modelaudit 0.2.41__tar.gz → 0.2.43__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {modelaudit-0.2.41 → modelaudit-0.2.43}/.gitattributes +4 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/.github/workflows/docker-image-test.yml +6 -4
- {modelaudit-0.2.41 → modelaudit-0.2.43}/.github/workflows/release-please.yml +293 -0
- modelaudit-0.2.43/.release-please-manifest.json +4 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/CHANGELOG.md +155 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/PKG-INFO +3 -3
- {modelaudit-0.2.41 → modelaudit-0.2.43}/README.md +1 -1
- {modelaudit-0.2.41 → modelaudit-0.2.43}/docs/security/threat-model.md +1 -1
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/analysis/__init__.py +0 -1
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/analysis/entropy_analyzer.py +4 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/analysis/framework_patterns.py +0 -6
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/analysis/integrated_analyzer.py +2 -3
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/analysis/semantic_analyzer.py +48 -10
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/core.py +184 -104
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/detectors/cve_patterns.py +39 -29
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/detectors/jit_script.py +120 -28
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/detectors/network_comm.py +40 -7
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/detectors/secrets.py +5 -6
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/detectors/suspicious_symbols.py +1 -54
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanner_results.py +8 -1
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/__init__.py +2 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/archive_dispatch.py +58 -1
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/archive_member_security.py +118 -9
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/base.py +12 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/catboost_scanner.py +15 -3
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/cntk_scanner.py +4 -1
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/compressed_scanner.py +180 -27
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/coreml_scanner.py +7 -1
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/flax_msgpack_scanner.py +1 -1
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/gguf_scanner.py +21 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/jax_checkpoint_scanner.py +38 -19
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/jinja2_template_scanner.py +119 -56
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/joblib_scanner.py +2 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/lightgbm_scanner.py +6 -1
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/llamafile_scanner.py +100 -9
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/manifest_scanner.py +55 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/nemo_scanner.py +72 -31
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/onnx_scanner.py +85 -38
- modelaudit-0.2.43/modelaudit/scanners/paddle_scanner.py +255 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/pickle_scanner.py +40 -1
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/pmml_scanner.py +1 -1
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/pytorch_zip_scanner.py +328 -5
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/r_serialized_scanner.py +5 -1
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/rknn_scanner.py +5 -1
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/skops_scanner.py +77 -78
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/tf_savedmodel_scanner.py +167 -11
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/torch7_scanner.py +18 -4
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/torchserve_mar_scanner.py +52 -5
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/xgboost_scanner.py +269 -36
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/utils/file/detection.py +145 -21
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/utils/file/filtering.py +8 -20
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/utils/file/streaming.py +21 -13
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/CHANGELOG.md +46 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/Cargo.lock +1 -1
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/Cargo.toml +1 -1
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/README.md +1 -1
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/pyproject.toml +1 -1
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/rust/src/nested.rs +23 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/rust/src/policy.rs +22 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/rust/src/post_budget.rs +9 -1
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/rust/src/pybridge.rs +1 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/rust/src/stack.rs +7 -5
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/rust/src/state.rs +938 -79
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/src/modelaudit_picklescan/api.py +165 -21
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/src/modelaudit_picklescan/call_graph.py +154 -3
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/tests/test_api.py +405 -5
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/tests/test_call_graph_import_statements.py +1711 -225
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/uv.lock +1 -1
- {modelaudit-0.2.41 → modelaudit-0.2.43}/pyproject.toml +2 -2
- modelaudit-0.2.43/tests/analysis/test_analysis_modules.py +316 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/analysis/test_entropy_analyzer.py +38 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/analysis/test_framework_patterns.py +16 -3
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/conftest.py +2 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/detectors/test_cve_detection.py +33 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/detectors/test_jit_script_detector.py +82 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/detectors/test_network_comm_detector.py +36 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/detectors/test_secrets_detector.py +26 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/helpers/file_creators.py +18 -9
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_catboost_scanner.py +17 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_cntk_scanner.py +18 -1
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_compressed_scanner.py +180 -1
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_coreml_scanner.py +4 -2
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_gguf_scanner.py +101 -1
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_jax_checkpoint_scanner.py +97 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_jinja2_template_scanner.py +73 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_lightgbm_scanner.py +12 -1
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_llamafile_scanner.py +138 -1
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_manifest_scanner.py +91 -1
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_mxnet_scanner.py +24 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_nemo_scanner.py +68 -5
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_onnx_scanner.py +62 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_openvino_scanner.py +27 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_paddle_scanner.py +97 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_pickle_scanner.py +119 -1
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_pmml_scanner.py +34 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_pytorch_zip_scanner.py +366 -6
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_r_serialized_scanner.py +12 -1
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_rknn_scanner.py +12 -1
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_scanner_registry.py +50 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_skops_content_analysis.py +50 -35
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_skops_scanner.py +137 -21
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_tar_scanner.py +40 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_tf_savedmodel_scanner.py +135 -1
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_torch7_scanner.py +85 -1
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_torchserve_mar_scanner.py +79 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_xgboost_scanner.py +333 -10
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_zip_scanner.py +237 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_basic.py +3 -2
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_core.py +444 -2
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_core_asset_extraction.py +41 -22
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_directory_file_filtering.py +194 -1
- modelaudit-0.2.43/tests/test_docker_workflow.py +71 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_exit_codes.py +24 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_models.py +12 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_release_workflow.py +99 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_streaming_scan.py +6 -3
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/utils/file/test_file_filter.py +77 -3
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/utils/file/test_filetype.py +43 -18
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/utils/file/test_streaming_analysis.py +33 -8
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/utils/file/test_streaming_preview.py +16 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/uv.lock +2 -2
- modelaudit-0.2.41/.release-please-manifest.json +0 -4
- modelaudit-0.2.41/modelaudit/analysis/enhanced_pattern_detector.py +0 -411
- modelaudit-0.2.41/modelaudit/scanners/paddle_scanner.py +0 -141
- modelaudit-0.2.41/tests/analysis/test_analysis_modules.py +0 -111
- modelaudit-0.2.41/tests/analysis/test_enhanced_pattern_detector.py +0 -327
- {modelaudit-0.2.41 → modelaudit-0.2.43}/.dockerignore +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/.editorconfig +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/.github/CODEOWNERS +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/.github/ISSUE_TEMPLATE/bug_report.yml +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/.github/ISSUE_TEMPLATE/feature_request.yml +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/.github/PULL_REQUEST_TEMPLATE.md +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/.github/markdown-link-check-config.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/.github/workflows/README.md +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/.github/workflows/codeql.yml +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/.github/workflows/docker-publish.yml +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/.github/workflows/docs-check.yml +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/.github/workflows/nightly.yml +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/.github/workflows/perf.yml +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/.github/workflows/test.yml +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/.github/workflows/validate-pr-title.yml +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/.gitignore +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/.mailmap +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/.modelaudit.toml.example +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/.prettierignore +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/AGENTS.md +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/CLAUDE.md +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/CODE_OF_CONDUCT.md +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/CONTRIBUTING.md +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/Dockerfile +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/Dockerfile.full +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/Dockerfile.tensorflow +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/LICENSE +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/MAINTAINERS.md +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/MANIFEST.in +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/RULES.md +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/SECURITY.md +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/SUPPORT.md +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/THIRD_PARTY_NOTICES.md +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/codecov.yml +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/docker-compose.yml +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/docker-entrypoint.sh +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/docs/agents/architecture.md +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/docs/agents/dependencies.md +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/docs/agents/new-scanner-quickstart.md +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/docs/agents/picklescan-package-split.md +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/docs/agents/release-process.md +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/docs/maintainers/cve-process.md +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/docs/maintainers/dependency-policy.md +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/docs/maintainers/scanner-cve-coverage.md +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/docs/maintainers/triage-playbook.md +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/docs/user/compatibility-matrix.md +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/docs/user/metadata-extraction.md +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/docs/user/offline-air-gapped.md +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/docs/user/scanner-selection.md +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/docs/user/security-model.md +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/__init__.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/__main__.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/analysis/anomaly_detector.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/analysis/ml_context_analyzer.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/analysis/opcode_sequence_analyzer.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/analysis/unified_context.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/auth/__init__.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/auth/client.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/auth/config.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/cache/__init__.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/cache/adaptive_cache_keys.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/cache/batch_operations.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/cache/cache_manager.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/cache/cache_policy.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/cache/optimized_config.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/cache/scan_results_cache.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/cache/trusted_config_store.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/cli.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/config/__init__.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/config/constants.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/config/data/spdx_licenses.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/config/explanations.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/config/generated_keras_layers.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/config/local_config.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/config/name_blacklist.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/config/rule_config.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/core_results.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/detectors/__init__.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/integrations/__init__.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/integrations/jfrog.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/integrations/license_checker.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/integrations/mlflow.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/integrations/sarif_formatter.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/integrations/sbom_generator.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/metadata_extractor.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/models.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/progress/__init__.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/progress/base.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/progress/console.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/progress/file.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/progress/hooks.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/progress/multi_phase.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/LICENSE +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/NOTICE +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/__init__.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/py.typed +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/__init__.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/__init__.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/framework/__init__.