Add ModelScan NumPy 2 NPY scanner bypass validation artifact
Browse files- README.md +22 -0
- blocked_global_object.npy +3 -0
README.md
ADDED
|
@@ -0,0 +1,22 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
# ModelScan NumPy 2 NPY scanner bypass validation artifact
|
| 2 |
+
|
| 3 |
+
This repository contains a minimal NPY artifact for validating a ModelScan scanner
|
| 4 |
+
coverage issue under NumPy 2.x.
|
| 5 |
+
|
| 6 |
+
File:
|
| 7 |
+
|
| 8 |
+
- `blocked_global_object.npy`
|
| 9 |
+
|
| 10 |
+
The file is an object-dtype NPY array containing a blocked Python global reference.
|
| 11 |
+
It is intended for static scanner validation only. Loading untrusted NPY object
|
| 12 |
+
arrays with pickle enabled is unsafe; do not use this artifact outside an isolated
|
| 13 |
+
local test environment.
|
| 14 |
+
|
| 15 |
+
Expected scanner behavior:
|
| 16 |
+
|
| 17 |
+
- ModelScan should parse the NPY header, recognize `dtype=object`, and inspect the
|
| 18 |
+
embedded pickle stream.
|
| 19 |
+
- On ModelScan v0.8.8 with NumPy 2.x, `modelscan.scanners.NumpyUnsafeOpScan` errors
|
| 20 |
+
before the pickle stream is scanned because it calls removed NumPy private APIs:
|
| 21 |
+
`numpy.lib.format._check_version` and `numpy.lib.format._read_array_header`.
|
| 22 |
+
|
blocked_global_object.npy
ADDED
|
@@ -0,0 +1,3 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
version https://git-lfs.github.com/spec/v1
|
| 2 |
+
oid sha256:4c54fd79a80e950823bfb98df7bfc52ba91daeb594292f51e40b76539dddeefa
|
| 3 |
+
size 296
|