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_manifest_name_policy.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_metadata_extractor.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_models.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_nested_pickle_integration.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_network_comm_integration.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_os_alias_detection.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_os_subprocess_detection.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_path_traversal.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_performance_benchmarks.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_pickle_context_filtering.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_progress.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_pydantic_models.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_python_version_warning.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_real_world_dill_joblib.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_regression_corpus.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_regular_scan_hash.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_rules.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_safetensors_optimization.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_scanner_selection.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_secure_hasher.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_security_asset_integration.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_security_enhancements.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_shebang_context.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_simple_jinja2.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_sklearn_joblib_false_positive.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_streaming_scan.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_telemetry_decoupling.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_tensorflow_lambda_detection.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_timeout_configuration.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_utils.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_weak_hash_detection.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_webbrowser_detection.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_why_explanations.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/test_xdist_status.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/utils/__init__.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/utils/file/__init__.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/utils/file/test_advanced_file_handler.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/utils/file/test_advanced_size_limits.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/utils/file/test_file_filter.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/utils/file/test_file_type_validation_integration.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/utils/file/test_filetype.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/utils/file/test_integration_file_type_demo.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/utils/file/test_large_file_handler.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/utils/file/test_streaming_analysis.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/utils/file/test_streaming_preview.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/utils/helpers/test_asset_from_scan_result.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/utils/helpers/test_auto_defaults.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/utils/helpers/test_code_validation.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/utils/helpers/test_disk_space.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/utils/helpers/test_file_iterator.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/utils/helpers/test_interrupt_handling.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/utils/helpers/test_ml_context_false_positives.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/utils/helpers/test_py_compile_improvements.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/utils/helpers/test_secure_hasher.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/utils/sources/test_cloud_storage.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/utils/sources/test_dvc_integration.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/utils/sources/test_huggingface.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/utils/sources/test_pytorch_hub.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/utils/test_lfs.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/utils/test_result_conversion.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/whitelists/__init__.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/whitelists/test_combined.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/whitelists/test_huggingface_popular.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/whitelists/test_organizations.py +0 -0
- {modelaudit-0.2.39 → modelaudit-0.2.41}/tests/xdist_status.py +0 -0
|
@@ -565,24 +565,24 @@ jobs:
|
|
|
565
565
|
- name: Build standalone package sdist
|
|
566
566
|
if: matrix.build-sdist == 'true'
|
|
567
567
|
run: |
|
|
568
|
-
uv build --sdist --out-dir
|
|
568
|
+
uv build --sdist --out-dir dist
|
|
569
569
|
|
|
570
570
|
- name: Build standalone package manylinux wheel
|
|
571
571
|
if: runner.os == 'Linux'
|
|
572
572
|
uses: PyO3/maturin-action@e83996d129638aa358a18fbd1dfb82f0b0fb5d3b # v1
|
|
573
573
|
with:
|
|
574
574
|
command: build
|
|
575
|
-
args: --release --out
|
|
575
|
+
args: --release --out dist
|
|
576
576
|
manylinux: "2_28"
|
|
577
577
|
working-directory: packages/modelaudit-picklescan
|
|
578
578
|
|
|
579
579
|
- name: Build standalone package wheel
|
|
580
580
|
if: runner.os != 'Linux'
|
|
581
581
|
run: |
|
|
582
|
-
uv build --wheel --out-dir
|
|
582
|
+
uv build --wheel --out-dir dist
|
|
583
583
|
|
|
584
584
|
- name: Validate standalone package metadata
|
|
585
|
-
run: uvx twine check
|
|
585
|
+
run: uvx twine check dist/*
|
|
586
586
|
|
|
587
587
|
- name: Verify standalone artifact version consistency
|
|
588
588
|
run: |
|
|
@@ -590,10 +590,10 @@ jobs:
|
|
|
590
590
|
EXPECTED_VERSION="${{ needs.release-please.outputs.picklescan_version }}"
|
|
591
591
|
|
|
592
592
|
shopt -s nullglob
|
|
593
|
-
artifacts=(
|
|
593
|
+
artifacts=(dist/modelaudit_picklescan-*.whl dist/modelaudit_picklescan-*.tar.gz)
|
|
594
594
|
if [[ ${#artifacts[@]} -eq 0 ]]; then
|
|
595
595
|
echo "ERROR: Expected at least one modelaudit_picklescan artifact"
|
|
596
|
-
ls -la
|
|
596
|
+
ls -la dist/
|
|
597
597
|
exit 1
|
|
598
598
|
fi
|
|
599
599
|
|
|
@@ -654,10 +654,10 @@ jobs:
|
|
|
654
654
|
fi
|
|
655
655
|
|
|
656
656
|
shopt -s nullglob
|
|
657
|
-
picklescan_wheels=(
|
|
657
|
+
picklescan_wheels=(dist/modelaudit_picklescan-*.whl)
|
|
658
658
|
if [[ ${#picklescan_wheels[@]} -ne 1 ]]; then
|
|
659
659
|
echo "ERROR: Expected exactly 1 modelaudit_picklescan wheel artifact, found ${#picklescan_wheels[@]}"
|
|
660
|
-
ls -la
|
|
660
|
+
ls -la dist/
|
|
661
661
|
exit 1
|
|
662
662
|
fi
|
|
663
663
|
|
|
@@ -685,7 +685,7 @@ jobs:
|
|
|
685
685
|
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
|
|
686
686
|
with:
|
|
687
687
|
name: modelaudit-picklescan-dist-${{ matrix.artifact-suffix }}
|
|
688
|
-
path: /
|
|
688
|
+
path: packages/modelaudit-picklescan/dist/
|
|
689
689
|
|
|
690
690
|
publish-pypi:
|
|
691
691
|
if: needs.release-please.outputs.release_created == 'true'
|
|
@@ -9,6 +9,17 @@ This is the single source of truth for all AI coding agents (Claude, Gemini, oth
|
|
|
9
9
|
- Keep instructions universal and minimal; lean on deterministic tools (ruff, mypy, pytest, prettier) rather than embedding style rules.
