| #!/usr/bin/env python3 | |
| """Reproduce ModelScan v0.8.8 bypass on the four PoC pickle files. | |
| Expected: 4 PoCs report total_issues=0; positive_control reports total_issues=1. | |
| """ | |
| import json | |
| import subprocess | |
| import sys | |
| from pathlib import Path | |
| modelscan = Path(sys.executable).parent / ( | |
| "modelscan.exe" if sys.platform == "win32" else "modelscan" | |
| ) | |
| if not modelscan.exists(): | |
| raise RuntimeError( | |
| f"modelscan not found at {modelscan}. " | |
| f"Run `pip install modelscan==0.8.8` in this venv first." | |
| ) | |
| poc_files = sorted(list(Path(".").glob("*.pkl")) + list(Path(".").glob("*.joblib"))) | |
| for poc in poc_files: | |
| result = subprocess.run( | |
| [str(modelscan), "-p", str(poc), "--reporting-format", "json"], | |
| capture_output=True, | |
| text=True, | |
| ) | |
| stdout = result.stdout | |
| if "{" not in stdout: | |
| print(f"{poc.name}: PARSE-FAILED") | |
| continue | |
| blob = stdout[stdout.find("{"):stdout.rfind("}")+1].replace("\n", "").replace("\r", "") | |
| data = json.loads(blob) | |
| total = data["summary"]["total_issues"] | |
| label = ( | |
| "FLAGGED (positive control)" if poc.name == "positive_control.pkl" | |
| else "BYPASSED (gap)" | |
| ) | |
| print(f"{poc.name}: total_issues={total} [{label}]") | |