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/framework/allocation_description_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/framework/api_def_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/framework/attr_value_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/framework/cost_graph_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/framework/cpp_shape_inference_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/framework/dataset_metadata_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/framework/dataset_options_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/framework/dataset_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/framework/device_attributes_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/framework/full_type_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/framework/function_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/framework/graph_debug_info_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/framework/graph_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/framework/graph_transfer_info_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/framework/kernel_def_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/framework/log_memory_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/framework/model_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/framework/node_def_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/framework/op_def_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/framework/optimized_function_graph_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/framework/reader_base_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/framework/resource_handle_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/framework/step_stats_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/framework/tensor_description_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/framework/tensor_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/framework/tensor_shape_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/framework/tensor_slice_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/framework/types_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/framework/variable_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/framework/versions_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/protobuf/__init__.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/protobuf/cluster_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/protobuf/composite_tensor_variant_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/protobuf/control_flow_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/protobuf/core_platform_payloads_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/protobuf/critical_section_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/protobuf/data_service_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/protobuf/debug_event_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/protobuf/debug_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/protobuf/device_filters_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/protobuf/device_properties_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/protobuf/fingerprint_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/protobuf/meta_graph_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/protobuf/named_tensor_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/protobuf/remote_tensor_handle_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/protobuf/rewriter_config_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/protobuf/saved_model_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/protobuf/saved_object_graph_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/protobuf/saver_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/protobuf/service_config_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/protobuf/snapshot_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/protobuf/struct_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/protobuf/tensor_bundle_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/protobuf/trackable_object_graph_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/protobuf/transport_options_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/protos/tensorflow/core/protobuf/verifier_config_pb2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/py.typed +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/rule_catalog.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/rules.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanner_registry_metadata.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanner_selection.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/_archive_config.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/_archive_locations.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/_archive_outcomes.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/_evidence_redaction.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/_string_extraction.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/executorch_scanner.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/keras_h5_scanner.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/keras_utils.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/keras_zip_scanner.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/metadata_scanner.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/mxnet_scanner.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/numpy_scanner.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/oci_layer_scanner.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/openvino_scanner.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/picklescan_adapter.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/pytorch_binary_scanner.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/pytorch_zip_support/__init__.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/pytorch_zip_support/archive_members.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/rar_scanner.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/rule_mapper.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/safetensors_scanner.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/sevenzip_scanner.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/tar_scanner.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/tensorrt_scanner.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/text_scanner.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/tf_metagraph_scanner.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/tflite_scanner.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/weight_distribution_scanner.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/scanners/zip_scanner.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/telemetry.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/utils/__init__.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/utils/_path_hardening.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/utils/auto_defaults.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/utils/file/__init__.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/utils/file/_compression.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/utils/file/handlers.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/utils/file/large_file_handler.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/utils/helpers/__init__.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/utils/helpers/assets.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/utils/helpers/auto_defaults.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/utils/helpers/cache_decorator.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/utils/helpers/code_validation.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/utils/helpers/disk_space.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/utils/helpers/file_hash.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/utils/helpers/file_iterator.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/utils/helpers/interrupt_handler.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/utils/helpers/ml_context.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/utils/helpers/result_conversion.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/utils/helpers/retry.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/utils/helpers/secure_hasher.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/utils/helpers/types.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/utils/lfs.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/utils/model_extensions.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/utils/sources/__init__.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/utils/sources/_huggingface_cache.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/utils/sources/cloud_storage.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/utils/sources/dvc.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/utils/sources/huggingface.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/utils/sources/huggingface_paths.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/utils/sources/jfrog.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/utils/sources/pytorch_hub.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/utils/tensorflow_compat.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/version.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/whitelists/__init__.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/whitelists/huggingface_organizations.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/modelaudit/whitelists/huggingface_popular.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/package-lock.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/package.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/AGENTS.md +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/rust/README.md +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/rust/src/expansion.rs +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/rust/src/lib.rs +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/rust/src/nested_surface.rs +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/rust/src/opcode.rs +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/rust/src/options.rs +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/rust/src/report.rs +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/rust/src/strings.rs +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/rust/src/strings_policy.rs +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/src/modelaudit_picklescan/__init__.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/src/modelaudit_picklescan/options.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/src/modelaudit_picklescan/py.typed +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/src/modelaudit_picklescan/report.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/tests/conftest.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/tests/parity_corpus.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/tests/test_adversarial_pickle_oracle.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/tests/test_call_graph_click.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/tests/test_call_graph_execnet.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/tests/test_call_graph_instance_defaults.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/tests/test_call_graph_local_imports.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/tests/test_call_graph_six.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/tests/test_call_graph_tkinter.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/tests/test_import_boundary.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/tests/test_native_interface.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/tests/test_options.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/tests/test_report.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/packages/modelaudit-picklescan/tests/test_rust_engine.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/pyproject.toml.example +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/release-please-config.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/renovate.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/requirements-tensorflow.txt +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/scripts/README.md +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/scripts/benchmark_report.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/scripts/check_circular_imports.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/scripts/compile_tensorflow_protos.sh +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/scripts/fetch_hf_org_models.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/scripts/fetch_hf_top_models.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/scripts/generate_keras_layer_inventory.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/scripts/jax_flax_scanning_demo.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/scripts/large_pickle_corpus_qa.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/scripts/minimal_circular_check.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/scripts/profile_scan.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/__init__.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/analysis/test_anomaly_detector.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/analysis/test_ml_context_analyzer.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/analysis/test_opcode_sequence_analyzer.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/analysis/test_unified_context.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/exploits/exploit1_basic_torch_bypass.pkl +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/exploits/exploit2_advanced_torch_bypass.pkl +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/exploits/exploit3_sophisticated_hybrid.pkl +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/exploits/exploit4_supply_chain_attack.pkl +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/exploits/exploit5_ultra_high_confidence.pkl +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/exploits/exploit6_ordereddict_bypass.pkl +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/exploits/exploit7_nested_collections.pkl +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/exploits/exploit9_manual_construction.pkl +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/exploits/exploit_ultimate_50pct.pkl +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/generators/generate_7z_test_assets.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/generators/generate_advanced_pickle_tests.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/generators/generate_evil_pickle.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/generators/generate_jinja2_test_assets.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/generators/generate_nested_pickle_assets.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/generators/generate_os_alias_tests.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/generators/generate_safe_nested_assets.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/generators/generate_safetensors_assets.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/generators/generate_security_assets.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/pickles/memo_attack.pkl +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/pickles/multiple_stream_attack.pkl +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/pickles/nt_alias_attack.pkl +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/pickles/posix_alias_attack.pkl +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/pickles/stack_global_attack.pkl +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/archives/path_traversal.zip +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/archives/safe_model.zip +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/jinja2/benign/chatml_format.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/jinja2/benign/complex_legitimate.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/jinja2/benign/conditional_system.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/jinja2/benign/huggingface_llama.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/jinja2/benign/simple_roles.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/jinja2/benign/special_tokens.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/jinja2/edge_cases/empty_template.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/jinja2/edge_cases/malformed_template.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/jinja2/edge_cases/multiple_templates.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/jinja2/edge_cases/no_template.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/jinja2/edge_cases/oversized_template.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/jinja2/malicious/attr_bypass.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/jinja2/malicious/combined_attack.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/jinja2/malicious/config_exploit.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/jinja2/malicious/cve_2024_34359_original.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/jinja2/malicious/direct_eval.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/jinja2/malicious/env_extraction.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/jinja2/malicious/file_access.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/jinja2/malicious/hex_bypass.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/jinja2/malicious/loop_discovery.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/jinja2/malicious/network_exfil.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/jinja2/malicious/request_exploit.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/jinja2/malicious/subprocess_injection.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/jinja2/obfuscated/base64_payload.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/jinja2/obfuscated/char_construction.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/jinja2/obfuscated/format_bypass.