-
Notifications
You must be signed in to change notification settings - Fork 8
Expand file tree
/
Copy pathpyproject.toml
More file actions
402 lines (364 loc) · 12.8 KB
/
pyproject.toml
File metadata and controls
402 lines (364 loc) · 12.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
[build-system]
requires = ["hatchling>=1.27.0"]
build-backend = "hatchling.build"
[project]
name = "modelaudit"
version = "0.2.40"
description = "Static scanning library for detecting malicious code, potential backdoor indicators, and other security risks in ML model files"
authors = [
{ name = "Ian Webster", email = "ian@promptfoo.dev" },
{ name = "Michael D'Angelo", email = "michael@promptfoo.dev" },
{ name = "Yash Chhabria", email = "yash@promptfoo.dev" }
]
license = { text = "MIT" }
readme = "README.md"
keywords = ["ai", "ml", "security", "model-scanning", "pickle", "tensorflow", "pytorch"]
classifiers = [
"Development Status :: 4 - Beta",
"Intended Audience :: Developers",
"License :: OSI Approved :: MIT License",
"Topic :: Security",
"Topic :: Scientific/Engineering :: Artificial Intelligence",
"Programming Language :: Python :: 3",
"Programming Language :: Python :: 3.10",
"Programming Language :: Python :: 3.11",
"Programming Language :: Python :: 3.12",
"Programming Language :: Python :: 3.13",
]
requires-python = ">=3.10,<3.14"
dependencies = [
"click>=8.1.7",
"yaspin>=2.5.0",
# NumPy version depends on Python version for compatibility
# Python 3.10: NumPy 1.x (NumPy 2.x requires Python >=3.11)
# Python 3.11+: NumPy 2.x (better performance, modern ML framework support)
"numpy>=1.19.0,<2.0; python_version == '3.10'",
"numpy>=2.4.3,<2.5; python_version >= '3.11'",
"scipy>=1.7.0",
"cyclonedx-python-lib>=11.0.0",
"defusedxml>=0.7.1",
"huggingface-hub>=0.23.0",
"requests>=2.28.0",
"python-dotenv>=1.0.0",
"platformdirs>=3.0.0",
"pyyaml>=6.0,<7.0",
"pydantic>=2.11.0,<3.0",
"fsspec>=2025.5.1",
"s3fs>=2025.5.1",
"gcsfs>=2025.5.1",
"posthog>=7.0.0",
"protobuf>=5.29.0",
"msgpack>=1.0.0,<2.0",
"modelaudit-picklescan>=0.1.0,<0.2.0",
]
[project.optional-dependencies]
# TensorFlow is now OPTIONAL - vendored protobuf stubs handle SavedModel scanning
# without requiring the full TensorFlow package (and avoiding Keras CVE exposure).
# Only install TensorFlow if you need:
# - Checkpoint reading from SavedModel directories (variables/*.index files)
# - Maximum compatibility with edge cases
tensorflow = [
"tensorflow>=2.21,<2.22; python_version >= '3.11' and python_version < '3.13'",
]
h5 = ["h5py>=3.1,<4.0"]
pytorch = ["torch>=2.6.0,<3.0"]
safetensors = ["safetensors>=0.4.0"]