|
|
10
10
|
- When unsure, ask or fetch targeted context instead of expanding instructions.
|
|
11
11
|
|
|
12
|
+
### Monorepo at a glance
|
|
13
|
+
|
|
14
|
+
This repo publishes **two PyPI packages with independent versions**:
|
|
15
|
+
|
|
16
|
+
| PyPI name | Path | Version file | CHANGELOG |
|
|
17
|
+
| ----------------------- | --------------------------------- | ------------------------------- | --------------------------------------------- |
|
|
18
|
+
| `modelaudit` | `./` (root) | `pyproject.toml` + `uv.lock` | `CHANGELOG.md` |
|
|
19
|
+
| `modelaudit-picklescan` | `packages/modelaudit-picklescan/` | `pyproject.toml` + `Cargo.toml` | `packages/modelaudit-picklescan/CHANGELOG.md` |
|
|
20
|
+
|
|
21
|
+
Root `modelaudit` hard-requires `modelaudit-picklescan>=0.1.0,<0.2.0` — when the sibling crosses `0.2.0`, bump the constraint in the same PR or the next `modelaudit` release is uninstallable. Both packages are driven by a single `release-please` workflow (`.github/workflows/release-please.yml`) with components defined in `release-please-config.json` and current versions in `.release-please-manifest.json`. Full publishing details — trusted publishing, manual `workflow_dispatch` recovery (`root_version` / `picklescan_version`), and yank procedure — are in [`docs/agents/release-process.md`](docs/agents/release-process.md). For work inside the picklescan package, start from [`packages/modelaudit-picklescan/AGENTS.md`](packages/modelaudit-picklescan/AGENTS.md).
|
|
22
|
+
|
|
12
23
|
## Mission & Principles
|
|
13
24
|
|
|
14
25
|
- **Security first:** Never weaken detections or bypass safeguards.
|
|
@@ -184,7 +195,7 @@ modelaudit/
|
|
|
184
195
|
└── CHANGELOG.md # Keep a Changelog format
|
|
185
196
|
```
|
|
186
197
|
|
|
187
|
-
Key docs: `docs/agents/architecture.md`, `docs/agents/dependencies.md`, `docs/agents/release-process.md`, `docs/agents/new-scanner-quickstart.md`.
|
|
198
|
+
Key docs: `docs/agents/architecture.md`, `docs/agents/dependencies.md`, `docs/agents/release-process.md`, `docs/agents/new-scanner-quickstart.md`, `docs/agents/picklescan-package-split.md`, `packages/modelaudit-picklescan/AGENTS.md`.
|
|
188
199
|
|
|
189
200
|
## README.md Content Guidelines
|
|
190
201
|
|
|
@@ -5,6 +5,31 @@ All notable changes to this project will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [0.2.41](https://github.com/promptfoo/modelaudit/compare/v0.2.40...v0.2.41) (2026-04-27)
|
|
9
|
+
|
|
10
|
+
### Bug Fixes
|
|
11
|
+
|
|
12
|
+
- **ci:** skip POSIX proof cases on Windows ([#1072](https://github.com/promptfoo/modelaudit/issues/1072)) ([bfa17a3](https://github.com/promptfoo/modelaudit/commit/bfa17a3e152cd178c5d1fdbfec55dd3f124778ef))
|
|
13
|
+
- **docker:** add apt-get clean and pinned pip constraints to Dockerfile.tensorflow ([#1079](https://github.com/promptfoo/modelaudit/issues/1079)) ([8d9f9b7](https://github.com/promptfoo/modelaudit/commit/8d9f9b7c628ae05cdccf5d8eb480eea89f551e8d))
|
|
14
|
+
- harden picklescan call graph RCE detection ([#1061](https://github.com/promptfoo/modelaudit/issues/1061)) ([19c4fc4](https://github.com/promptfoo/modelaudit/commit/19c4fc487b4758462ac2107a3f3e59463e5d888b))
|
|
15
|
+
- harden picklescan stdlib callable detection ([f0f57b4](https://github.com/promptfoo/modelaudit/commit/f0f57b47f3355bea008a48779dbd856e6f550ec7))
|
|
16
|
+
- improve test isolation, reduce duplication, and fix command injection risk in test suite ([#1078](https://github.com/promptfoo/modelaudit/issues/1078)) ([3867c83](https://github.com/promptfoo/modelaudit/commit/3867c83b2dd0d5ab6a83b650c28d64122a675dea))
|
|
17
|
+
- **picklescan:** avoid call-graph false positives for PyTorch storage IDs ([#1069](https://github.com/promptfoo/modelaudit/issues/1069)) ([e75ed24](https://github.com/promptfoo/modelaudit/commit/e75ed249948558864d8f56882a02f1327323205d))
|
|
18
|
+
- silence stale CodeQL generated import alerts ([#1080](https://github.com/promptfoo/modelaudit/issues/1080)) ([9530740](https://github.com/promptfoo/modelaudit/commit/9530740312725d051a41f7f2a405280ee2be4c62))
|
|
19
|
+
- **telemetry:** stabilize modelaudit identity ([#1071](https://github.com/promptfoo/modelaudit/issues/1071)) ([592a656](https://github.com/promptfoo/modelaudit/commit/592a65672ac58e0b89eb50a54614e736b60c6741))
|
|
20
|
+
|
|
21
|
+
### Documentation
|
|
22
|
+
|
|
23
|
+
- improve PyPI READMEs ([#1057](https://github.com/promptfoo/modelaudit/issues/1057)) ([1cfb27d](https://github.com/promptfoo/modelaudit/commit/1cfb27de814125470d1e1a38eec03a83d79ff3d9))
|
|
24
|
+
|
|
25
|
+
## [0.2.40](https://github.com/promptfoo/modelaudit/compare/v0.2.39...v0.2.40) (2026-04-17)
|
|
26
|
+
|
|
27
|
+
### Bug Fixes
|
|
28
|
+
|
|
29
|
+
- add manual release recovery path ([aeea2da](https://github.com/promptfoo/modelaudit/commit/aeea2da68099f42a2fae68a50fff9e64e5e2f86f))
|
|
30
|
+
- avoid duplicate manylinux compatibility tag ([412677f](https://github.com/promptfoo/modelaudit/commit/412677f00e6a24b3471d9f14a36ef2b9405e5067))
|
|
31
|
+
- persist manylinux picklescan artifacts ([346bb3f](https://github.com/promptfoo/modelaudit/commit/346bb3f048b646c69573812a08ffd23342843658))
|
|
32
|
+
|
|
8
33
|
## [0.2.39](https://github.com/promptfoo/modelaudit/compare/v0.2.38...v0.2.39) (2026-04-17)
|
|
9
34
|
|
|
10
35
|
### Bug Fixes
|
|
@@ -66,6 +91,169 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
66
91
|
|
|
67
92
|
### Added
|
|
68
93
|
|
|
94
|
+
- **security:** detect `mailcap.findmatch` pickle call targets that can execute
|
|
95
|
+
attacker-controlled mailcap `test` commands on Python versions that still
|
|
96
|
+