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/jinja2/obfuscated/getattr_bypass.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/jinja2/standalone/benign_chat.j2 +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/jinja2/standalone/malicious_standalone.jinja +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/jinja2/standalone/malicious_subprocess.template +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/jinja2/standalone/suspicious_benign.template +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/jinja2/yaml/malicious_config.yaml +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/jinja2/yaml/model_config.yaml +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/keras/custom_layer_attack.h5 +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/keras/loss_injection.h5 +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/keras/malicious_lambda.h5 +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/keras/metric_injection.h5 +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/keras/safe_model.h5 +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/manifests/safe_config.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/manifests/suspicious_config.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/pickles/decode_exec_chain.pkl +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/pickles/dill_func.pkl +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/pickles/malicious_model_realistic.pkl +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/pickles/malicious_system_call.pkl +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/pickles/nested_pickle_base64.pkl +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/pickles/nested_pickle_hex.pkl +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/pickles/nested_pickle_multistage.pkl +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/pickles/nested_pickle_raw.pkl +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/pickles/safe_data.pkl +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/pickles/safe_large_model.pkl +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/pickles/safe_model_with_binary.pkl +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/pickles/safe_model_with_encoding.pkl +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/pickles/safe_model_with_tokens.pkl +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/pickles/safe_nested_structure.pkl +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/pickles/simple_nested.pkl +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/pipeline.skops +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/pytorch/malicious_eval.pt +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/pytorch/safe_model.pt +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/safetensors/malicious_import.safetensors +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/safetensors/safe_model.safetensors +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/tensorflow/malicious_pyfunc/saved_model.pb +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/samples/tensorflow/safe_savedmodel/saved_model.pb +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/scenarios/license_scenarios/agpl_component/agpl_model.pkl +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/scenarios/license_scenarios/agpl_component/neural_network.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/scenarios/license_scenarios/mit_model/config.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/scenarios/license_scenarios/mit_model/model.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/scenarios/license_scenarios/mit_model/model_weights.pkl +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/scenarios/license_scenarios/mixed_licenses/LICENSE +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/scenarios/license_scenarios/mixed_licenses/apache_component.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/scenarios/license_scenarios/mixed_licenses/dataset_cc_nc.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/scenarios/license_scenarios/mixed_licenses/gpl_utility.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/scenarios/license_scenarios/mixed_licenses/mixed_model.pkl +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/scenarios/license_scenarios/unlicensed_dataset/embeddings.npy +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/scenarios/license_scenarios/unlicensed_dataset/features.csv +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/scenarios/license_scenarios/unlicensed_dataset/training_data.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/scenarios/security_scenarios/mixed_malicious_model/config.json +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/assets/scenarios/security_scenarios/mixed_malicious_model/model.pkl +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/benchmarks/test_picklescan_benchmarks.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/benchmarks/test_scan_benchmarks.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/cache/__init__.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/cache/test_cache_correctness.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/cache/test_optimized_config.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/cli_output.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/config/__init__.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/config/test_name_blacklist.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/demo_license_functionality.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/detectors/test_builtin_detection.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/detectors/test_compile_eval_variants.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/detectors/test_runpy_detection.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/detectors/test_suspicious_symbols.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/helpers/__init__.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/helpers/frameworks.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/integrations/test_jfrog.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/integrations/test_jfrog_integration.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/integrations/test_license_checker.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/integrations/test_license_integration.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/integrations/test_mlflow_integration.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/integrations/test_sarif_formatter.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/integrations/test_sbom_license_integration.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/integrations/test_sbom_url_fixes.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/progress/__init__.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/progress/test_base.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_base_scanner.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_executorch_scanner.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_flax_msgpack_scanner.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_joblib_scanner.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_joblib_scanner_codecs.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_keras_h5_scanner.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_keras_zip_scanner.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_metadata_scanner.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_numpy_scanner.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_oci_layer_scanner.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_onnx_dependency_handling.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_picklescan_adapter.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_pytorch_binary_scanner.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_rule_code_registry_consistency.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_rule_mapper.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_safetensors_scanner.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_sevenzip_scanner.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_tensorrt_scanner.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_tf_metagraph_scanner.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_tflite_scanner.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scanners/test_weight_distribution_scanner.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/scripts/test_large_pickle_corpus_qa.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_asset_inventory_integration.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_asset_list.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_auth_config.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_benchmark_report.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_bug1_confidence_exploit.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_cache_cli.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_cache_optimizations.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_checks_recording.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_cli.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_cli_cache_dir.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_cli_default_command.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_cli_file_filtering.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_cli_license_integration.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_cli_logging_handlers.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_cli_output.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_cloud_url_detection.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_committed_fixture_hygiene.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_cve_2025_10155_bin_pickle.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_debug_command.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_dill_joblib_enhanced.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_double_interrupt.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_false_positive_fixes.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_file_hash.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_gguf_sbom_integration.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_graceful_degradation.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_header_discrepancy.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_huggingface_extensions.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_huggingface_symlinks.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_importlib_detection.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_integration.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_jax_flax_integration.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_jit_script_integration.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_lazy_loading.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_lazy_loading_integration.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_manifest_name_policy.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_metadata_extractor.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_nested_pickle_integration.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_network_comm_integration.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_os_alias_detection.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_os_subprocess_detection.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_path_traversal.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_performance_benchmarks.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_pickle_context_filtering.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_progress.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_pydantic_models.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_python_version_warning.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_pytorch_zip_detection.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_real_world_dill_joblib.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_regression_corpus.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_regular_scan_hash.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_rules.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_safetensors_optimization.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_scanner_selection.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_secure_hasher.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_security_asset_integration.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_security_enhancements.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_shebang_context.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_simple_jinja2.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_sklearn_joblib_false_positive.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_telemetry.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_telemetry_decoupling.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_tensorflow_lambda_detection.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_timeout_configuration.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_utils.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_weak_hash_detection.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_webbrowser_detection.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_why_explanations.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/test_xdist_status.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/utils/__init__.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/utils/file/__init__.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/utils/file/test_advanced_file_handler.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/utils/file/test_advanced_size_limits.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/utils/file/test_file_type_validation_integration.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/utils/file/test_integration_file_type_demo.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/utils/file/test_large_file_handler.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/utils/helpers/test_asset_from_scan_result.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/utils/helpers/test_auto_defaults.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/utils/helpers/test_code_validation.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/utils/helpers/test_disk_space.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/utils/helpers/test_file_iterator.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/utils/helpers/test_interrupt_handling.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/utils/helpers/test_ml_context_false_positives.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/utils/helpers/test_py_compile_improvements.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/utils/helpers/test_secure_hasher.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/utils/sources/test_cloud_storage.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/utils/sources/test_dvc_integration.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/utils/sources/test_huggingface.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/utils/sources/test_pytorch_hub.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/utils/test_lfs.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/utils/test_result_conversion.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/whitelists/__init__.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/whitelists/test_combined.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/whitelists/test_huggingface_popular.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/whitelists/test_organizations.py +0 -0
- {modelaudit-0.2.41 → modelaudit-0.2.43}/tests/xdist_status.py +0 -0
|
@@ -9,3 +9,7 @@
|
|
|
9
9
|
|
|
10
10
|
# Vendored protobuf stubs are generated artifacts.
|
|
11
11
|
modelaudit/protos/* linguist-generated=true
|
|
12
|
+
|
|
13
|
+
# Changelogs are append-heavy; preserve concurrent additions during merges.
|
|
14
|
+
CHANGELOG.md merge=union
|
|
15
|
+
packages/modelaudit-picklescan/CHANGELOG.md merge=union
|
|
@@ -168,7 +168,7 @@ jobs:
|
|
|
168
168
|
- name: Verify ML dependencies in full image
|
|
169
169
|
run: |
|
|
170
170
|
# Test that ML dependencies are available
|
|
171
|
-
docker run --rm modelaudit:full python -c "import tensorflow, torch, onnx; print('All ML dependencies available')"
|
|
171
|
+
docker run --rm modelaudit:full python -c "import tensorflow, torch, onnx; print('All ML dependencies available')"
|
|
172
172
|
|
|
173
173
|
- name: Test full container with ML model scan
|
|
174
174
|
run: |
|
|
@@ -179,19 +179,21 @@ jobs:
|
|
|
179
179
|
|
|
180
180
|
docker-ci-success:
|
|
181
181
|
name: Docker CI Success
|
|
182
|
-
needs: [build-test-lightweight]
|
|
183
|
-
# Don't require full image test to pass since it's conditional
|
|
182
|
+
needs: [build-test-lightweight, build-test-full]
|
|
184
183
|
if: always()
|
|
185
184
|
runs-on: ubuntu-latest
|
|
186
185
|
steps:
|
|
187
186
|
- name: Check if required jobs succeeded
|
|
188
187
|
run: |
|
|
189
188
|
LIGHTWEIGHT_RESULT="${{ needs.build-test-lightweight.result }}"
|
|
189
|
+
FULL_RESULT="${{ needs.build-test-full.result }}"
|
|
190
190
|
echo "Lightweight Docker build result: $LIGHTWEIGHT_RESULT"
|
|
191
|
+
echo "Full Docker build result: $FULL_RESULT"
|
|
191
192
|
|
|
192
193
|
# Success or skipped are both acceptable
|
|
193
194
|
# (skipped means the path filters determined the job wasn't needed)
|
|
194
|
-
if [[ "$LIGHTWEIGHT_RESULT" == "success" || "$LIGHTWEIGHT_RESULT" == "skipped"
|
|
195
|
+
if [[ ("$LIGHTWEIGHT_RESULT" == "success" || "$LIGHTWEIGHT_RESULT" == "skipped") && \
|
|
196
|
+
("$FULL_RESULT" == "success" || "$FULL_RESULT" == "skipped") ]]; then
|
|
195
197
|
echo "Docker CI checks passed (or were skipped due to path filters)!"
