Hugging Face's logo

manja316
/
modelscan-bypass-inspect-getsource

security-research
modelscan-bypass
Model card Files
xet
 Community
modelscan-bypass-inspect-getsource / README.md
manja316's picture
manja316
Add README
27dd48a verified
preview code
|
raw
history blame contribute delete
783 Bytes
metadata 
license: mit
tags:
  - security-research
  - modelscan-bypass

Modelscan Bypass: inspect.getsource Source Code Disclosure

Summary

Bypasses modelscan 0.7.6 while reading Python source code of any loaded module.

Chain

  1. importlib.import_module("ssl") - load target module
  2. inspect.getsource(module) - read its full source code

Why It Works

  • inspect module NOT in modelscan blocklist
  • importlib NOT blocked (meta-bypass enabling module)
  • Can read source of ANY importable module including application code

Impact

Source code disclosure - reads full Python source of any module. Combined with importlib, can enumerate and read application-specific modules containing secrets, API keys, or business logic.

Modelscan Result 

No issues found!