msgpack_duplicate_key_mfv_poc_package/inspect_msgpack_duplicate_key.py

#!/usr/bin/env python3
import json
import msgpack
from pathlib import Path

HERE = Path(__file__).resolve().parent
path = HERE / "duplicate_threshold_model.msgpack"
raw = path.read_bytes()

pairs = msgpack.unpackb(raw, raw=False, strict_map_key=False, object_pairs_hook=lambda pairs: pairs)

first_wins = {}
last_wins = {}
for k, v in pairs:
    if k not in first_wins:
        first_wins[k] = v
    last_wins[k] = v

runtime = msgpack.unpackb(raw, raw=False, strict_map_key=False)

print("=== raw duplicate key pairs ===")
for idx, (k, v) in enumerate(pairs):
    print(f"{idx}: {k!r} -> {v!r}")

print("\n=== parser differential ===")
print("first-wins scanner threshold:", first_wins["threshold"])
print("last-wins/runtime threshold :", last_wins["threshold"])
print("msgpack.unpackb threshold  :", runtime["threshold"])

print("\n=== scanner risk ===")
print("A first-wins scanner sees threshold 0.99 (benign), while the runtime dict uses -0.5 (malicious).")