|
|
196
198
|
exit 0
|
|
197
199
|
else
|
|
@@ -734,6 +734,299 @@ jobs:
|
|
|
734
734
|
print-hash: true
|
|
735
735
|
attestations: true
|
|
736
736
|
|
|
737
|
+
verify-picklescan-pypi:
|
|
738
|
+
if: needs.release-please.outputs.picklescan_release_created == 'true'
|
|
739
|
+
needs: [publish-picklescan-pypi, release-please]
|
|
740
|
+
runs-on: ubuntu-latest
|
|
741
|
+
permissions:
|
|
742
|
+
contents: read
|
|
743
|
+
env:
|
|
744
|
+
EXPECTED_VERSION: ${{ needs.release-please.outputs.picklescan_version }}
|
|
745
|
+
steps:
|
|
746
|
+
- name: Wait for modelaudit-picklescan files on PyPI
|
|
747
|
+
run: |
|
|
748
|
+
python - <<'PY'
|
|
749
|
+
import json
|
|
750
|
+
import os
|
|
751
|
+
import time
|
|
752
|
+
import urllib.request
|
|
753
|
+
|
|
754
|
+
version = os.environ["EXPECTED_VERSION"]
|
|
755
|
+
expected_files = {
|
|
756
|
+
f"modelaudit_picklescan-{version}-cp310-abi3-macosx_10_12_x86_64.whl",
|
|
757
|
+
f"modelaudit_picklescan-{version}-cp310-abi3-macosx_11_0_arm64.whl",
|
|
758
|
+
f"modelaudit_picklescan-{version}-cp310-abi3-manylinux_2_28_aarch64.whl",
|
|
759
|
+
f"modelaudit_picklescan-{version}-cp310-abi3-manylinux_2_28_x86_64.whl",
|
|
760
|
+
f"modelaudit_picklescan-{version}-cp310-abi3-win_amd64.whl",
|
|
761
|
+
f"modelaudit_picklescan-{version}.tar.gz",
|
|
762
|
+
}
|
|
763
|
+
url = f"https://pypi.org/pypi/modelaudit-picklescan/{version}/json"
|
|
764
|
+
deadline = time.monotonic() + 600
|
|
765
|
+
last_status = "not checked"
|
|
766
|
+
|
|
767
|
+
while time.monotonic() < deadline:
|
|
768
|
+
try:
|
|
769
|
+
with urllib.request.urlopen(url, timeout=20) as response:
|
|
770
|
+
payload = json.load(response)
|
|
771
|
+
filenames = {entry["filename"] for entry in payload.get("urls", [])}
|
|
772
|
+
missing = sorted(expected_files - filenames)
|
|
773
|
+
info_version = payload.get("info", {}).get("version")
|
|
774
|
+
if info_version == version and not missing:
|
|
775
|
+
print(f"PyPI has modelaudit-picklescan {version}: {sorted(filenames)}")
|
|
776
|
+
break
|
|
777
|
+
last_status = f"version={info_version!r}, missing={missing}"
|
|
778
|
+
except Exception as exc:
|
|
779
|
+
last_status = repr(exc)
|
|
780
|
+
time.sleep(10)
|
|
781
|
+
else:
|
|
782
|
+
raise SystemExit(f"Timed out waiting for modelaudit-picklescan {version} on PyPI: {last_status}")
|
|
783
|
+
PY
|
|
784
|
+
|
|
785
|
+
- name: Install published modelaudit-picklescan and smoke test API
|
|
786
|
+
run: |
|
|
787
|
+
set -euo pipefail
|
|
788
|
+
python -m venv /tmp/modelaudit-picklescan-pypi-smoke
|
|
789
|
+
/tmp/modelaudit-picklescan-pypi-smoke/bin/python -m pip install --upgrade pip
|
|
790
|
+
/tmp/modelaudit-picklescan-pypi-smoke/bin/python -m pip install \
|
|
791
|
+
--no-cache-dir \
|
|
792
|
+
--retries 10 \
|
|
793
|
+
--timeout 60 \
|
|
794
|
+
"modelaudit-picklescan==${EXPECTED_VERSION}"
|
|
795
|
+
|
|
796
|
+
/tmp/modelaudit-picklescan-pypi-smoke/bin/python - <<'PY'
|
|
797
|
+
import importlib.metadata as md
|
|
798
|
+
import importlib.util
|
|
799
|
+
import os
|
|
800
|
+
import pickle
|
|
801
|
+
|
|
802
|
+
import modelaudit_picklescan
|
|
803
|
+
|
|
804
|
+
expected_version = os.environ["EXPECTED_VERSION"]
|
|
805
|
+
installed_version = md.version("modelaudit-picklescan")
|
|
806
|
+
if installed_version != expected_version:
|
|
807
|
+
raise SystemExit(f"Expected modelaudit-picklescan {expected_version}, got {installed_version}")
|
|
808
|
+
if importlib.util.find_spec("modelaudit_picklescan._rust") is None:
|
|
809
|
+
raise SystemExit("modelaudit_picklescan._rust extension was not installed")
|
|
810
|
+
|
|
811
|
+
clean_report = modelaudit_picklescan.scan_bytes(pickle.dumps({"weights": [1, 2, 3]}, protocol=4))
|
|
812
|
+
if clean_report.status.value != "complete" or clean_report.verdict.value != "clean":
|
|
813
|
+
raise SystemExit(f"Expected clean complete report, got {clean_report}")
|
|
814
|
+
|
|
815
|
+
class MaliciousPayload:
|
|
816
|
+
def __reduce__(self):
|
|
817
|
+
return (os.system, ("echo modelaudit-picklescan-smoke",))
|
|
818
|
+
|
|
819
|
+
malicious_report = modelaudit_picklescan.scan_bytes(
|
|
820
|
+
pickle.dumps(MaliciousPayload(), protocol=4),
|
|
821
|
+
source="malicious.pkl",
|
|
822
|
+
)
|
|
823
|
+
if malicious_report.status.value != "complete" or malicious_report.verdict.value != "malicious":
|
|
824
|
+
raise SystemExit(f"Expected malicious complete report, got {malicious_report}")
|
|
825
|
+
if not any(finding.rule_code == "DANGEROUS_CALL" for finding in malicious_report.findings):
|
|
826
|
+
raise SystemExit(f"Expected DANGEROUS_CALL finding, got {malicious_report.findings}")
|
|
827
|
+
|
|
828
|
+
print("Published modelaudit-picklescan API smoke test passed.")
|
|
829
|
+
PY
|
|
830
|
+
|
|
831
|
+
verify-pypi:
|
|
832
|
+
if: >-
|
|
833
|
+
${{
|
|
834
|
+
always() &&
|
|
835
|
+
needs.release-please.outputs.release_created == 'true' &&
|
|
836
|
+
needs.publish-pypi.result == 'success' &&
|
|
837
|
+
(
|
|
838
|
+
needs.release-please.outputs.picklescan_release_created != 'true' ||
|
|
839
|
+
needs.verify-picklescan-pypi.result == 'success'
|
|
840
|
+
)
|
|
841
|
+
}}
|
|
842
|
+
needs:
|
|
843
|
+
[
|
|
844
|
+
publish-pypi,
|
|
845
|
+
publish-picklescan-pypi,
|
|
846
|
+
release-please,
|
|
847
|
+
verify-picklescan-pypi,
|
|
848
|
+
]
|
|
849
|
+
runs-on: ubuntu-latest
|
|
850
|
+
permissions:
|
|
851
|
+
contents: read
|
|
852
|
+
env:
|
|
853
|
+
EXPECTED_VERSION: ${{ needs.release-please.outputs.version }}
|
|
854
|
+
EXPECTED_PICKLESCAN_VERSION: ${{ needs.release-please.outputs.picklescan_version }}
|
|
855
|
+
PICKLESCAN_RELEASE_CREATED: ${{ needs.release-please.outputs.picklescan_release_created }}
|
|
856
|
+
PROMPTFOO_DISABLE_TELEMETRY: "1"
|
|
857
|
+
steps:
|
|
858
|
+
- name: Wait for modelaudit files on PyPI
|
|
859
|
+
run: |
|
|
860
|
+
python - <<'PY'
|
|
861
|
+
import json
|
|
862
|
+
import os
|
|
863
|
+
import time
|
|
864
|
+
import urllib.request
|
|
865
|
+
|
|
866
|
+
version = os.environ["EXPECTED_VERSION"]
|
|
867
|
+
expected_files = {
|
|
868
|
+
f"modelaudit-{version}-py3-none-any.whl",
|
|
869
|
+
f"modelaudit-{version}.tar.gz",
|
|
870
|
+
}
|
|
871
|
+
url = f"https://pypi.org/pypi/modelaudit/{version}/json"
|
|
872
|
+
deadline = time.monotonic() + 600
|
|
873
|
+
last_status = "not checked"
|
|
874
|
+
|
|
875
|
+
while time.monotonic() < deadline:
|
|
876
|
+
try:
|
|
877
|
+
with urllib.request.urlopen(url, timeout=20) as response:
|
|
878
|
+
payload = json.load(response)
|
|
879
|
+
filenames = {entry["filename"] for entry in payload.get("urls", [])}
|
|
880
|
+
missing = sorted(expected_files - filenames)
|
|
881
|
+
info_version = payload.get("info", {}).get("version")
|
|
882
|
+
if info_version == version and not missing:
|
|
883
|
+
print(f"PyPI has modelaudit {version}: {sorted(filenames)}")
|
|
884
|
+
break
|
|
885
|
+
last_status = f"version={info_version!r}, missing={missing}"
|
|
886
|
+
except Exception as exc:
|
|
887
|
+
last_status = repr(exc)
|
|
888
|
+
time.sleep(10)
|
|
889
|
+
else:
|
|
890
|
+
raise SystemExit(f"Timed out waiting for modelaudit {version} on PyPI: {last_status}")
|
|
891
|
+
PY
|
|
892
|
+
|
|
893
|
+
- name: Install published modelaudit and run end-to-end smoke tests
|
|
894
|
+
run: |
|
|
895
|
+
set -euo pipefail
|
|
896
|
+
python -m venv /tmp/modelaudit-pypi-smoke
|
|
897
|
+
/tmp/modelaudit-pypi-smoke/bin/python -m pip install --upgrade pip
|
|
898
|
+
/tmp/modelaudit-pypi-smoke/bin/python -m pip install \
|
|
899
|
+
--no-cache-dir \
|
|
900
|
+
--retries 10 \
|
|
901
|
+
--timeout 60 \
|
|
902
|
+
"modelaudit[all]==${EXPECTED_VERSION}"
|
|
903
|
+
|
|
904
|
+
/tmp/modelaudit-pypi-smoke/bin/python - <<'PY'
|
|
905
|
+
import importlib.metadata as md
|
|
906
|
+
import json
|
|
907
|
+
import os
|
|
908
|
+
import pickle
|
|
909
|
+
import subprocess
|
|
910
|
+
import tempfile
|
|
911
|
+
import zipfile
|
|
912
|
+
from pathlib import Path
|
|
913
|
+
|
|
914
|
+
expected_version = os.environ["EXPECTED_VERSION"]
|
|
915
|
+
installed_version = md.version("modelaudit")
|
|
916
|
+
if installed_version != expected_version:
|
|
917
|
+
raise SystemExit(f"Expected modelaudit {expected_version}, got {installed_version}")
|
|
918
|
+
|
|
919
|
+
picklescan_version = md.version("modelaudit-picklescan")
|
|
920
|
+
expected_picklescan_version = os.environ.get("EXPECTED_PICKLESCAN_VERSION")
|
|
921
|
+
if os.environ.get("PICKLESCAN_RELEASE_CREATED") == "true" and expected_picklescan_version:
|
|
922
|
+
if picklescan_version != expected_picklescan_version:
|
|
923
|
+
raise SystemExit(
|
|
924
|
+
"Expected coordinated picklescan "
|
|
925
|
+
f"{expected_picklescan_version}, got {picklescan_version}"
|
|
926
|
+
)
|
|
927
|
+
print(f"Installed modelaudit {installed_version} with modelaudit-picklescan {picklescan_version}.")