provide `mailcap`
|
|
97
|
+
- **security:** detect `setuptools._distutils.spawn.spawn` pickle call targets
|
|
98
|
+
that can execute attacker-controlled subprocess command lists when
|
|
99
|
+
`setuptools` is installed
|
|
100
|
+
- **security:** detect `pipes.Template` pickle call targets that can execute
|
|
101
|
+
attacker-controlled shell pipelines on Python versions that still provide
|
|
102
|
+
`pipes`
|
|
103
|
+
- **security:** resolve module-level bound-method aliases and same-module
|
|
104
|
+
constructor call paths in pickle call-graph analysis so process-dispatch
|
|
105
|
+
wrappers are blocked
|
|
106
|
+
- **security:** resolve dangerous `six.moves` compatibility aliases, including
|
|
107
|
+
vendored `six` copies, in pickle call-graph analysis so subprocess, pickle
|
|
108
|
+
deserializer, and builtin execution wrappers are blocked
|
|
109
|
+
- **security:** resolve constructor-default sink aliases assigned to instance
|
|
110
|
+
attributes in pickle call-graph analysis so wrappers like Botocore credential
|
|
111
|
+
process providers are blocked
|
|
112
|
+
- **security:** resolve sink defaults forwarded through `super().__init__` in
|
|
113
|
+
pickle call-graph analysis so async credential process wrappers are blocked
|
|
114
|
+
- **security:** resolve parameter-fed function-local class instance aliases in
|
|
115
|
+
pickle call-graph analysis so wrapper functions like `click.edit` are blocked
|
|
116
|
+
- **security:** resolve function-local import aliases in pickle call-graph
|
|
117
|
+
analysis so wrappers that import RCE sinks inside function bodies are blocked
|
|
118
|
+
- **security:** preserve callable invocation aliases when import-reference
|
|
119
|
+
metadata is crowded, while ignoring uninvoked nested function and lambda
|
|
120
|
+
bodies during pickle call-graph analysis
|
|
121
|
+
- **security:** detect `typing._eval_type` pickle call targets that can
|
|
122
|
+
evaluate attacker-controlled `ForwardRef` expressions
|
|
123
|
+
- **security:** detect `dataclasses._create_fn` pickle call targets that can
|
|
124
|
+
execute attacker-controlled generated Python source
|
|
125
|
+
- **security:** detect `typing.get_type_hints` pickle call targets that can
|
|
126
|
+
evaluate attacker-controlled annotation strings
|
|
127
|
+
- **security:** detect public `operator.call` pickle call targets that can
|
|
128
|
+
invoke attacker-controlled callables
|
|
129
|
+
- **security:** detect `builtins.map` pickle call targets that can lazily
|
|
130
|
+
invoke attacker-controlled callables when iterated
|
|
131
|
+
- **security:** detect `itertools.starmap` pickle call targets that can lazily
|
|
132
|
+
invoke attacker-controlled callables when iterated
|
|
133
|
+
- **security:** detect `builtins.filter` pickle call targets that can lazily
|
|
134
|
+
invoke attacker-controlled callables when iterated
|
|
135
|
+
- **security:** detect `types.MethodType` pickle call targets that can
|
|
136
|
+
synthesize attacker-controlled bound methods for later invocation
|
|
137
|
+
- **security:** detect `types.DynamicClassAttribute.__get__` pickle call
|
|
138
|
+
targets that can invoke attacker-controlled descriptor getters
|
|
139
|
+
- **security:** detect `functools.cached_property.__get__` pickle call targets
|
|
140
|
+
that can invoke attacker-controlled cached-property getters
|
|
141
|
+
- **security:** detect `functools.cmp_to_key` pickle call targets that can
|
|
142
|
+
invoke attacker-controlled comparators during rich comparison
|
|
143
|
+
- **security:** detect `logging.Filterer.filter` pickle call targets that can
|
|
144
|
+
invoke attacker-controlled logging filter callbacks
|
|
145
|
+
- **security:** detect `inspect.getmembers` pickle call targets that can
|
|
146
|
+
invoke attacker-controlled descriptors during introspection
|
|
147
|
+
- **security:** detect `builtins.hasattr` pickle call targets that can invoke
|
|
148
|
+
attacker-controlled descriptors during attribute-existence checks
|
|
149
|
+
- **security:** detect `__del__` finalizer string seeds that can execute
|
|
150
|
+
attacker-controlled methods when pickle-built objects are dropped
|
|
151
|
+
- **security:** detect `__eq__` rich-comparison string seeds that can execute
|
|
152
|
+
attacker-controlled methods during equality checks
|
|
153
|
+
- **security:** detect `__lt__`, `__le__`, `__gt__`, `__ge__`, and `__ne__`
|
|
154
|
+
rich-comparison string seeds that can execute attacker-controlled methods
|
|
155
|
+
during ordering checks
|
|
156
|
+
- **security:** detect `__contains__` membership string seeds that can execute
|
|
157
|
+
attacker-controlled methods during containment checks
|
|
158
|
+
- **security:** detect `__setitem__` item-assignment string seeds that can
|
|
159
|
+
execute attacker-controlled methods during item mutation
|
|
160
|
+
- **security:** detect `__getitem__` and `__delitem__` item-protocol string
|
|
161
|
+
seeds that can execute attacker-controlled methods during item access
|
|
162
|
+
- **security:** detect binary arithmetic and bitwise dunder string seeds that
|
|
163
|
+
can execute attacker-controlled methods during operator dispatch
|
|
164
|
+
- **security:** detect reflected and in-place binary operator dunder string
|
|
165
|
+
seeds that can execute attacker-controlled methods during operator dispatch
|
|
166
|
+
- **security:** detect unary operator dunder string seeds that can execute
|
|
167
|
+
attacker-controlled methods during operator dispatch
|
|
168
|
+
- **security:** detect context-manager entry dunder string seeds and
|
|
169
|
+