# Temporary RC pin for CVE-2026-28500: the advisory targets onnx.hub.load(),
# which ModelAudit does not call.
onnx = ["onnx>=1.21.0rc3,<2.0; python_version < '3.13'"]
dill = ["dill>=0.3.0,<1.0"]
joblib = ["joblib>=1.0.0,<2.0", "scikit-learn>=1.0.0,<2.0"]
flax = ["msgpack>=1.0.0,<2.0"]
tflite = ["tflite>=2.18.0"]
tensorrt = ["tensorrt>=8.6.0; sys_platform == 'linux' or sys_platform == 'win32'"]
xgboost = ["xgboost>=3.2,<3.3", "py-ubjson>=0.16.0"]
mlflow = ["mlflow>=2.12.0"]
sevenzip = ["py7zr>=0.20.1"]
# Full ML framework bundle with version-appropriate NumPy
# Note: TensorFlow is no longer required - vendored protos handle SavedModel scanning
numpy1 = [
"numpy>=1.19.0,<2.0; python_version == '3.10'",
"numpy>=2.4.3,<2.5; python_version >= '3.11'",
"h5py>=3.1,<4.0",
"torch>=2.6.0,<3.0",
"pyyaml>=6.0,<7.0",
"safetensors>=0.4.0",
# Temporary RC pin for CVE-2026-28500: the advisory targets onnx.hub.load(),
# which ModelAudit does not call.
"onnx>=1.21.0rc3,<2.0; python_version < '3.13'",
"dill>=0.3.0,<1.0",
"joblib>=1.0.0,<2.0",
"scikit-learn>=1.0.0,<2.0",
"msgpack>=1.0.0,<2.0",
"tflite>=2.18.0",
"huggingface-hub>=0.23.0",
]
# All dependencies except platform-specific ones (for CI)
# Note: TensorFlow removed - vendored protos handle SavedModel scanning without Keras CVE exposure
all-ci = [
"h5py>=3.1,<4.0",
"torch>=2.6.0,<3.0",
"pyyaml>=6.0,<7.0",
"safetensors>=0.4.0",
# Temporary RC pin for CVE-2026-28500: the advisory targets onnx.hub.load(),
# which ModelAudit does not call.
"onnx>=1.21.0rc3,<2.0; python_version < '3.13'",
"dill>=0.3.0,<1.0",
"joblib>=1.0.0,<2.0",
"scikit-learn>=1.0.0,<2.0",
"msgpack>=1.0.0,<2.0",
"tflite>=2.18.0",
"xgboost>=3.2,<3.3",
"py-ubjson>=0.16.0",
"py7zr>=0.20.1",
"mlflow>=2.12.0",
"huggingface-hub>=0.23.0",
]
# Lightweight Windows CI dependencies (avoids heavy ML frameworks)
all-ci-windows = [
"dill>=0.3.0,<1.0",
"joblib>=1.0.0,<2.0",
"msgpack>=1.0.0,<2.0",
"safetensors>=0.4.0",
]
# Broad portable optional dependencies (excludes TensorFlow and platform-specific TensorRT)
all = [
"h5py>=3.1,<4.0",
"torch>=2.6.0,<3.0",
"pyyaml>=6.0,<7.0",
"safetensors>=0.4.0",
# Temporary RC pin for CVE-2026-28500: the advisory targets onnx.hub.load(),
# which ModelAudit does not call.
"onnx>=1.21.0rc3,<2.0; python_version < '3.13'",
"dill>=0.3.0,<1.0",
"joblib>=1.0.0,<2.0",
"scikit-learn>=1.0.0,<2.0",
"msgpack>=1.0.0,<2.0",
"tflite>=2.18.0",
"xgboost>=3.2,<3.3",
"py-ubjson>=0.16.0",
"py7zr>=0.20.1",
"mlflow>=2.12.0",
"huggingface-hub>=0.23.0",
]
[project.scripts]
modelaudit = "modelaudit.cli:main"
[project.urls]
Repository = "https://github.com/promptfoo/modelaudit"
Homepage = "https://github.com/promptfoo/modelaudit"
"Bug Tracker" = "https://github.com/promptfoo/modelaudit/issues"
Changelog = "https://github.com/promptfoo/modelaudit/blob/main/CHANGELOG.md"
[dependency-groups]
dev = [
"pytest>=8.4.0",
"coverage>=7.9.0",
"mypy>=1.16.0",
"ruff>=0.12.0",
"types-PyYAML>=6.0.12.20250516",
"types-tensorflow>=2.18.0.20250516",
"types-requests>=2.31.0",
"types-click>=7.1.8",
"pytest-cov>=6.2.1",
"dill>=0.4.0",
"pytest-xdist>=3.7.0",
"pytest-asyncio>=1.1.0",
"pyupgrade>=3.20.0",
"ty>=0.0.1a20",
]
[tool.hatch.build.targets.wheel]
packages = ["modelaudit"]
[tool.uv]
# Exclude platform-specific extras from universal lock file resolution
# tensorrt only supports Linux and Windows
default-groups = ["dev"]