|
|
928
|
+
|
|
929
|
+
modelaudit = Path("/tmp/modelaudit-pypi-smoke/bin/modelaudit")
|
|
930
|
+
env = os.environ.copy()
|
|
931
|
+
env["PROMPTFOO_DISABLE_TELEMETRY"] = "1"
|
|
932
|
+
|
|
933
|
+
def run(args: list[str | Path], expected_returncode: int) -> subprocess.CompletedProcess[str]:
|
|
934
|
+
command = [str(arg) for arg in args]
|
|
935
|
+
print("$", " ".join(command))
|
|
936
|
+
completed = subprocess.run(
|
|
937
|
+
command,
|
|
938
|
+
capture_output=True,
|
|
939
|
+
text=True,
|
|
940
|
+
env=env,
|
|
941
|
+
check=False,
|
|
942
|
+
)
|
|
943
|
+
if completed.stdout:
|
|
944
|
+
print(completed.stdout)
|
|
945
|
+
if completed.stderr:
|
|
946
|
+
print(completed.stderr)
|
|
947
|
+
if completed.returncode != expected_returncode:
|
|
948
|
+
raise SystemExit(
|
|
949
|
+
f"Expected exit {expected_returncode} from {' '.join(command)}, "
|
|
950
|
+
f"got {completed.returncode}"
|
|
951
|
+
)
|
|
952
|
+
return completed
|
|
953
|
+
|
|
954
|
+
run([modelaudit, "--version"], 0)
|
|
955
|
+
run([modelaudit, "doctor", "--show-failed"], 0)
|
|
956
|
+
|
|
957
|
+
with tempfile.TemporaryDirectory(prefix="modelaudit-pypi-smoke-") as tmpdir:
|
|
958
|
+
workdir = Path(tmpdir)
|
|
959
|
+
marker = workdir / "payload-executed"
|
|
960
|
+
benign = workdir / "benign.pkl"
|
|
961
|
+
malicious = workdir / "malicious.pkl"
|
|
962
|
+
malicious_zip = workdir / "malicious.zip"
|
|
963
|
+
|
|
964
|
+
with benign.open("wb") as handle:
|
|
965
|
+
pickle.dump({"weights": [1.0, 2.0, 3.0], "metadata": {"name": "release-smoke"}}, handle)
|
|
966
|
+
|
|
967
|
+
class MaliciousPayload:
|
|
968
|
+
def __reduce__(self):
|
|
969
|
+
return (os.system, (f"touch {marker}",))
|
|
970
|
+
|
|
971
|
+
with malicious.open("wb") as handle:
|
|
972
|
+
pickle.dump(MaliciousPayload(), handle, protocol=4)
|
|
973
|
+
with zipfile.ZipFile(malicious_zip, "w", compression=zipfile.ZIP_DEFLATED) as archive:
|
|
974
|
+
archive.write(malicious, arcname="malicious.pkl")
|
|
975
|
+
|
|
976
|
+
benign_json = workdir / "benign.json"
|
|
977
|
+
malicious_json = workdir / "malicious.json"
|
|
978
|
+
zip_json = workdir / "malicious-zip.json"
|
|
979
|
+
sarif_json = workdir / "malicious.sarif"
|
|
980
|
+
sbom_json = workdir / "sbom.json"
|
|
981
|
+
|
|
982
|
+
run([modelaudit, "scan", benign, "--format", "json", "--output", benign_json, "--no-cache"], 0)
|
|
983
|
+
run([modelaudit, "scan", malicious, "--format", "json", "--output", malicious_json, "--no-cache"], 1)
|
|
984
|
+
run([modelaudit, "scan", malicious_zip, "--format", "json", "--output", zip_json, "--no-cache"], 1)
|
|
985
|
+
run(
|
|
986
|
+
[
|
|
987
|
+
modelaudit,
|
|
988
|
+
"scan",
|
|
989
|
+
malicious,
|
|
990
|
+
"--format",
|
|
991
|
+
"sarif",
|
|
992
|
+
"--output",
|
|
993
|
+
sarif_json,
|
|
994
|
+
"--sbom",
|
|
995
|
+
sbom_json,
|
|
996
|
+
"--no-cache",
|
|
997
|
+
],
|
|
998
|
+
1,
|
|
999
|
+
)
|
|
1000
|
+
|
|
1001
|
+
if marker.exists():
|
|
1002
|
+
raise SystemExit("Malicious pickle payload executed during scan")
|
|
1003
|
+
|
|
1004
|
+
benign_report = json.loads(benign_json.read_text())
|
|
1005
|
+
if benign_report.get("issues") or benign_report.get("failed_checks") != 0:
|
|
1006
|
+
raise SystemExit(f"Expected benign pickle to be clean, got {benign_report}")
|
|
1007
|
+
|
|
1008
|
+
for report_path in (malicious_json, zip_json):
|
|
1009
|
+
report = json.loads(report_path.read_text())
|
|
1010
|
+
if not any(
|
|
1011
|
+
issue.get("rule_code") == "S201" and issue.get("severity") == "critical"
|
|
1012
|
+
for issue in report.get("issues", [])
|
|
1013
|
+
):
|
|
1014
|
+
raise SystemExit(f"Expected critical S201 in {report_path}, got {report}")
|
|
1015
|
+
|
|
1016
|
+
sarif_report = json.loads(sarif_json.read_text())
|
|
1017
|
+
sarif_results = sarif_report.get("runs", [{}])[0].get("results", [])
|
|
1018
|
+
if sarif_report.get("version") != "2.1.0" or not any(
|
|
1019
|
+
result.get("ruleId") == "S201" for result in sarif_results
|
|
1020
|
+
):
|
|
1021
|
+
raise SystemExit(f"Expected SARIF S201 result, got {sarif_report}")
|
|
1022
|
+
|
|
1023
|
+
sbom_report = json.loads(sbom_json.read_text())
|
|
1024
|
+
if sbom_report.get("bomFormat") != "CycloneDX" or not sbom_report.get("components"):
|
|
1025
|
+
raise SystemExit(f"Expected CycloneDX SBOM with components, got {sbom_report}")
|
|
1026
|
+
|
|
1027
|
+
print("Published modelaudit end-to-end smoke test passed.")
|
|
1028
|
+
PY
|
|
1029
|
+
|
|
737
1030
|
provenance:
|
|
738
1031
|
if: needs.release-please.outputs.release_created == 'true'
|
|
739
1032
|
needs: [build, publish-pypi, release-please]
|
|
@@ -5,6 +5,109 @@ All notable changes to this project will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [0.2.43](https://github.com/promptfoo/modelaudit/compare/v0.2.42...v0.2.43) (2026-05-01)
|
|
9
|
+
|
|
10
|
+
### Bug Fixes
|
|
11
|
+
|
|
12
|
+
- align manifest scanner routing ([#1111](https://github.com/promptfoo/modelaudit/issues/1111)) ([ad7f253](https://github.com/promptfoo/modelaudit/commit/ad7f2534ad3e9f5ec744aadbf2448e02bdaa092f))
|
|
13
|
+
- analyze jax-like pickle checkpoints ([#1114](https://github.com/promptfoo/modelaudit/issues/1114)) ([576ac54](https://github.com/promptfoo/modelaudit/commit/576ac540822e620204ea7d654848bcca9376b44f))
|
|
14
|
+
- avoid inert skops cve false positives ([7538e58](https://github.com/promptfoo/modelaudit/commit/7538e58fc6ba7c3f9f7721a6c686035f6502c1e6))
|
|
15
|
+
- avoid PMML system substring false positives ([#1125](https://github.com/promptfoo/modelaudit/issues/1125)) ([20fdd0c](https://github.com/promptfoo/modelaudit/commit/20fdd0c7ef498099e439306e323093920fd752c7))
|
|
16
|
+
- catch suspicious nemo target leaves ([#1116](https://github.com/promptfoo/modelaudit/issues/1116)) ([b8dccfa](https://github.com/promptfoo/modelaudit/commit/b8dccfa1b2aca25c277c35616ee1b01c87953e6f))
|
|
17
|
+
- close pytorch zip coverage gaps ([#1095](https://github.com/promptfoo/modelaudit/issues/1095)) ([a1ca298](https://github.com/promptfoo/modelaudit/commit/a1ca298b7d217989286b9bc0e3ef6545871f9b53))
|
|
18
|
+
- correct analysis suspiciousness ([#1101](https://github.com/promptfoo/modelaudit/issues/1101)) ([11b1d3e](https://github.com/promptfoo/modelaudit/commit/11b1d3e3ce7ace309f3864c599c7f70b6479c5cb))
|
|
19
|
+
- cover eager statistics consumers in picklescan ([#1148](https://github.com/promptfoo/modelaudit/issues/1148)) ([0d5ea8e](https://github.com/promptfoo/modelaudit/commit/0d5ea8e5a0be4f96d3ca97c55640cdb35b55215c))
|
|
20
|
+
- detect bare torch7 require loads ([#1117](https://github.com/promptfoo/modelaudit/issues/1117)) ([7c77be0](https://github.com/promptfoo/modelaudit/commit/7c77be01de8783e852815e58811f592455b3b6c4))
|
|
21
|
+
- detect extensionless archive executables ([#1110](https://github.com/promptfoo/modelaudit/issues/1110)) ([b64a2da](https://github.com/promptfoo/modelaudit/commit/b64a2da696f9a922e826c39d64c37894ce393582))
|
|
22
|
+
- detect nested brace-format mapping lookups ([#1151](https://github.com/promptfoo/modelaudit/issues/1151)) ([fc296ad](https://github.com/promptfoo/modelaudit/commit/fc296adaa97815b4067f0a764e653cdf777a5724))
|
|
23
|
+
- detect Paddle patterns across chunk boundaries ([#1120](https://github.com/promptfoo/modelaudit/issues/1120)) ([d4fedf9](https://github.com/promptfoo/modelaudit/commit/d4fedf9e9b1492cec291dedb1ff53fe420d13bb7))
|
|
24
|
+
- fail closed on bounded scanner analysis ([#1099](https://github.com/promptfoo/modelaudit/issues/1099)) ([60973e4](https://github.com/promptfoo/modelaudit/commit/60973e4eb48928c120d62ed651b1abb95c210134))
|
|
25
|
+