`contextlib.ExitStack.enter_context` pickle call targets that can invoke
|
|
170
|
+
attacker-controlled `__enter__` methods
|
|
171
|
+
- **security:** detect iteration protocol dunder string seeds that can execute
|
|
172
|
+
attacker-controlled methods during builtin iteration dispatch
|
|
173
|
+
- **security:** detect numeric rounding protocol dunder string seeds that can
|
|
174
|
+
execute attacker-controlled methods during rounding helper dispatch
|
|
175
|
+
- **security:** detect descriptor setup and numeric coercion dunder string
|
|
176
|
+
seeds that can execute attacker-controlled methods during class creation
|
|
177
|
+
- **security:** detect presentation and size protocol dunder string seeds that
|
|
178
|
+
can execute attacker-controlled methods during common builtin dispatch
|
|
179
|
+
- **security:** detect PathLike `__fspath__` dunder string seeds that can
|
|
180
|
+
route attacker-controlled paths into file APIs during pickle loading
|
|
181
|
+
- **security:** detect direct pickle calls to stdlib file-write sinks such as
|
|
182
|
+
`pathlib.Path.write_text`, `io.open`, and `_io.FileIO`
|
|
183
|
+
- **security:** detect pickle calls to logging file handlers and emit/handle
|
|
184
|
+
dispatch methods that can write attacker-controlled startup hooks
|
|
185
|
+
- **security:** detect pickle calls to `argparse.FileType` and high-level
|
|
186
|
+
logging stream dispatch methods that can write attacker-controlled startup
|
|
187
|
+
hooks
|
|
188
|
+
- **security:** detect pickle calls to NumPy text writers that can write
|
|
189
|
+
attacker-controlled startup hooks
|
|
190
|
+
- **security:** detect pickle calls to `python-dotenv` key writers that can
|
|
191
|
+
write attacker-controlled startup hooks
|
|
192
|
+
- **security:** detect pickle globals whose Python call graph reaches known
|
|
193
|
+
RCE-capable source primitives such as `os.execvpe`
|
|
194
|
+
- **security:** detect pickle globals whose Python call graph pairs file-open
|
|
195
|
+
and file-write wrappers that can create executable startup hooks
|
|
196
|
+
- **security:** resolve pickle-imported Python class globals through bounded
|
|
197
|
+
constructor and object-method call graph entrypoints
|
|
198
|
+
- **security:** detect public `io.FileIO` and `io.TextIOWrapper.write` aliases
|
|
199
|
+
for blocked `_io` file-writing primitives
|
|
200
|
+
- **security:** detect builtin namespace dictionary access that can recover
|
|
201
|
+
blocked primitives through mapping lookups
|
|
202
|
+
- **security:** detect dotted pickle global aliases that resolve to blocked
|
|
203
|
+
source primitives such as `os.system`
|
|
204
|
+
- **security:** detect concrete `pathlib` path writer aliases and module
|
|
205
|
+
namespace dictionary recovery for modules with blocked globals
|
|
206
|
+
- **security:** detect module namespace and `__builtins__` access used for
|
|
207
|
+
dynamic builtin recovery
|
|
208
|
+
- **security:** detect `string.Formatter.get_field` pickle call targets that
|
|
209
|
+
can traverse attacker-controlled field expressions into callable objects
|
|
210
|
+
- **security:** detect `unittest.mock._get_target` pickle call targets that
|
|
211
|
+
can manufacture delayed `pkgutil.resolve_name` resolver partials
|
|
212
|
+
- **security:** detect descriptor getter pickle call targets that can bind
|
|
213
|
+
recovered function descriptors and expose builtin namespaces
|
|
214
|
+
- **security:** detect wrapper and method descriptor getter pickle call targets
|
|
215
|
+
that can bind recovered slot wrappers for dynamic attribute access
|
|
216
|
+
- **security:** detect global references to attribute-access and function
|
|
217
|
+
namespace source methods used for dynamic builtin recovery
|
|
218
|
+
- **security:** detect object subclass enumeration globals that can recover
|
|
219
|
+
loaded process capabilities without direct imports
|
|
220
|
+
- **security:** detect garbage collector object-graph globals that can recover
|
|
221
|
+
hidden namespaces and loaded process capabilities
|
|
222
|
+
- **security:** detect frame-introspection globals and frame namespace
|
|
223
|
+
descriptor getters used for dynamic builtin recovery
|
|
224
|
+
- **security:** detect callable `__call__` aliases of blocked pickle globals
|
|
225
|
+
used to invoke hidden RCE source primitives
|
|
226
|
+
- **security:** detect wrapper `__get__` and `__self__` aliases of blocked
|
|
227
|
+
pickle globals used to recover hidden RCE source primitives
|
|
228
|
+
- **security:** detect attribute aliases under blocked pickle global prefixes
|
|
229
|
+
used to recover hidden RCE source primitives
|
|
230
|
+
- **security:** detect pickle calls to PyYAML unsafe loaders that can execute
|
|
231
|
+
attacker-controlled Python constructors
|
|
232
|
+
- **security:** detect pickle calls to `codecs.open` and codec stream writes
|
|
233
|
+
that can write attacker-controlled startup hooks
|
|
234
|
+
- **security:** detect pickle calls to durable tempfile creation and CSV
|
|
235
|
+
`DictWriter` row dispatch that can write attacker-controlled startup hooks
|
|
236
|
+
- **security:** detect pickle calls to mailbox single-file `add` dispatch
|
|
237
|
+
methods that can write attacker-controlled startup hooks
|
|
238
|
+
- **security:** detect pickle calls to `_tkinter` Tcl interpreter dispatch
|
|
239
|
+
methods that can execute local commands
|
|
240
|
+
- **security:** detect high-level `tkinter.Misc` pickle call targets that can
|
|
241
|
+
forward attacker-controlled commands into Tcl interpreter dispatch
|
|
242
|
+
- **security:** detect pickle calls to `_xxsubinterpreters.run_string` that