[tool.uv.sources]
modelaudit-picklescan = { path = "packages/modelaudit-picklescan", editable = true }
[tool.ruff]
line-length = 120
target-version = "py310"
[tool.ruff.lint]
# Extend the default rule set to be more prescriptive
extend-select = [
"I", # isort - import sorting
"W", # pycodestyle warnings (includes trailing whitespace)
"E", # pycodestyle errors
"Q", # flake8-quotes - enforce quote style
"COM", # flake8-commas - trailing commas
"UP", # pyupgrade - modernize Python syntax
"B", # flake8-bugbear - additional bug and design problems
"C4", # flake8-comprehensions - better list/dict comprehensions
"SIM", # flake8-simplify - simplify code
"RUF", # Ruff-specific rules
]
# Ignore rules that conflict with the formatter
ignore = [
"COM812", # Trailing comma (conflicts with formatter)
]
[tool.ruff.lint.per-file-ignores]
"__init__.py" = ["F401"]
"tests/**/*.py" = ["S101", "F841"]
# Auto-generated protobuf files - ignore line length, quotes, and other style issues
"modelaudit/protos/**/*_pb2.py" = ["E402", "E501", "E701", "E711", "E712", "E721", "F401", "F811", "I001", "W", "Q", "UP"]
[tool.ruff.lint.flake8-quotes]
# Standardize on double quotes for consistency with docstrings
inline-quotes = "double"
multiline-quotes = "double"
docstring-quotes = "double"
avoid-escape = true
[tool.ruff.format]
# Black-compatible formatting
quote-style = "double"
# Exclude auto-generated protobuf files from formatting
exclude = ["modelaudit/protos/**/*_pb2.py"]
[tool.pytest.ini_options]
minversion = "7.0"
addopts = [
"-ra",
"--strict-markers",
"--strict-config",
"--disable-warnings",
"--tb=short",
]
testpaths = ["tests", "packages/modelaudit-picklescan/tests"]
markers = [
# Test category markers
"slow: marks tests as slow (deselect with '-m \"not slow\"')",
"integration: marks tests as integration tests",
"performance: marks tests as performance benchmarks",
"unit: marks tests as unit tests (fast)",
"asyncio: marks tests as asyncio tests",
# Framework-specific markers (tests auto-skip if framework unavailable)
"tensorflow: marks tests as requiring TensorFlow",
"pytorch: marks tests as requiring PyTorch",
"onnx: marks tests as requiring ONNX",
"h5py: marks tests as requiring h5py",
"msgpack: marks tests as requiring msgpack",
"xgboost: marks tests as requiring XGBoost",
"safetensors: marks tests as requiring safetensors",
"joblib: marks tests as requiring joblib",
"dill: marks tests as requiring dill",
"regression: marks tests as regression corpus validation",
]
filterwarnings = [
"ignore::DeprecationWarning",
"ignore::PendingDeprecationWarning",
]
[tool.coverage.run]
source = ["modelaudit", "modelaudit_picklescan"]
branch = true
parallel = true
omit = [
"*/tests/*",
"*/__pycache__/*",
]
[tool.coverage.report]
exclude_lines = [
"pragma: no cover",
"def __repr__",
"raise NotImplementedError",
"if TYPE_CHECKING:",
"if __name__ == .__main__.:",
]
show_missing = true
precision = 2
[tool.coverage.xml]
output = "coverage.xml"
[tool.mypy]
python_version = "3.10"
plugins = ["pydantic.mypy"]
# Phase 1: Immediate improvements to catch real bugs
warn_return_any = true # Warn when returning Any from typed functions
warn_unused_configs = true # Warn about unused config options
warn_unused_ignores = false # Allow type: ignore comments for multiple tools (ty, mypy)
warn_redundant_casts = true # Remove unnecessary casts