- fail closed on call graph errors ([#1143](https://github.com/promptfoo/modelaudit/issues/1143)) ([1a08449](https://github.com/promptfoo/modelaudit/commit/1a084493b16b5c62b0cd7022b79e60795e88b07b))
|
|
26
|
+
- fail closed on directory size limits ([#1093](https://github.com/promptfoo/modelaudit/issues/1093)) ([47054d7](https://github.com/promptfoo/modelaudit/commit/47054d7fe808cfb3ee676d1da533c244170946bf))
|
|
27
|
+
- fail closed on header-only streaming scans ([#1103](https://github.com/promptfoo/modelaudit/issues/1103)) ([7b934c0](https://github.com/promptfoo/modelaudit/commit/7b934c02004850b5ca2428fe2871acb3e413062a))
|
|
28
|
+
- fail closed on incomplete mar scans ([#1096](https://github.com/promptfoo/modelaudit/issues/1096)) ([af31235](https://github.com/promptfoo/modelaudit/commit/af312351a7b2069214d4938cb9c8e051e25ae8f3))
|
|
29
|
+
- fail closed on limited llamafile payload scans ([ceb3f22](https://github.com/promptfoo/modelaudit/commit/ceb3f22870f5555e809dbf19d7ce37e4d2488b5a))
|
|
30
|
+
- fail closed on malformed XGBoost JSON ([#1123](https://github.com/promptfoo/modelaudit/issues/1123)) ([4d4ba28](https://github.com/promptfoo/modelaudit/commit/4d4ba285e60a3abfb64f0259c792c52dcb66794d))
|
|
31
|
+
- fail closed on nemo archives without config ([#1115](https://github.com/promptfoo/modelaudit/issues/1115)) ([a09f763](https://github.com/promptfoo/modelaudit/commit/a09f76308e1e5e3db7d20298e1ed508806d9cbbd))
|
|
32
|
+
- fail closed on ONNX raw detector failures ([#1119](https://github.com/promptfoo/modelaudit/issues/1119)) ([2963764](https://github.com/promptfoo/modelaudit/commit/2963764e28c4fb94cdfdef6a975e630c4ab4dd2f))
|
|
33
|
+
- fail closed on truncated tensor metadata ([b267328](https://github.com/promptfoo/modelaudit/commit/b267328ca6952ade157a82de00ddc3ca541619f0))
|
|
34
|
+
- fail closed on unanalyzable call graphs ([#1108](https://github.com/promptfoo/modelaudit/issues/1108)) ([dcb8bbe](https://github.com/promptfoo/modelaudit/commit/dcb8bbe4683c284a1ea6c84231dee6808a93fc52))
|
|
35
|
+
- fail closed when recognized scanners are unavailable ([#1104](https://github.com/promptfoo/modelaudit/issues/1104)) ([f4866d4](https://github.com/promptfoo/modelaudit/commit/f4866d424c5fe2112c681f7984a2c59d9fe5b794))
|
|
36
|
+
- fail closed without yaml parser ([99ef15a](https://github.com/promptfoo/modelaudit/commit/99ef15a35cea50257ca31629da3e51f50d369f75))
|
|
37
|
+
- harden detector heuristics ([#1100](https://github.com/promptfoo/modelaudit/issues/1100)) ([bf57b3b](https://github.com/promptfoo/modelaudit/commit/bf57b3b20ab43d1fdf764a503a7bd9fe19c7cd11))
|
|
38
|
+
- ignore inert format placeholders ([#1142](https://github.com/promptfoo/modelaudit/issues/1142)) ([8f728e8](https://github.com/promptfoo/modelaudit/commit/8f728e8454578ba34ce5b28389258fa2eba29fe8))
|
|
39
|
+
- ignore inert XGBoost feature labels ([f637e1e](https://github.com/promptfoo/modelaudit/commit/f637e1ebc024913af14f4a3eff01ee4600459b5d))
|
|
40
|
+
- inspect savedmodel root siblings ([#1118](https://github.com/promptfoo/modelaudit/issues/1118)) ([cf6bf8f](https://github.com/promptfoo/modelaudit/commit/cf6bf8f83499910bf179361d1015c161ee8dafff))
|
|
41
|
+
- keep inert dotted global metadata clean ([#1150](https://github.com/promptfoo/modelaudit/issues/1150)) ([9a76915](https://github.com/promptfoo/modelaudit/commit/9a769151c0ffd29a1638f1dacc78d2eb77b0f268))
|
|
42
|
+
- **picklescan:** detect hidden-only pytorch zips ([#1098](https://github.com/promptfoo/modelaudit/issues/1098)) ([3e94f70](https://github.com/promptfoo/modelaudit/commit/3e94f7020d5a28fc150afed1520adcac8d58ce73))
|
|
43
|
+
- **picklescan:** detect statistics quantiles iterator consumption ([#1152](https://github.com/promptfoo/modelaudit/issues/1152)) ([b357fdb](https://github.com/promptfoo/modelaudit/commit/b357fdb7db320d3485cf0458a4cf0f16b86717c1))
|
|
44
|
+
- **picklescan:** fail closed on late encoded payload probes ([#1107](https://github.com/promptfoo/modelaudit/issues/1107)) ([55b43a5](https://github.com/promptfoo/modelaudit/commit/55b43a5229baadf1c3673b4d89838e55c5cf6ae3))
|
|
45
|
+
- **picklescan:** model str.format lookups ([#1097](https://github.com/promptfoo/modelaudit/issues/1097)) ([2c87acb](https://github.com/promptfoo/modelaudit/commit/2c87acbb01285289872203063074baf51d0cd28c))
|
|
46
|
+
- preserve exact entropy literals ([#1138](https://github.com/promptfoo/modelaudit/issues/1138)) ([95ba57c](https://github.com/promptfoo/modelaudit/commit/95ba57cad1d9bb346c2752942b8e054d8dfa66ff))
|
|
47
|
+
- preserve hidden model payloads ([#1091](https://github.com/promptfoo/modelaudit/issues/1091)) ([5b11f91](https://github.com/promptfoo/modelaudit/commit/5b11f91942c1e5943e74affa3fbf86244f63f9cc))
|
|
48
|
+
- preserve incomplete office zip scans ([#1094](https://github.com/promptfoo/modelaudit/issues/1094)) ([9ed81db](https://github.com/promptfoo/modelaudit/commit/9ed81db90ce60e4128f8e95a0ae50f5f5a75d214))
|
|
49
|
+
- preserve merged scan failures ([#1092](https://github.com/promptfoo/modelaudit/issues/1092)) ([e7fecc5](https://github.com/promptfoo/modelaudit/commit/e7fecc5e674a404164e352f07d5bca381e1862f0))
|
|
50
|
+
- preserve path-sensitive directory scans ([#1102](https://github.com/promptfoo/modelaudit/issues/1102)) ([ddebc52](https://github.com/promptfoo/modelaudit/commit/ddebc52095773f651b64944412180e2ee5e76762))
|
|
51
|
+
- preserve str.format lookup keys in picklescan ([#1149](https://github.com/promptfoo/modelaudit/issues/1149)) ([feb3e1c](https://github.com/promptfoo/modelaudit/commit/feb3e1ccb629344180e3a27e093e24b707c671e6))
|
|
52
|
+
- reject ajax as a JAX checkpoint hint ([#1124](https://github.com/promptfoo/modelaudit/issues/1124)) ([9f51b2c](https://github.com/promptfoo/modelaudit/commit/9f51b2c8e154d94b3361dfb0b07ba6bdd37aedd1))
|
|
53
|
+
- reject marker-only XGBoost binaries ([#1122](https://github.com/promptfoo/modelaudit/issues/1122)) ([30ec930](https://github.com/promptfoo/modelaudit/commit/30ec9308a50f445ddd2f55624fe0b294dc2e92cd))
|
|
54
|
+
- remove filename-based framework skips ([#1137](https://github.com/promptfoo/modelaudit/issues/1137)) ([7a18b49](https://github.com/promptfoo/modelaudit/commit/7a18b49f434ddc091cb26672323dad6dab42dab7))
|
|
55
|
+
- require startup hook invocations ([#1140](https://github.com/promptfoo/modelaudit/issues/1140)) ([7e0777d](https://github.com/promptfoo/modelaudit/commit/7e0777dcc71bfdbd8212358aa548ee45d3808642))
|
|
56
|
+
- require strict zip signatures ([93f60af](https://github.com/promptfoo/modelaudit/commit/93f60afe5765047752f2c97fc10f160939a66c62))
|
|
57
|
+
- resolve concatenated archive getattr names ([#1105](https://github.com/promptfoo/modelaudit/issues/1105)) ([59a7df6](https://github.com/promptfoo/modelaudit/commit/59a7df6464fda09f79bbd5fa44754402764e89b7))
|
|
58
|
+
- resync post-budget pickle replay ([#1141](https://github.com/promptfoo/modelaudit/issues/1141)) ([e275676](https://github.com/promptfoo/modelaudit/commit/e27567661295a96d94cd1ea29abd4f42c6c249e3))
|
|
59
|
+
- route extensionless scanners ([18accbd](https://github.com/promptfoo/modelaudit/commit/18accbdaf6808bd6316d742c84a1f92dce63984a))
|
|
60
|
+
- route flax suffixes without msgpack ([dca6056](https://github.com/promptfoo/modelaudit/commit/dca605662e2dbf3209b4d69e61fb9f1306599b7d))
|
|
61
|
+
- route middle-marker llamafiles ([f11792c](https://github.com/promptfoo/modelaudit/commit/f11792ca6c4e3237d731d54c47ce44b00a3c7d4b))
|
|
62
|
+
- route renamed XML models after long prologs ([#1109](https://github.com/promptfoo/modelaudit/issues/1109)) ([e2f9962](https://github.com/promptfoo/modelaudit/commit/e2f9962a887762ad49854ec1ee750c7df20b6a7c))
|
|
63
|
+