|
|
243
|
+
can execute attacker-controlled Python source
|
|
244
|
+
- **security:** detect `builtins.staticmethod` pickle call targets that can
|
|
245
|
+
synthesize callable descriptors for later invocation
|
|
246
|
+
- **security:** detect `builtins.property.__get__` pickle call targets that
|
|
247
|
+
can invoke attacker-controlled property getters during descriptor access
|
|
248
|
+
- **security:** detect `builtins.classmethod.__get__` pickle call targets that
|
|
249
|
+
can synthesize attacker-controlled bound methods during descriptor access
|
|
250
|
+
- **security:** detect `_functools.partial` pickle call targets that can
|
|
251
|
+
synthesize private-alias partial callables for later invocation
|
|
252
|
+
- **security:** detect `_functools.reduce` pickle call targets that can invoke
|
|
253
|
+
attacker-controlled reducer callables through the private CPython alias
|
|
254
|
+
- **security:** detect `functools.cache`, `functools.lru_cache`, and
|
|
255
|
+
`functools.singledispatch` pickle call targets that can synthesize callable
|
|
256
|
+
wrappers around attacker-controlled functions for later invocation
|
|
69
257
|
- **cli:** add scanner selection with `--scanners`, `--exclude-scanner`, and `--list-scanners` wired into core routing, nested dispatch, remote prefilters, and scan metadata; selection-suppressed preferred scanners emit a stderr warning and populate `scanner_selection.suppressed_preferred_scanner_ids`, and unknown scanner names suggest the closest match
|
|
70
258
|
- **pickle:** replace the standalone pickle scanner's package-engine selector with the Rust-only runtime and explicit native-extension errors
|
|
71
259
|
- **pickle:** scan PyTorch ZIP checkpoint pickle members directly in the standalone pickle scanner
|
|
@@ -78,6 +266,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
78
266
|
|
|
79
267
|
### Changed
|
|
80
268
|
|
|
269
|
+
- **telemetry:** persist ModelAudit distinct IDs in Promptfoo's global config
|
|
270
|
+
format (creating `~/.promptfoo/promptfoo.yaml` if absent and migrating any
|
|
271
|
+
legacy `~/.modelaudit/user_config.json` ID) and include `isRunningInCi` on
|
|
272
|
+
analytics payloads, with presence-based detection for marker-style providers
|
|
273
|
+
(TeamCity, CodeBuild, Bitbucket, Jenkins)
|
|
81
274
|
- **docs:** align public README and compatibility guidance with supported Python 3.10-3.13, TensorFlow extra requirements, supported formats, and telemetry sanitization behavior
|
|
82
275
|
- **security:** credit @mosebit for privately reporting a TensorRT native-code detection gap that helped harden native-code scanner coverage
|
|
83
276
|
- **security-policy:** clarify when low-impact scanner coverage gaps may be closed without publishing a public advisory while still crediting reporters
|
|
@@ -94,6 +287,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
94
287
|
|
|
95
288
|
### Fixed
|
|
96
289
|
|
|
290
|
+
- **pickle:** detect stdlib filesystem probe and process-state callables such as `pathlib` metadata methods, `decimal.setcontext`, and `gc.disable` during pickle scans, while keeping local container mutations clean and covering public `operator.setitem` registry poisoning plus target-aware `operator.imul` warning-filter mutation.
|
|
291
|
+
- **pickle:** detect public `operator.setitem` pickle calls, keep callable
|
|
292
|
+
invocation aliases ahead of import-reference budget exhaustion, dedupe repeated
|
|
293
|
+
invocation metadata before the reporting cap, preserve literal mapping-key
|
|
294
|
+
shadowing through `ChainMap`, block deeply wrapped `defaultdict` factories,
|
|
295
|
+
and avoid outer-function call-graph false positives from nested function and
|
|
296
|
+
lambda bodies.
|
|
97
297
|
- **security:** prevent HuggingFace whitelist provenance from downgrading active payload, CVE, traversal, executable, operational-error, or incomplete-coverage findings. Exemptions now cover S1xx code-execution primitives (`S101`–`S115`) and HIGH-severity S3xx network primitives (`S301`/`S304`/`S305`/`S310`), and the keyword fallback uses word-boundary matching so substrings like "executable" inside "ExecuTorch" no longer over-suppress legitimate downgrades.
|
|
98
298
|
- **security:** scan generic ZIP/TAR/NPZ Python members and ZIP/TAR/NPZ executable members, including wildcard imports and callable rebindings while failing closed on malformed Python source. Findings carry accurate rule codes per risk category (`S101` for `os.system`/`os.popen`, `S103` for `subprocess.*`, `S104` for `eval`/`exec`, `S106` for `__import__`, `S107` for `importlib.import_module`, `S213` for `pickle.load`/`pickle.loads`) instead of a single catch-all, the ZIP path now honors `max_mar_python_analysis_bytes` for non-MAR Python members, and source bytes are parsed directly so PEP 263 encoding declarations are respected.
|
|
99
299
|
- **security:** bound PyTorch ZIP JIT/network member reads (default 32 MiB per-member cap, configurable via `max_jit_scan_member_bytes`) and mark oversized or unreadable member coverage inconclusive. Oversize and read-failure events are aggregated into a single summary INFO check per kind (with per-member detail in `details["entries"]`) so adversarial archives cannot flood the checks list, duplicate-name entries are de-duplicated by `ZipInfo` identity rather than filename so the second of two same-name members is still analyzed, directory entries are skipped explicitly, and pickle members continue through the bounded JIT/network pass so padded payloads remain covered beyond the pickle scanner raw window.
