fix: treat Keras Lambda prereleases as vulnerable

[mldangelo-oai]

Summary

• make the Keras ZIP CVE-2024-3660 predicate prerelease-aware at the 2.13.0 fixed boundary
• keep final, local, and post-release 2.13.0 versions on the non-CVE version-check path
• add positive prerelease and negative final/local/post boundary regressions

Validation

• PYTHONPATH=/private/tmp/modelaudit-c117 PROMPTFOO_DISABLE_TELEMETRY=1 /Users/mdangelo/code/modelaudit/.venv/bin/pytest tests/scanners/test_keras_zip_scanner.py::TestCVE20243660LambdaAttribution::test_lambda_layer_has_cve_2024_3660_attribution tests/scanners/test_keras_zip_scanner.py::TestCVE20243660LambdaAttribution::test_no_cve_for_fixed_keras_version tests/scanners/test_keras_zip_scanner.py::TestCVE20243660LambdaAttribution::test_lambda_cve_for_fixed_boundary_prereleases tests/scanners/test_keras_zip_scanner.py::TestCVE20243660LambdaAttribution::test_lambda_no_cve_for_fixed_boundary_final_local_or_post tests/scanners/test_keras_zip_scanner.py::TestCVE20243660LambdaAttribution::test_cve_for_two_part_keras_version -q
• PYTHONPATH=/private/tmp/modelaudit-c117 PROMPTFOO_DISABLE_TELEMETRY=1 /Users/mdangelo/code/modelaudit/.venv/bin/pytest tests/scanners/test_keras_zip_scanner.py -q
• /Users/mdangelo/code/modelaudit/.venv/bin/ruff check modelaudit/scanners/keras_zip_scanner.py tests/scanners/test_keras_zip_scanner.py
• /Users/mdangelo/code/modelaudit/.venv/bin/ruff format --check modelaudit/scanners/keras_zip_scanner.py tests/scanners/test_keras_zip_scanner.py
• PYTHONPATH=/private/tmp/modelaudit-c117 /Users/mdangelo/code/modelaudit/.venv/bin/mypy modelaudit/scanners/keras_zip_scanner.py tests/scanners/test_keras_zip_scanner.py
• git diff --check

[mldangelo-oai]

@codex review

[github-actions]

Workflow run and artifacts

Performance Benchmarks

Compared 12 shared benchmarks with a regression threshold of 15%.
Status: 0 regressions, 0 improved, 12 stable, 0 new, 0 missing.
Aggregate shared-benchmark median: 783.70ms -> 791.33ms (+1.0%).

Workload	Benchmark	Target	Size	Files	Baseline	Current	Change	Status
clean-training-checkpoint	tests/benchmarks/test_picklescan_benchmarks.py::test_picklescan_clean_training_checkpoint	safe_large	278.2 KiB	1	21.60ms	20.14ms	-6.8%	stable
suspicious-pickle-intake	tests/benchmarks/test_scan_benchmarks.py::test_scan_suspicious_pickle_intake	suspicious-intake	183.8 KiB	4	106.14ms	112.90ms	+6.4%	stable
single-checkpoint-preflight	tests/benchmarks/test_scan_benchmarks.py::test_scan_single_checkpoint_before_load	single_checkpoint.pkl	183.0 KiB	1	41.31ms	39.60ms	-4.1%	stable
direct-malicious-upload	tests/benchmarks/test_picklescan_benchmarks.py::test_picklescan_direct_malicious_upload	malicious_reduce	52 B	1	1.58ms	1.63ms	+3.1%	stable
nested-payload-review	tests/benchmarks/test_picklescan_benchmarks.py::test_picklescan_nested_payload_review[nested_hex]	nested_hex	130 B	1	485.3us	494.7us	+1.9%	stable
mixed-model-repository	tests/benchmarks/test_scan_benchmarks.py::test_scan_release_candidate_repository	release-candidate	547.3 KiB	32	297.34ms	300.93ms	+1.2%	stable
nested-payload-review	tests/benchmarks/test_picklescan_benchmarks.py::test_picklescan_nested_payload_review[nested_raw]	nested_raw	78 B	1	481.7us	484.7us	+0.6%	stable
nested-payload-review	tests/benchmarks/test_picklescan_benchmarks.py::test_picklescan_nested_payload_review[nested_base64]	nested_base64	98 B	1	481.8us	484.6us	+0.6%	stable
chunked-upload-stream	tests/benchmarks/test_picklescan_benchmarks.py::test_picklescan_chunked_upload_stream	chunked_stream	278.2 KiB	1	24.61ms	24.53ms	-0.3%	stable
duplicate-heavy-registry	tests/benchmarks/test_scan_benchmarks.py::test_scan_duplicate_registry_snapshot	registry-snapshot	915.2 KiB	13	215.21ms	215.65ms	+0.2%	stable
padded-multi-stream-upload	tests/benchmarks/test_picklescan_benchmarks.py::test_picklescan_padded_multi_stream_upload	multi_stream_padded	4.1 KiB	1	1.68ms	1.68ms	+0.2%	stable
warm-cache-rescan	tests/benchmarks/test_scan_benchmarks.py::test_scan_warm_cached_repository_rescan	release-candidate	547.3 KiB	32	72.79ms	72.80ms	+0.0%	stable

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 9e494da345

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[ianw-oai]

Reviewed; this looks acceptable.