- scan concatenated compressed members ([#1135](https://github.com/promptfoo/modelaudit/issues/1135)) ([3f9a51a](https://github.com/promptfoo/modelaudit/commit/3f9a51a37b92bc6e48dedb5aa97e3aeb32d64a0d))
|
|
64
|
+
- scan embedded manifest chat templates ([#1112](https://github.com/promptfoo/modelaudit/issues/1112)) ([18433a8](https://github.com/promptfoo/modelaudit/commit/18433a83966229642555fa8886e3e55a8b3e15bb))
|
|
65
|
+
- scan gguf chat templates with jinja analysis ([#1113](https://github.com/promptfoo/modelaudit/issues/1113)) ([35b420a](https://github.com/promptfoo/modelaudit/commit/35b420ac908bd29cecc6e82b85e1af88056b9551))
|
|
66
|
+
- scan unmarked python jit blobs ([#1136](https://github.com/promptfoo/modelaudit/issues/1136)) ([681ce62](https://github.com/promptfoo/modelaudit/commit/681ce62487f0f41a9c2af7e8f7b50be65b16f901))
|
|
67
|
+
- scope huggingface bookkeeping skips ([#1090](https://github.com/promptfoo/modelaudit/issues/1090)) ([87f7204](https://github.com/promptfoo/modelaudit/commit/87f7204bedc8a6ff94472b5831abd52a25836dcd))
|
|
68
|
+
- stabilize non-pytorch zip status ([7449aae](https://github.com/promptfoo/modelaudit/commit/7449aae0e36a38de7681acfd0f5f77033afea059))
|
|
69
|
+
- validate all XGBoost trees ([#1121](https://github.com/promptfoo/modelaudit/issues/1121)) ([a38eab2](https://github.com/promptfoo/modelaudit/commit/a38eab225b3671e8df20621455fca775ff5ee96a))
|
|
70
|
+
|
|
71
|
+
### Documentation
|
|
72
|
+
|
|
73
|
+
- narrow scan coverage claims ([#1139](https://github.com/promptfoo/modelaudit/issues/1139)) ([47ec8cf](https://github.com/promptfoo/modelaudit/commit/47ec8cf3bc5a5ac3166757bbaae0c5a3c6adb73d))
|
|
74
|
+
|
|
75
|
+
## [Unreleased]
|
|
76
|
+
|
|
77
|
+
### Bug Fixes
|
|
78
|
+
|
|
79
|
+
- detect nested brace-format lookups that reach tracked `defaultdict` factories
|
|
80
|
+
- avoid `str.format` picklescan false positives when a `ChainMap` shadows a `defaultdict`
|
|
81
|
+
- block `statistics.quantiles` call-iterator consumption in picklescan call-graph analysis
|
|
82
|
+
- block additional eager `statistics` consumers in picklescan call-graph analysis
|
|
83
|
+
- avoid picklescan false positives for inert metadata under dangerous dotted globals
|
|
84
|
+
- preserve path-sensitive scan results while hashing duplicate directory contents
|
|
85
|
+
- correct analysis suspiciousness scoring and alias-aware semantic risk handling
|
|
86
|
+
- harden detector heuristics against comment padding, byte-backed credentials, unmarked Python blobs, and spoofed network context
|
|
87
|
+
- fail closed when bounded scanner windows leave relevant model content uninspected
|
|
88
|
+
- fail closed when TorchServe MAR limits leave manifest-referenced payloads unscanned
|
|
89
|
+
- recurse into nested ZIP members inside PyTorch archives and fail closed when compression-ratio guards leave members unscanned
|
|
90
|
+
- preserve large Office-like ZIPs when prefilter inspection is incomplete
|
|
91
|
+
- fail closed when directory scans stop at the total-size budget
|
|
92
|
+
- restrict Hugging Face bookkeeping filename skips to recognized cache layouts
|
|
93
|
+
- preserve unsuccessful child results after scan-result merges
|
|
94
|
+
- preserve supported payloads hidden behind default directory-skip names
|
|
95
|
+
- use bounded raw Jinja fallback windows and fail closed when PyYAML is
|
|
96
|
+
unavailable for YAML template configs
|
|
97
|
+
- let extensionless file scanners participate in local file selection so
|
|
98
|
+
supported extensionless Llamafiles do not fall through to clean unknown
|
|
99
|
+
results
|
|
100
|
+
- fail closed when PyTorch ZIP tensor-metadata validation can only inspect a
|
|
101
|
+
bounded pickle prefix or cannot complete member analysis
|
|
102
|
+
- preserve and scan concatenated compressed-wrapper member boundaries so a
|
|
103
|
+
benign first member cannot hide later malicious payloads
|
|
104
|
+
|
|
105
|
+
## [0.2.42](https://github.com/promptfoo/modelaudit/compare/v0.2.41...v0.2.42) (2026-04-27)
|
|
106
|
+
|
|
107
|
+
### Bug Fixes
|
|
108
|
+
|
|
109
|
+
- require latest picklescan release ([a0237a7](https://github.com/promptfoo/modelaudit/commit/a0237a7658c0885848eea8d51b792ccfad45cc1c))
|
|
110
|
+
|
|
8
111
|
## [0.2.41](https://github.com/promptfoo/modelaudit/compare/v0.2.40...v0.2.41) (2026-04-27)
|
|
9
112
|
|
|
10
113
|
### Bug Fixes
|
|
@@ -91,6 +194,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
91
194
|
|
|
92
195
|
### Added
|
|
93
196
|
|
|
197
|
+
- **security:** inspect non-canonical SavedModel root siblings for suspicious
|
|
198
|
+
executable-like content
|
|
199
|
+
- **security:** detect bare-string Lua `require "module"` loads in Torch7
|
|
200
|
+
artifacts
|
|
201
|
+
- **security:** keep trusted NeMo namespaces from suppressing suspicious Hydra
|
|
202
|
+
`_target_` leaf names
|
|
203
|
+
- **security:** fail closed when NeMo archives contain no analyzable config files
|
|
204
|
+
- **security:** analyze GGUF-embedded chat templates through the Jinja scanner
|
|
205
|
+
while preserving GGUF scanner ownership
|
|
206
|
+
- **security:** run JAX checkpoint analysis for JAX-like pickle payloads that
|
|
207
|
+
stay on the primary pickle scanner path
|
|
94
208
|
- **security:** detect `mailcap.findmatch` pickle call targets that can execute
|
|
95
209
|
attacker-controlled mailcap `test` commands on Python versions that still
|
|
96
210
|
provide `mailcap`
|
|
@@ -287,6 +401,47 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
287
401
|
|
|
288
402
|
### Fixed
|
|
289
403
|
|
|
404
|
+
- **llamafile:** stream marker detection across executable bodies so `.exe`
|
|
405
|
+
wrappers with middle-only `llamafile` markers still route to the scanner
|
|
406
|
+
- **flax:** keep explicit Flax/JAX checkpoint suffixes routed to the scanner when
|
|
407
|
+
`msgpack` is unavailable so missing parser coverage fails closed
|
|
408
|
+
- **llamafile:** fail closed when bounded embedded-payload scanning stops before
|
|
409
|
+
covering the full executable
|
|
410
|
+
- **skops:** require exploit-shaped structured loader nodes for CVE-2025-54412
|
|
411
|
+
and CVE-2025-54413 checks so inert prose, filenames, and valid loader nodes do
|
|
412
|
+
not become critical findings
|
|
413
|
+
- **routing:** require recognized ZIP signatures before classifying files or
|
|
414
|
+
streaming previews as archives, so benign `PK*` near-matches stay unclassified
|
|
415
|
+
- **xgboost:** avoid flagging inert `feature_names` metadata as executable JSON
|
|
416
|
+
content.
|
|
417
|
+
- **pmml:** avoid flagging benign `ecosystem()` prose as a `system(...)` call.
|
|
418
|
+
- **jax:** avoid routing `ajax` near-matches as JAX checkpoint indicators.
|
|
419
|
+
- **security:** fail closed on malformed nested XGBoost JSON structures that
|
|
420
|
+
would otherwise skip booster or tree validation.
|
|
421
|
+
- **security:** require the legacy XGBoost binary signature instead of
|
|
422
|
+
accepting marker-shaped text payloads as valid `.bst` models.
|
|
423
|
+
- **security:** validate late XGBoost trees instead of sampling only the first
|
|
424
|
+
ten tree structures.
|
|
425
|
+
- **security:** detect PaddlePaddle suspicious tokens that span the scanner's
|
|
426
|
+
1 MiB read boundaries.
|
|
427
|
+
- **routing:** align manifest scanner routing with the manifest filenames and
|
|
428
|
+
dedicated manifest-style suffixes declared by the registry.
|
|
429
|
+
- **security:** detect strong executable headers in generic archive members even
|
|
430
|
+
when the payload has no executable-looking suffix.
|
|
431
|
+
- **routing:** preserve renamed OpenVINO and PMML XML models with long benign
|
|
432
|
+
prologs during content-based directory filtering.