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
ARG PYTHON_IMAGE=python:3.13-slim@sha256:
|
|
1
|
+
ARG PYTHON_IMAGE=python:3.13-slim@sha256:a0779d7c12fc20be6ec6b4ddc901a4fd7657b8a6bc9def9d3fde89ed5efe0a3d
|
|
2
2
|
# Keep the major/minor version in sync with packages/modelaudit-picklescan/Cargo.toml rust-version.
|
|
3
3
|
ARG PICKLESCAN_RUST_TOOLCHAIN=1.83.0
|
|
4
4
|
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
ARG PYTHON_IMAGE=python:3.13-slim@sha256:
|
|
1
|
+
ARG PYTHON_IMAGE=python:3.13-slim@sha256:a0779d7c12fc20be6ec6b4ddc901a4fd7657b8a6bc9def9d3fde89ed5efe0a3d
|
|
2
2
|
# Keep the major/minor version in sync with packages/modelaudit-picklescan/Cargo.toml rust-version.
|
|
3
3
|
ARG PICKLESCAN_RUST_TOOLCHAIN=1.83.0
|
|
4
4
|
|
|
@@ -1,18 +1,20 @@
|
|
|
1
|
-
FROM python:3.
|
|
1
|
+
FROM python:3.12-slim@sha256:46cb7cc2877e60fbd5e21a9ae6115c30ace7a077b9f8772da879e4590c18c2e3
|
|
2
2
|
|
|
3
3
|
WORKDIR /app
|
|
4
4
|
|
|
5
5
|
# Pull in current Debian security fixes from the configured apt sources.
|
|
6
6
|
RUN apt-get update \
|
|
7
7
|
&& apt-get install --yes --no-install-recommends --only-upgrade libc-bin libc6 \
|
|
8
|
+
&& apt-get clean \
|
|
8
9
|
&& rm -rf /var/lib/apt/lists/*
|
|
9
10
|
|
|
10
11
|
# Copy only necessary files for installation
|
|
11
12
|
COPY pyproject.toml README.md ./
|
|
13
|
+
COPY requirements-tensorflow.txt ./
|
|
12
14
|
COPY modelaudit ./modelaudit
|
|
13
15
|
|
|
14
|
-
# Install the application with TensorFlow extras
|
|
15
|
-
RUN pip install --no-cache-dir ".[tensorflow]"
|
|
16
|
+
# Install the application with TensorFlow extras using pinned constraints
|
|
17
|
+
RUN pip install --no-cache-dir -c requirements-tensorflow.txt ".[tensorflow]"
|
|
16
18
|
|
|
17
19
|
# Create a non-root user
|
|
18
20
|
ARG UID=10001
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: modelaudit
|
|
3
|
-
Version: 0.2.
|
|
3
|
+
Version: 0.2.41
|
|
4
4
|
Summary: Static scanning library for detecting malicious code, potential backdoor indicators, and other security risks in ML model files
|
|
5
5
|
Project-URL: Repository, https://github.com/promptfoo/modelaudit
|
|
6
6
|
Project-URL: Homepage, https://github.com/promptfoo/modelaudit
|
|
@@ -130,11 +130,23 @@ Description-Content-Type: text/markdown
|
|
|
130
130
|
[](https://pypi.org/project/modelaudit/)
|
|
131
131
|
[](https://github.com/astral-sh/ruff)
|
|
132
132
|
[](https://github.com/promptfoo/modelaudit/blob/main/LICENSE)
|
|
133
|
+
[](https://github.com/promptfoo/modelaudit/security/policy)
|
|
133
134
|
|
|
134
135
|
<img width="989" alt="ModelAudit scan results" src="https://www.promptfoo.dev/img/docs/modelaudit/modelaudit-result.png" />
|
|
135
136
|
|
|
136
137
|
**[Full Documentation](https://www.promptfoo.dev/docs/model-audit/)** | **[Usage Examples](https://www.promptfoo.dev/docs/model-audit/usage/)** | **[Supported Formats](https://www.promptfoo.dev/docs/model-audit/scanners/)**
|
|
137
138
|
|
|
139
|
+
## Why ModelAudit
|
|
140
|
+
|
|
141
|
+
Models download from untrusted registries, pass through CI, and end up running in production. Traditional SAST tools do not look at pickle opcodes, HDF5 group layouts, ONNX proto graphs, or TensorFlow SavedModel signatures — ModelAudit does:
|
|
142
|
+
|
|
143
|
+
- **Scan statically.** No model is ever loaded, unpickled, or executed.
|
|
144
|
+
- **Cover the formats you actually ship.** 40+ scanners spanning pickle, PyTorch, SafeTensors, ONNX, TensorFlow, Keras, GGUF, archives, and configs.
|
|
145
|
+
- **Fit into CI.** Machine-readable output (JSON, SARIF), strict mode, exit codes, and [selectable scanners](https://github.com/promptfoo/modelaudit/blob/main/docs/user/scanner-selection.md).
|
|
146
|
+
- **Fail closed.** Truncated reads, exhausted budgets, and unsupported formats are reported as coverage gaps, not silent passes.
