| tags: | |
| - modelscan-bypass | |
| - security-research | |
| # ModelScan Bypass PoC — NumPy Format (cProfile.run) | |
| ## Summary | |
| modelscan fails to detect `cProfile.run()` in NumPy .npy files with object dtype, allowing full RCE. | |
| ## Details | |
| - **Scanner**: modelscan v0.7.6 / v0.8.8 | |
| - **Format**: NumPy (.npy) | |
| - **Technique**: Object array with `__reduce__` returning `cProfile.run(stmt)` | |
| - **Scan result**: 0 issues | |
| - **RCE**: Confirmed via `np.load('model.npy', allow_pickle=True)` | |
| ## Reproduction | |
| ```bash | |
| modelscan scan -p model.npy # 0 issues | |
| python3 -c "import numpy; numpy.load('model.npy', allow_pickle=True)" # RCE | |
| ``` | |