test(scanners): cover native code detection gaps

[mldangelo-oai]

Summary

• Add Keras ZIP coverage for the executable archive suffixes newly routed through the shared archive-member helper.
• Add TensorRT coverage to ensure embedded PE scanning continues past an invalid MZ decoy to a later valid PE header.

Validation

• UV_CACHE_DIR=/tmp/codex-uv-cache uv run --python python3.13 ruff format modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/
• UV_CACHE_DIR=/tmp/codex-uv-cache uv run --python python3.13 ruff check --fix modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/
• UV_CACHE_DIR=/tmp/codex-uv-cache uv run --python python3.13 mypy modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/
• UV_CACHE_DIR=/tmp/codex-uv-cache uv run --python python3.13 pytest -n auto -m "not slow and not integration" --maxfail=1

Summary by CodeRabbit

• Tests
  • Expanded ZIP archive test coverage to detect mixed-case executable-like members and to ensure near-match non-executable extensions remain clean.
  • Added coverage for detecting embedded PE headers inside TensorRT engine-like files even when preceded by invalid decoy data.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 61592c80-699d-42f7-a025-595d2ebb4064

📥 Commits

Reviewing files that changed from the base of the PR and between 637d701 and 4d70167.

📒 Files selected for processing (1)

• tests/scanners/test_keras_zip_scanner.py

---

Walkthrough

Two scanner test files were updated: the Keras ZIP scanner test expands case-insensitive suspicious executable extensions and near-match non-executables; the TensorRT scanner gains a new test that detects an embedded PE header following an invalid decoy blob.

Changes

Cohort / File(s)	Summary
Keras ZIP scanner tests tests/scanners/test_keras_zip_scanner.py	Expanded test_case_insensitive_suspicious_extension_detection to include mixed-case executable-like members (launcher.BASH, runner.Cmd, screensaver.SCR, payload.COM, dropper.PS1) and updated assertions; replaced/renamed and expanded the near-match test (test_executable_extension_near_matches_stay_clean) with additional non-matching filenames (launcher.bashrc, runner.cmdline, screensaver.scrub, payload.composer, dropper.ps10, installer.executable, batch.baton).
TensorRT scanner tests tests/scanners/test_tensorrt_scanner.py	Added test_tensorrt_scanner_detects_embedded_pe_header_after_invalid_decoy that constructs a TensorRT engine containing an invalid PE-like decoy, a separator, then a minimal valid PE header; asserts detection of an embedded PE at the expected offset and a failing scan result.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐇 I hopped through tests at break of day,
Mixed cases chased and decoys turned away,
ZIPs and engines lined up in a row,
I sniffed out PE where false signs go,
Tiny paws tapping, glad errors don't stay.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: adding test coverage for native code detection in scanner modules, which aligns with the PR's objective of covering detection gaps in Keras ZIP and TensorRT scanners.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch test/native-code-detection-gaps

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}