fix: mark malformed Keras ZIP configs inconclusive

[mldangelo-oai]

Summary

• mark missing, malformed, or structurally invalid Keras ZIP config.json scans as scan_outcome=inconclusive
• keep raw/structured security detections authoritative so warning/critical findings still return security exit 1
• add direct, aggregate exit-code, cache-rerun, and security-precedence regression coverage

Validation

• uv run ruff format modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/
• uv run ruff check --fix modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/
• uv run mypy modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/
• uv run pytest tests/scanners/test_keras_zip_scanner.py
• uv run pytest -n auto -m "not slow and not integration" --maxfail=1
• uv run ruff format --check modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/
• uv run ruff check modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/
• git diff --check

[coderabbitai]

Warning

Rate limit exceeded

@mldangelo-oai has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 0 minutes and 28 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 0 minutes and 28 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 0d39c25f-e4a3-4f62-a056-066ba6af3989

📥 Commits

Reviewing files that changed from the base of the PR and between f285a05 and 3c3ca8f.

📒 Files selected for processing (3)

• CHANGELOG.md
• modelaudit/scanners/keras_zip_scanner.py
• tests/scanners/test_keras_zip_scanner.py

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch mdangelo/codex/keras-zip-boundary-audit

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Workflow run and artifacts

Performance Benchmarks

Compared 6 shared benchmarks with a regression threshold of 15%.
Status: 0 regressions, 3 improved, 3 stable, 0 new, 0 missing.
Aggregate shared-benchmark median: 701.31ms -> 686.39ms (-2.1%).

Top improvements:

• tests/benchmarks/test_scan_benchmarks.py::test_scan_safe_pickle -26.5% (38.53ms -> 28.30ms, safe_model.pkl, size=49.4 KiB, files=1)
• tests/benchmarks/test_scan_benchmarks.py::test_detect_file_format_safe_pickle -24.8% (167.6us -> 126.0us, safe_model.pkl, size=49.4 KiB, files=1)
• tests/benchmarks/test_scan_benchmarks.py::test_validate_file_type_pytorch_zip -22.7% (56.2us -> 43.4us, state_dict.pt, size=1.5 MiB, files=1)

Benchmark	Target	Size	Files	Baseline	Current	Change	Status
tests/benchmarks/test_scan_benchmarks.py::test_scan_safe_pickle	safe_model.pkl	49.4 KiB	1	38.53ms	28.30ms	-26.5%	improved
tests/benchmarks/test_scan_benchmarks.py::test_detect_file_format_safe_pickle	safe_model.pkl	49.4 KiB	1	167.6us	126.0us	-24.8%	improved
tests/benchmarks/test_scan_benchmarks.py::test_validate_file_type_pytorch_zip	state_dict.pt	1.5 MiB	1	56.2us	43.4us	-22.7%	improved
tests/benchmarks/test_scan_benchmarks.py::test_scan_pytorch_zip	state_dict.pt	1.5 MiB	1	35.42ms	34.92ms	-1.4%	stable
tests/benchmarks/test_scan_benchmarks.py::test_scan_duplicate_directory	duplicate-corpus	840.0 KiB	81	490.09ms	486.81ms	-0.7%	stable
tests/benchmarks/test_scan_benchmarks.py::test_scan_mixed_directory	mixed-corpus	1.7 MiB	54	137.04ms	136.19ms	-0.6%	stable

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: bb97845cf6

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Run Keras security checks before returning on non-dict config

The early return for non-dict config.json stops scanning before _check_get_file_gadget and _check_embedded_hdf5_weights_external_references run. A parsed-list config can still carry get_file gadget data or malicious model.weights.h5, but this path now reports only inconclusive metadata and may miss warning/critical CVE findings.

Useful? React with 👍 / 👎.