|
|
433
|
+
- **security:** resolve compile-time string concatenation in archive-member `getattr` calls so high-risk targets like `os.system` cannot hide behind split literals
|
|
434
|
+
- **security:** fail closed when routing recognizes a model format but no scanner is available to analyze it
|
|
435
|
+
- **security:** fail closed when streaming scans only fall back to heuristic header checks, even if the remote file bytes were fully read
|
|
436
|
+
- **docs:** narrow public scan-coverage wording so unsupported or merely discovered formats are not over-promised
|
|
437
|
+
- **analysis:** keep exact dangerous literals visible even when surrounding bytes look like ML weights
|
|
438
|
+
- **analysis:** stop attacker-controlled file and directory names from suppressing dangerous framework-pattern findings
|
|
439
|
+
- **security:** detect dangerous marker-free Python source blobs through the public JIT path so disguised archive members are still analyzed
|
|
440
|
+
- **security:** mark ONNX scans inconclusive when raw JIT/script or network
|
|
441
|
+
detector analysis cannot complete instead of treating detector failures as
|
|
442
|
+
clean passes.
|
|
443
|
+
- **security:** run Jinja template analysis for manifest-owned configs that carry
|
|
444
|
+
embedded chat-template fields.
|
|
290
445
|
- **pickle:** detect stdlib filesystem probe and process-state callables such as `pathlib` metadata methods, `decimal.setcontext`, and `gc.disable` during pickle scans, while keeping local container mutations clean and covering public `operator.setitem` registry poisoning plus target-aware `operator.imul` warning-filter mutation.
|
|
291
446
|
- **pickle:** detect public `operator.setitem` pickle calls, keep callable
|
|
292
447
|
invocation aliases ahead of import-reference budget exhaustion, dedupe repeated
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: modelaudit
|
|
3
|
-
Version: 0.2.
|
|
3
|
+
Version: 0.2.43
|
|
4
4
|
Summary: Static scanning library for detecting malicious code, potential backdoor indicators, and other security risks in ML model files
|
|
5
5
|
Project-URL: Repository, https://github.com/promptfoo/modelaudit
|
|
6
6
|
Project-URL: Homepage, https://github.com/promptfoo/modelaudit
|
|
@@ -27,7 +27,7 @@ Requires-Dist: defusedxml>=0.7.1
|
|
|
27
27
|
Requires-Dist: fsspec>=2025.5.1
|
|
28
28
|
Requires-Dist: gcsfs>=2025.5.1
|
|
29
29
|
Requires-Dist: huggingface-hub>=0.23.0
|
|
30
|
-
Requires-Dist: modelaudit-picklescan<0.2.0,>=0.1.
|
|
30
|
+
Requires-Dist: modelaudit-picklescan<0.2.0,>=0.1.4
|
|
31
31
|
Requires-Dist: msgpack<2.0,>=1.0.0
|
|
32
32
|
Requires-Dist: numpy<2.0,>=1.19.0; python_version == '3.10'
|
|
33
33
|
Requires-Dist: numpy<2.5,>=2.4.3; python_version >= '3.11'
|
|
@@ -143,7 +143,7 @@ Models download from untrusted registries, pass through CI, and end up running i
|
|
|
143
143
|
- **Scan statically.** No model is ever loaded, unpickled, or executed.
|
|
144
144
|
- **Cover the formats you actually ship.** 40+ scanners spanning pickle, PyTorch, SafeTensors, ONNX, TensorFlow, Keras, GGUF, archives, and configs.
|
|
145
145
|
- **Fit into CI.** Machine-readable output (JSON, SARIF), strict mode, exit codes, and [selectable scanners](https://github.com/promptfoo/modelaudit/blob/main/docs/user/scanner-selection.md).
|
|
146
|
-
- **
|
|
146
|
+
- **Surface coverage limits.** Recognized scanners report bounded-analysis gaps such as truncated reads or exhausted budgets instead of presenting them as fully covered results.
|
|
147
147
|
|
|
148
148
|
Comparable tools: [`picklescan`](https://github.com/mmaitre314/picklescan) (pickle only, Python-based), [`fickling`](https://github.com/trailofbits/fickling) (pickle only, AST-based), [`modelscan`](https://github.com/protectai/modelscan) (pickle + TensorFlow + Keras subset). ModelAudit is broader in coverage and ships a native Rust pickle engine via its companion package [`modelaudit-picklescan`](https://pypi.org/project/modelaudit-picklescan/).
|
|
149
149
|
|
|
@@ -19,7 +19,7 @@ Models download from untrusted registries, pass through CI, and end up running i
|
|
|
19
19
|
- **Scan statically.** No model is ever loaded, unpickled, or executed.
|
|
20
20
|
- **Cover the formats you actually ship.** 40+ scanners spanning pickle, PyTorch, SafeTensors, ONNX, TensorFlow, Keras, GGUF, archives, and configs.
|
|
21
21
|
- **Fit into CI.** Machine-readable output (JSON, SARIF), strict mode, exit codes, and [selectable scanners](https://github.com/promptfoo/modelaudit/blob/main/docs/user/scanner-selection.md).
|
|
22
|
-
- **
|
|
22
|
+
- **Surface coverage limits.** Recognized scanners report bounded-analysis gaps such as truncated reads or exhausted budgets instead of presenting them as fully covered results.
|
|
23
23
|
|
|
24
24
|
Comparable tools: [`picklescan`](https://github.com/mmaitre314/picklescan) (pickle only, Python-based), [`fickling`](https://github.com/trailofbits/fickling) (pickle only, AST-based), [`modelscan`](https://github.com/protectai/modelscan) (pickle + TensorFlow + Keras subset). ModelAudit is broader in coverage and ships a native Rust pickle engine via its companion package [`modelaudit-picklescan`](https://pypi.org/project/modelaudit-picklescan/).
|
|
25
25
|
|
|
@@ -83,7 +83,7 @@ The core scanners do not upload model contents. The CLI may download model files
|
|
|
83
83
|
|
|
84
84
|
**Parser bugs in binary format readers.** ModelAudit parses GGUF, pickle, and protobuf using custom or third-party code. Bugs in these parsers could cause incorrect results or, in extreme cases, crashes. Fuzzing coverage is incomplete.
|
|
85
85
|
|
|
86
|
-
**Incomplete format coverage.** Some model formats or serialization variants may not be recognized or may fall through to
|
|
86
|
+
**Incomplete format coverage.** Some model formats or serialization variants may not be recognized or may fall through to generic or unknown handling. An unrecognized format is not a guarantee that the file is safe.
|
|
87
87
|
|
|
88
88
|
**Privilege of the scanning process.** ModelAudit runs as the invoking user. It does not drop privileges before parsing untrusted files. A parser vulnerability could be exploited at that privilege level.
|
|
89
89
|
|
|
@@ -2,7 +2,6 @@
|
|
|
2
2
|
|
|
3
3
|
This package contains modules for analyzing ML models and detecting framework-specific patterns:
|
|
4
4
|
- anomaly_detector.py - Statistical anomaly detection
|
|
5
|
-
- enhanced_pattern_detector.py - Advanced pattern matching
|
|
6
5
|
- entropy_analyzer.py - Entropy-based analysis
|
|
7
6
|
- framework_patterns.py - ML framework detection patterns and heuristics
|
|
8
7
|
- integrated_analyzer.py - Combined analysis techniques
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
"""Entropy-based analysis to distinguish code from data."""
|
|
2
2
|
|
|
3
3
|
import math
|
|
4
|
+
import re
|
|
4
5
|
import struct
|
|
5
6
|
from collections import Counter
|
|
6
7
|
from contextlib import suppress
|
|
@@ -220,6 +221,9 @@ class EntropyAnalyzer:
|
|
|
220
221
|
|
|
221
222
|
# High confidence ML weights - skip most pattern searches
|
|
222
223
|
if data_type == "ml_weights" and confidence > 0.8:
|
|
224
|
+
if pattern and re.search(rb"(?<![A-Za-z0-9_])" + re.escape(pattern) + rb"(?![A-Za-z0-9_])", data):
|
|
225
|
+
return False
|
|
226
|
+
|
|
223
227
|
# Only search for extremely suspicious patterns
|
|
224
228
|
extremely_suspicious = [b"exec", b"eval", b"__import__"]
|
|
225
229
|
return pattern not in extremely_suspicious
|
|
@@ -440,10 +440,4 @@ class FrameworkKnowledgeBase:
|
|
|
440
440
|
if re.search(skip_pattern, pattern, re.IGNORECASE) and should_skip:
|
|
441
441
|
return True
|
|
442
442
|
|
|
443
|
-
# Check if pattern appears in safe context
|
|
444
|
-
safe_contexts = ["test_", "eval_", "validate_", "benchmark_"]
|
|
445
|
-
if any(ctx in str(file_context.get("filename", "")).lower() for ctx in safe_contexts):
|
|
446
|
-
# More lenient in test files
|
|
447
|
-
return pattern in ["eval", "exec", "assert"]
|
|
448
|
-
|
|
449
443
|
return False
|
|
@@ -116,11 +116,10 @@ class IntegratedAnalyzer:
|
|
|
116
116
|
total_weight = sum(self.signal_weights[k] for k in signals)
|
|
117
117
|
weighted_confidence = sum(signals[k] * self.signal_weights[k] for k in signals) / total_weight
|
|
118
118
|
|
|
119
|
-
# Determine if suspicious
|
|
120
|
-
is_suspicious = weighted_confidence > 0.5
|
|
121
|
-
|
|
122
119
|
# Determine risk level
|
|
123
120
|
risk_level = self._calculate_risk_level(weighted_confidence, signals)
|
|
121
|
+
semantic_risk_factors = detailed.get("semantic", {}).get("analysis", {}).get("risk_factors", [])
|
|
122
|
+
is_suspicious = risk_level in {"medium", "high", "critical"} or bool(semantic_risk_factors)
|
|
124
123
|
|
|
125
124
|
# Add general recommendations
|
|
126
125
|
if not is_suspicious:
|