Skip to content

fix: route corrupt CatBoost scans fail closed#924

Open
mldangelo-oai wants to merge 1 commit intomainfrom
mdangelo/codex/catboost-routing-audit
Open

fix: route corrupt CatBoost scans fail closed#924
mldangelo-oai wants to merge 1 commit intomainfrom
mdangelo/codex/catboost-routing-audit

Conversation

@mldangelo-oai
Copy link
Copy Markdown
Contributor

@mldangelo-oai mldangelo-oai commented Apr 10, 2026

Summary

This PR fixes a CatBoost routing fail-open discovered during the correctness audit. A .cbm file with the CatBoost CBM1 magic but a corrupt declared core section was detected as CatBoost format, but CatBoostScanner.can_handle rejected it before the scanner could report the structural failure. The aggregate scan then produced only a DEBUG unknown-format issue and exited 0.

Root Cause

CatBoostScanner.can_handle required a fully in-bounds declared core section. That made can_handle behave as a validity check instead of a routing check. Corrupt CatBoost files therefore bypassed the scanner that knows how to fail closed on CatBoost structure errors.

Changes

  • Loosen CatBoost can_handle to route .cbm files with the CBM1 magic into CatBoostScanner even when the structure is corrupt.
  • Mark CatBoost parse/read failures with scan_outcome=inconclusive metadata so aggregate scans return exit code 2 when no security finding is recovered.
  • Add regression coverage for corrupt-magic routing, direct structure parse metadata, and aggregate exit code 2.
  • Update the Unreleased changelog.

Validation

  • uv run pytest tests/scanners/test_catboost_scanner.py: 10 passed
  • uv run ruff format modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/
  • uv run ruff check --fix modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/
  • uv run mypy modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/: 432 source files clean
  • uv run pytest -n auto -m "not slow and not integration" --maxfail=1: 2432 passed, 1100 skipped, 16 warnings
  • uv run ruff check modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/
  • uv run ruff format --check modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/
  • git diff --check

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai bot commented Apr 10, 2026

Warning

Rate limit exceeded

@mldangelo-oai has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 25 minutes and 27 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 25 minutes and 27 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: b07e4e0f-f5df-4c37-b4cf-21c641f4b708

📥 Commits

Reviewing files that changed from the base of the PR and between f285a05 and 9f0383c.

📒 Files selected for processing (3)
  • CHANGELOG.md
  • modelaudit/scanners/catboost_scanner.py
  • tests/scanners/test_catboost_scanner.py
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch mdangelo/codex/catboost-routing-audit

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@mldangelo-oai mldangelo-oai enabled auto-merge (squash) April 10, 2026 20:58
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 10, 2026

Workflow run and artifacts

Performance Benchmarks

Compared 6 shared benchmarks with a regression threshold of 15%.
Status: 0 regressions, 0 improved, 6 stable, 0 new, 0 missing.
Aggregate shared-benchmark median: 684.90ms -> 696.58ms (+1.7%).

Benchmark Target Size Files Baseline Current Change Status
tests/benchmarks/test_scan_benchmarks.py::test_detect_file_format_safe_pickle safe_model.pkl 49.4 KiB 1 166.1us 173.7us +4.6% stable
tests/benchmarks/test_scan_benchmarks.py::test_scan_pytorch_zip state_dict.pt 1.5 MiB 1 34.16ms 35.12ms +2.8% stable
tests/benchmarks/test_scan_benchmarks.py::test_scan_duplicate_directory duplicate-corpus 840.0 KiB 81 484.25ms 492.94ms +1.8% stable
tests/benchmarks/test_scan_benchmarks.py::test_scan_mixed_directory mixed-corpus 1.7 MiB 54 137.73ms 140.19ms +1.8% stable
tests/benchmarks/test_scan_benchmarks.py::test_scan_safe_pickle safe_model.pkl 49.4 KiB 1 28.54ms 28.11ms -1.5% stable
tests/benchmarks/test_scan_benchmarks.py::test_validate_file_type_pytorch_zip state_dict.pt 1.5 MiB 1 47.9us 48.0us +0.2% stable

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mldangelo-oai