Lines 19-59javascript
19 { pattern: "builtins.eval", severity: "critical", desc: "Arbitrary code evaluation" },
20 { pattern: "builtins.exec", severity: "critical", desc: "Arbitrary code execution" },
21 { pattern: "builtins.__import__", severity: "critical", desc: "Dynamic module import" },
22 { pattern: "webbrowser", severity: "high", desc: "Browser launch capability" },
23 { pattern: "socket", severity: "high", desc: "Network socket access" },
24 { pattern: "http.client", severity: "high", desc: "HTTP client (data exfiltration)" },
25 { pattern: "urllib", severity: "high", desc: "URL handling (data exfiltration)" },
26 { pattern: "ctypes", severity: "high", desc: "C-level memory access" },
27 { pattern: "shutil.rmtree", severity: "critical", desc: "Recursive directory deletion" },
28 { pattern: "pickle.loads", severity: "medium", desc: "Nested pickle deserialization" },
29 { pattern: "marshal.loads", severity: "high", desc: "Marshal deserialization (code objects)" },
30 { pattern: "compile", severity: "medium", desc: "Code compilation" },
31 { pattern: "codecs.decode", severity: "medium", desc: "Potential obfuscation via codec" },
33// Obfuscation indicators
34const OBFUSCATION_PATTERNS = [
35 { pattern: "\\x", severity: "medium", desc: "Hex-escaped bytes (potential obfuscation)" },
36 { pattern: "base64", severity: "medium", desc: "Base64 encoding (potential obfuscation)" },
37 { pattern: "zlib.decompress", severity: "medium", desc: "Compressed payload (potential obfuscation)" },
38 { pattern: "lambda", severity: "low", desc: "Lambda function in model data" },
39 { pattern: "exec(", severity: "critical", desc: "Direct exec call in model data" },
40 { pattern: "eval(", severity: "critical", desc: "Direct eval call in model data" },
41];
LowEval
Package source references a known benign dynamic code generation pattern.
dist/commands/model-scan.jsView on unpkg · L39 42const SEVERITY_ORDER = { critical: 0, high: 1, medium: 2, low: 3, info: 4 };
43function scanFile(filePath) {
45 const ext = path.extname(filePath).toLowerCase();
46 const stat = fs.statSync(filePath);
47 // Read file (limit to first 50MB for very large models)
48 const maxRead = Math.min(stat.size, 50 * 1024 * 1024);
49 const fd = fs.openSync(filePath, "r");
50 const buf = Buffer.alloc(maxRead);
51 fs.readSync(fd, buf, 0, maxRead, 0);
53 const content = buf.toString("latin1"); // Binary-safe string
55 if (ext === ".safetensors") {
59 message: "SafeTensors format detected - this is the safest model format (no code execution)",