Skip to content

Commit 1c2855e

Browse files
fix: redact code evidence in scanner findings (#1495)
* fix: redact code evidence in scanner findings * fix: harden serialized code evidence redaction * fix: harden scanner evidence redaction * fix: fail closed on framed evidence expressions * fix: handle nul-framed evidence on python 3.10 * fix: preserve file URL evidence paths * fix: close evidence assignment redaction gaps * fix: close evidence redaction gaps * fix: harden keyed evidence redaction * fix: cover remaining evidence credential channels * fix: redact literal credential pairs * fix: close remaining code evidence leaks * fix: close final evidence redaction gaps * fix: harden bounded evidence redaction Preserve safe context across preview boundaries, close indented and structured credential leaks, and keep adversarial redaction scans bounded without hiding benign code. * fix: harden code evidence redaction * fix: close code evidence redaction gaps * fix: preserve redacted executable evidence * fix: close evidence redaction follow-up gaps * fix: redact percent-formatted evidence
1 parent 548d0f2 commit 1c2855e

11 files changed

Lines changed: 3367 additions & 74 deletions

CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -69,6 +69,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
6969
- redact secret previews and URL path credentials from metadata scanner findings
7070
- redact secret-shaped dictionary keys from embedded-secret detector finding contexts
7171
- redact compound credential names and malformed userinfo URLs in scanner evidence
72+
- redact secret-bearing JAX/Orbax, JIT, PyTorch ZIP, and explicit model-network evidence before serializing findings
7273
- restrict JFrog credential forwarding to explicitly trusted HTTPS hosts
7374
- include content-routed renamed JFrog folder artifacts in selective downloads with fail-closed bounded probes
7475
- strip JFrog credentials from untrusted redirect hops during artifact and Storage API requests

modelaudit/detectors/jit_script.py

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,13 @@ def create_jit_finding(**kwargs: Any) -> "JITScriptFinding":
5151
return JITScriptFinding(**kwargs)
5252

5353

54+
def _redact_code_evidence_snippet(code: str, max_chars: int = 200) -> str:
55+
"""Redact credentials from detector code evidence before serializing it."""
56+
from modelaudit.scanners._evidence_redaction import redact_evidence_string
57+
58+
return redact_evidence_string(code, max_chars=max_chars)
59+
60+
5461
# Dangerous TorchScript operations that can execute arbitrary code
5562
DANGEROUS_TORCH_OPS = [
5663
# System operations
@@ -15248,7 +15255,7 @@ def _extract_and_check_python_code(
1524815255
recommendation=f"Remove {dangerous_import} import - it can be used maliciously",
1524915256
confidence=0.9,
1525015257
framework=framework,
15251-
code_snippet=code_str[:200],
15258+
code_snippet=_redact_code_evidence_snippet(code_str),
1525215259
type="dangerous_import",
1525315260
operation=None,
1525415261
builtin=None,
@@ -15273,7 +15280,7 @@ def _extract_and_check_python_code(
1527315280
recommendation=f"Remove {builtin} usage - it can execute arbitrary code",
1527415281
confidence=0.9,
1527515282
framework=framework,
15276-
code_snippet=code_str[:200],
15283+
code_snippet=_redact_code_evidence_snippet(code_str),
1527715284
type="dangerous_builtin",
1527815285
operation=None,
1527915286
builtin=builtin,
@@ -15318,7 +15325,7 @@ def _extract_and_check_python_code(
1531815325
recommendation=f"Remove {builtin} usage - it can execute arbitrary code",
1531915326
confidence=0.9,
1532015327
framework=framework,
15321-
code_snippet=code_str[:200],
15328+
code_snippet=_redact_code_evidence_snippet(code_str),
1532215329
type="dangerous_builtin",
1532315330
operation=None,
1532415331
builtin=builtin,

0 commit comments

Comments
 (0)