|
|
147
|
+
|
|
148
|
+
Comparable tools: [`picklescan`](https://github.com/mmaitre314/picklescan) (pickle only, Python-based), [`fickling`](https://github.com/trailofbits/fickling) (pickle only, AST-based), [`modelscan`](https://github.com/protectai/modelscan) (pickle + TensorFlow + Keras subset). ModelAudit is broader in coverage and ships a native Rust pickle engine via its companion package [`modelaudit-picklescan`](https://pypi.org/project/modelaudit-picklescan/).
|
|
149
|
+
|
|
138
150
|
## Quick Start
|
|
139
151
|
|
|
140
152
|
**Requires Python 3.10-3.13**
|
|
@@ -356,7 +368,8 @@ ModelAudit includes telemetry for product reliability and usage analytics.
|
|
|
356
368
|
- Collected metadata can include command usage, scan timing, scanner/file-type usage, issue severity/type aggregates, sanitized model names/references, and coarse metadata like file extension/domain.
|
|
357
369
|
- URL telemetry strips userinfo, query strings, and fragments from model references. Avoid putting credentials in model names, file names, or artifact paths when telemetry is enabled.
|
|
358
370
|
- Model files are scanned locally and ModelAudit does not upload model binary contents as telemetry events.
|
|
359
|
-
- Telemetry is disabled automatically
|
|
371
|
+
- Telemetry is disabled automatically when `CI=true` is set or `IS_TESTING=true` is set, and in editable development installs by default. Events that are sent from other CI providers (TeamCity, CodeBuild, Bitbucket Pipelines, Jenkins) are tagged with `isRunningInCi=true` so they can be filtered downstream.
|
|
372
|
+
- The anonymous user identifier is stored in `~/.promptfoo/promptfoo.yaml` for cross-tool correlation with [Promptfoo](https://www.promptfoo.dev/). Existing IDs from `~/.modelaudit/user_config.json` are migrated on first run after upgrade.
|
|
360
373
|
|
|
361
374
|
Opt out explicitly with either environment variable:
|
|
362
375
|
|
|
@@ -405,6 +418,18 @@ modelaudit model.pkl --format sarif --output results.sarif
|
|
|
405
418
|
- **[Offline/air-gapped guide](https://github.com/promptfoo/modelaudit/blob/main/docs/user/offline-air-gapped.md)** — secure operation without internet access
|
|
406
419
|
- **Troubleshooting** — run `modelaudit doctor --show-failed` to check scanner availability
|
|
407
420
|
|
|
421
|
+
## Related Packages
|
|
422
|
+
|
|
423
|
+
- **[`modelaudit-picklescan`](https://pypi.org/project/modelaudit-picklescan/)** — the standalone Rust-backed pickle scanner used by ModelAudit's pickle, PyTorch, ExecuTorch, and PyTorch-ZIP scanners. Install it directly if you only need pickle analysis (as a library, not a CLI) and do not want the full scanner bundle.
|
|
424
|
+
|
|
425
|
+
## Reporting Vulnerabilities
|
|
426
|
+
|
|
427
|
+
Do not open public issues for suspected vulnerabilities. See [SECURITY.md](https://github.com/promptfoo/modelaudit/blob/main/SECURITY.md) for coordinated disclosure.
|
|
428
|
+
|
|
429
|
+
## Contributing
|
|
430
|
+
|
|
431
|
+
Issues, feature requests, and PRs are welcome. See [CONTRIBUTING.md](https://github.com/promptfoo/modelaudit/blob/main/CONTRIBUTING.md).
|
|
432
|
+
|
|
408
433
|
## License
|
|
409
434
|
|
|
410
435
|
MIT License — see [LICENSE](https://github.com/promptfoo/modelaudit/blob/main/LICENSE) for details.
|
|
@@ -6,11 +6,23 @@
|
|
|
6
6
|
[](https://pypi.org/project/modelaudit/)
|
|
7
7
|
[](https://github.com/astral-sh/ruff)
|
|
8
8
|
[](https://github.com/promptfoo/modelaudit/blob/main/LICENSE)
|
|
9
|
+
[](https://github.com/promptfoo/modelaudit/security/policy)
|
|
9
10
|
|
|
10
11
|
<img width="989" alt="ModelAudit scan results" src="https://www.promptfoo.dev/img/docs/modelaudit/modelaudit-result.png" />
|
|
11
12
|
|
|
12
13
|
**[Full Documentation](https://www.promptfoo.dev/docs/model-audit/)** | **[Usage Examples](https://www.promptfoo.dev/docs/model-audit/usage/)** | **[Supported Formats](https://www.promptfoo.dev/docs/model-audit/scanners/)**
|
|
13
14
|
|
|
15
|
+
## Why ModelAudit
|
|
16
|
+
|
|
17
|
+
Models download from untrusted registries, pass through CI, and end up running in production. Traditional SAST tools do not look at pickle opcodes, HDF5 group layouts, ONNX proto graphs, or TensorFlow SavedModel signatures — ModelAudit does:
|
|
18
|
+
|
|
19
|
+
- **Scan statically.** No model is ever loaded, unpickled, or executed.
|
|
20
|
+
- **Cover the formats you actually ship.** 40+ scanners spanning pickle, PyTorch, SafeTensors, ONNX, TensorFlow, Keras, GGUF, archives, and configs.
|
|
21
|
+
- **Fit into CI.** Machine-readable output (JSON, SARIF), strict mode, exit codes, and [selectable scanners](https://github.com/promptfoo/modelaudit/blob/main/docs/user/scanner-selection.md).
|
|
22
|
+
- **Fail closed.** Truncated reads, exhausted budgets, and unsupported formats are reported as coverage gaps, not silent passes.
|
|
23
|
+
|
|
24
|
+
Comparable tools: [`picklescan`](https://github.com/mmaitre314/picklescan) (pickle only, Python-based), [`fickling`](https://github.com/trailofbits/fickling) (pickle only, AST-based), [`modelscan`](https://github.com/protectai/modelscan) (pickle + TensorFlow + Keras subset). ModelAudit is broader in coverage and ships a native Rust pickle engine via its companion package [`modelaudit-picklescan`](https://pypi.org/project/modelaudit-picklescan/).