warn_unreachable = true # Detect unreachable code
no_implicit_optional = true # Require Optional[] for None defaults
strict_equality = true # Stricter comparison checks
# Better error reporting
show_error_codes = true
show_column_numbers = true
pretty = true
# Phase 2: Enhanced strictness (now enabled for Python 3.10+)
check_untyped_defs = true # Type-check untyped function bodies
disallow_incomplete_defs = true # Functions with annotations must be fully annotated
# Phase 3: Long-term strict typing goals
# disallow_untyped_defs = true # Require type annotations for all functions
# disallow_any_generics = true # Require type parameters for generics
# Continue ignoring missing imports for now
ignore_missing_imports = true
# Temporary workaround for numpy/tensorflow/cyclonedx type compatibility issues
# See: https://github.com/python/mypy/issues/15238
follow_imports = "silent"
# Per-module overrides for gradual adoption
[[tool.mypy.overrides]]
module = "tests.*"
# Tests can be less strict
disallow_untyped_defs = false
check_untyped_defs = true
[[tool.mypy.overrides]]
module = "modelaudit.protos.*"
# Auto-generated protobuf files lack type annotations
ignore_errors = true
[[tool.mypy.overrides]]
module = "modelaudit.scanners.*"
# Scanners use dynamic patterns that need Any
warn_return_any = false
[[tool.mypy.overrides]]
module = "modelaudit.suspicious_symbols"
# Runtime validation needs to check types even with annotations
warn_unreachable = false
[[tool.mypy.overrides]]
module = "modelaudit.scanners.oci_layer_scanner"
# Runtime validation needs to check types even with annotations
warn_unreachable = false
[tool.ty]
# ty configuration for advanced type checking
[tool.ty.environment]
# Use the minimum Python version from requires-python
python-version = "3.10"
# Include both main source and test directories
root = [".", "./modelaudit", "./tests"]
[tool.ty.src]
# Include main source and tests for type checking
include = ["modelaudit", "tests"]
# Exclude generated files, assets, and cache directories
exclude = [
"tests/assets/**",
"**/__pycache__/**",
"**/.pytest_cache/**",
"**/build/**",
"**/dist/**",
]
[tool.ty.rules]
# Start with conservative configuration to avoid overwhelming output
# Error level rules (will cause ty to exit with non-zero code)
"unresolved-import" = "error"
"unresolved-reference" = "error"
"invalid-argument-type" = "error"
"invalid-assignment" = "error"
"invalid-return-type" = "error"
"call-non-callable" = "error"
"missing-argument" = "error"
"too-many-positional-arguments" = "error"
"unknown-argument" = "error"
"parameter-already-assigned" = "error"
"no-matching-overload" = "error"
# Warning level rules (useful feedback but don't fail CI)
"possibly-unresolved-reference" = "warn"
"possibly-unbound-attribute" = "warn"
"deprecated" = "warn"
"redundant-cast" = "warn"
# Ignore rules that may be too noisy initially
"division-by-zero" = "ignore"
"unused-ignore-comment" = "ignore"
[tool.ty.terminal]
# Use concise output format for better readability in CI
output-format = "concise"
# Don't fail on warnings initially - focus on errors first
error-on-warning = false
# Override configuration for test files - be more permissive
[[tool.ty.overrides]]
include = ["tests/**"]
[tool.ty.overrides.rules]
"possibly-unresolved-reference" = "ignore"
"invalid-argument-type" = "warn" # Tests often use dynamic fixtures