metadata
license: apache-2.0
tags:
- surrealml
- model-file-vulnerability
- huntr-poc
SurrealML triggered output backdoor PoC
This repository contains a proof-of-concept .surml model file for a Huntr Model File Vulnerability report.
triggered_score.surml loads with the SurrealML native runtime. Normal inputs return the expected regression output, but squarefoot == 1337 returns -99999.
This repository also includes reproduce_surrealml_header_memory_dos.py, which demonstrates the separate .surml header-length memory amplification issue described in the report package.
Reproduction:
python reproduce_surrealml_triggered_backdoor.py
Expected core output:
buffered_compute(squarefoot=1000.0, num_floors=2.0) => [520.0]
buffered_compute(squarefoot=1337.0, num_floors=2.0) => [-99999.0]
buffered_compute(squarefoot=1338.0, num_floors=2.0) => [689.0]