|
|
25
|
+
|
|
14
26
|
## Quick Start
|
|
15
27
|
|
|
16
28
|
**Requires Python 3.10-3.13**
|
|
@@ -232,7 +244,8 @@ ModelAudit includes telemetry for product reliability and usage analytics.
|
|
|
232
244
|
- Collected metadata can include command usage, scan timing, scanner/file-type usage, issue severity/type aggregates, sanitized model names/references, and coarse metadata like file extension/domain.
|
|
233
245
|
- URL telemetry strips userinfo, query strings, and fragments from model references. Avoid putting credentials in model names, file names, or artifact paths when telemetry is enabled.
|
|
234
246
|
- Model files are scanned locally and ModelAudit does not upload model binary contents as telemetry events.
|
|
235
|
-
- Telemetry is disabled automatically
|
|
247
|
+
- Telemetry is disabled automatically when `CI=true` is set or `IS_TESTING=true` is set, and in editable development installs by default. Events that are sent from other CI providers (TeamCity, CodeBuild, Bitbucket Pipelines, Jenkins) are tagged with `isRunningInCi=true` so they can be filtered downstream.
|
|
248
|
+
- The anonymous user identifier is stored in `~/.promptfoo/promptfoo.yaml` for cross-tool correlation with [Promptfoo](https://www.promptfoo.dev/). Existing IDs from `~/.modelaudit/user_config.json` are migrated on first run after upgrade.
|
|
236
249
|
|
|
237
250
|
Opt out explicitly with either environment variable:
|
|
238
251
|
|
|
@@ -281,6 +294,18 @@ modelaudit model.pkl --format sarif --output results.sarif
|
|
|
281
294
|
- **[Offline/air-gapped guide](https://github.com/promptfoo/modelaudit/blob/main/docs/user/offline-air-gapped.md)** — secure operation without internet access
|
|
282
295
|
- **Troubleshooting** — run `modelaudit doctor --show-failed` to check scanner availability
|
|
283
296
|
|
|
297
|
+
## Related Packages
|
|
298
|
+
|
|
299
|
+
- **[`modelaudit-picklescan`](https://pypi.org/project/modelaudit-picklescan/)** — the standalone Rust-backed pickle scanner used by ModelAudit's pickle, PyTorch, ExecuTorch, and PyTorch-ZIP scanners. Install it directly if you only need pickle analysis (as a library, not a CLI) and do not want the full scanner bundle.
|
|
300
|
+
|
|
301
|
+
## Reporting Vulnerabilities
|
|
302
|
+
|
|
303
|
+
Do not open public issues for suspected vulnerabilities. See [SECURITY.md](https://github.com/promptfoo/modelaudit/blob/main/SECURITY.md) for coordinated disclosure.
|
|
304
|
+
|
|
305
|
+
## Contributing
|
|
306
|
+
|
|
307
|
+
Issues, feature requests, and PRs are welcome. See [CONTRIBUTING.md](https://github.com/promptfoo/modelaudit/blob/main/CONTRIBUTING.md).
|
|
308
|
+
|
|
284
309
|
## License
|
|
285
310
|
|
|
286
311
|
MIT License — see [LICENSE](https://github.com/promptfoo/modelaudit/blob/main/LICENSE) for details.
|
|
@@ -94,7 +94,7 @@ If a fix requires longer than the default window, we will negotiate an extension
|
|
|
94
94
|
|
|
95
95
|
## When we issue CVEs
|
|
96
96
|
|
|
97
|
-
We request CVE IDs through [GitHub's CVE Numbering Authority (CNA)](https://docs.github.com/
|
|
97
|
+
We request CVE IDs through [GitHub's CVE Numbering Authority (CNA)](https://docs.github.com/code-security/security-advisories/repository-security-advisories/about-repository-security-advisories) program. Not every security fix warrants a CVE.
|
|
98
98
|
|
|
99
99
|
**CVE issued:**
|
|
100
100
|
|
|
@@ -123,6 +123,7 @@ When in doubt, we err toward issuing a CVE.
|
|
|
123
123
|
**In scope:**
|
|
124
124
|
|
|
125
125
|
- The `modelaudit` Python package published on [PyPI](https://pypi.org/project/modelaudit/).
|
|
126
|
+
- The `modelaudit-picklescan` Python package published on [PyPI](https://pypi.org/project/modelaudit-picklescan/), including its bundled Rust pickle engine.
|
|
126
127
|
- The official Docker images.
|
|
127
128
|
- The GitHub Actions CI/CD workflows in the [modelaudit repository](https://github.com/promptfoo/modelaudit).
|
|
128
129
|
|
|
@@ -53,7 +53,7 @@ These are installed only when the corresponding extra is requested.
|
|
|
53
53
|
| onnx | `onnx` | Apache-2.0 | <https://onnx.ai/> |
|
|
54
54
|
| py7zr | `sevenzip` | LGPL-2.1+ | <https://github.com/miurahr/py7zr> |
|
|
55
55
|
| pybcj | `sevenzip` | LGPL-2.1+ | <https://github.com/miurahr/pybcj> |
|
|
56
|
-
| py-ubjson | `xgboost` | Apache-2.0 | <https://github.com/
|
|
56
|
+
| py-ubjson | `xgboost` | Apache-2.0 | <https://github.com/Iotic-Labs/py-ubjson> |
|
|
57
57
|
| pyppmd | `sevenzip` | LGPL-2.1+ | <https://github.com/miurahr/pyppmd> |
|
|
58
58
|
| safetensors | `safetensors` | Apache-2.0 | <https://github.com/huggingface/safetensors> |
|
|
59
59
|
| scikit-learn | `joblib` | BSD-3-Clause | <https://scikit-learn.org/> |
|