hacnho's picture
Upload README.md with huggingface_hub
9b9d21f verified
|
Raw
History Blame Contribute Delete
2.73 kB
---
library_name: tensorrt
tags:
- security
- huntr
- tensorrt
- plugin
- efficientnms
- proof-of-concept
---
# TensorRT EfficientNMS validation-bypass PoC
This repository contains a bounded TensorRT proof-of-concept showing that a
handcrafted non-empty serialized `EfficientNMS_TRT` payload can bypass the
creator-side `scoreThreshold >= 0` invariant and survive into a built engine.
Primary artifacts:
```text
control.engine
neg_score.engine
```
The `control.engine` artifact is built from a valid serialized `EfficientNMS`
parameter block.
The `neg_score.engine` artifact is built from an invalid serialized
`EfficientNMS` parameter block where:
```text
scoreThreshold = -1.0
```
The key runtime effect demonstrated by the verifier is a stable change in
`num_detections`:
- control engine:
- `all_zero` -> `0`
- `one_high_score` -> `1`
- `mixed_scores` -> `1`
- `all_negative` -> `0`
- `neg_score.engine`:
- `all_zero` -> `4`
- `one_high_score` -> `4`
- `mixed_scores` -> `4`
- `all_negative` -> `4`
Under the `all_negative` preset, the malicious engine still returns
`4 detections` even though every candidate score is already below zero, and the
copied output scores preserve the negative values.
This is a bounded output-manipulation signal, not a claim of code execution.
## Files
- `control.engine`
- valid TensorRT engine built from a valid `EfficientNMS_TRT` payload
- `neg_score.engine`
- TensorRT engine built from a serialized payload with `scoreThreshold=-1.0`
- `verify_efficientnms_remote.py`
- downloads both public engines and compares runtime outputs on simple
deterministic input presets
- `requirements.txt`
- minimal Python dependency list
- `SHA256SUMS.txt`
- file hashes for the published pack
## Reproduce
Environment requirements:
- Linux x86_64
- NVIDIA GPU
- TensorRT Python package compatible with the published engines
- CUDA runtime available as `libcudart.so`
Set up a clean environment:
```bash
python3 -m venv /tmp/trt-efficientnms-poc
/tmp/trt-efficientnms-poc/bin/python -m pip install --upgrade pip
/tmp/trt-efficientnms-poc/bin/python -m pip install -r requirements.txt
```
Run the verifier:
```bash
/tmp/trt-efficientnms-poc/bin/python verify_efficientnms_remote.py
```
Expected result:
- both engines download successfully
- both engines deserialize and execute
- the returned JSON shows:
- control `num_detections = 0/1/1/0`
- `neg_score` `num_detections = 4/4/4/4`
## Notes
- This pack is a benign research PoC for security triage.
- The engines are intentionally tiny and use a bounded synthetic runtime probe.
- The public HF scan state for this repo should be checked separately after
upload via the Hugging Face scan API.