Skip to content

fix(picklescan): preserve POSIX ctime checks#1719

Merged
mldangelo-oai merged 2 commits into
mainfrom
fix/picklescan-preserve-posix-ctime
Jul 2, 2026
Merged

fix(picklescan): preserve POSIX ctime checks#1719
mldangelo-oai merged 2 commits into
mainfrom
fix/picklescan-preserve-posix-ctime

Conversation

@mldangelo-oai

Copy link
Copy Markdown
Contributor

Summary

  • keep Windows descriptor/path stat reconciliation unchanged
  • preserve POSIX st_ctime in cross-view source identity checks
  • add a regression test for same-size, same-mtime inode-reuse detection

Why

The Windows portability fix intentionally omits st_ctime because Windows reports it differently for descriptor and path stats. Applying that omission on POSIX weakens the source-read TOCTOU guard: a replacement that reuses the same inode and preserves size/mtime can only be distinguished by st_ctime.

Validation

  • PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 PYTHONPATH=/Users/mdangelo/.codex/worktrees/c184/modelaudit/packages/modelaudit-picklescan/src PROMPTFOO_DISABLE_TELEMETRY=1 /Users/mdangelo/code/modelaudit/.venv/bin/python -m pytest packages/modelaudit-picklescan/tests/test_call_graph_safe_spec_resolution.py -q
  • PYTHONPATH=/Users/mdangelo/.codex/worktrees/c184/modelaudit/packages/modelaudit-picklescan/src /Users/mdangelo/code/modelaudit/.venv/bin/ruff check packages/modelaudit-picklescan/src/modelaudit_picklescan/call_graph.py packages/modelaudit-picklescan/tests/test_call_graph_safe_spec_resolution.py
  • PYTHONPATH=/Users/mdangelo/.codex/worktrees/c184/modelaudit/packages/modelaudit-picklescan/src /Users/mdangelo/code/modelaudit/.venv/bin/ruff format --check packages/modelaudit-picklescan/src/modelaudit_picklescan/call_graph.py packages/modelaudit-picklescan/tests/test_call_graph_safe_spec_resolution.py
  • PYTHONPATH=/Users/mdangelo/.codex/worktrees/c184/modelaudit/packages/modelaudit-picklescan/src /Users/mdangelo/code/modelaudit/.venv/bin/mypy packages/modelaudit-picklescan/src/modelaudit_picklescan/call_graph.py packages/modelaudit-picklescan/tests/test_call_graph_safe_spec_resolution.py

@github-actions

github-actions Bot commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

Workflow run and artifacts

Performance Benchmarks

Compared 13 shared benchmarks with a regression threshold of 15%.
Status: 0 regressions, 0 improved, 13 stable, 0 new, 0 missing.
Aggregate shared-benchmark median: 4.160s -> 4.276s (+2.8%).

Workload Benchmark Target Size Files Baseline Current Change Status
direct-malicious-upload tests/benchmarks/test_picklescan_benchmarks.py::test_picklescan_direct_malicious_upload malicious_reduce 52 B 1 188.4us 202.8us +7.7% stable
nested-payload-review tests/benchmarks/test_picklescan_benchmarks.py::test_picklescan_nested_payload_review[nested_raw] nested_raw 78 B 1 240.8us 252.5us +4.9% stable
rejected-basic-auth-candidates tests/benchmarks/test_scan_benchmarks.py::test_rejected_basic_auth_candidates_scan_linearly - 371.1 KiB 1 2.329s 2.441s +4.8% stable
padded-multi-stream-upload tests/benchmarks/test_picklescan_benchmarks.py::test_picklescan_padded_multi_stream_upload multi_stream_padded 4.1 KiB 1 299.4us 310.7us +3.8% stable
nested-payload-review tests/benchmarks/test_picklescan_benchmarks.py::test_picklescan_nested_payload_review[nested_base64] nested_base64 98 B 1 259.9us 266.0us +2.3% stable
suspicious-pickle-intake tests/benchmarks/test_scan_benchmarks.py::test_scan_suspicious_pickle_intake suspicious-intake 183.8 KiB 4 149.16ms 148.01ms -0.8% stable
duplicate-heavy-registry tests/benchmarks/test_scan_benchmarks.py::test_scan_duplicate_registry_snapshot registry-snapshot 915.2 KiB 13 578.95ms 582.86ms +0.7% stable
single-checkpoint-preflight tests/benchmarks/test_scan_benchmarks.py::test_scan_single_checkpoint_before_load single_checkpoint.pkl 183.0 KiB 1 105.50ms 106.13ms +0.6% stable
chunked-upload-stream tests/benchmarks/test_picklescan_benchmarks.py::test_picklescan_chunked_upload_stream chunked_stream 278.2 KiB 1 116.94ms 116.42ms -0.4% stable
nested-payload-review tests/benchmarks/test_picklescan_benchmarks.py::test_picklescan_nested_payload_review[nested_hex] nested_hex 130 B 1 270.7us 271.7us +0.4% stable
mixed-model-repository tests/benchmarks/test_scan_benchmarks.py::test_scan_release_candidate_repository release-candidate 547.3 KiB 32 624.85ms 625.91ms +0.2% stable
warm-cache-rescan tests/benchmarks/test_scan_benchmarks.py::test_scan_warm_cached_repository_rescan release-candidate 547.3 KiB 32 141.11ms 141.31ms +0.1% stable
clean-training-checkpoint tests/benchmarks/test_picklescan_benchmarks.py::test_picklescan_clean_training_checkpoint safe_large 278.2 KiB 1 113.61ms 113.60ms -0.0% stable

@ianw-oai ianw-oai left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small, focused POSIX ctime fix; the Windows-specific behavior is preserved.

@mldangelo-oai mldangelo-oai enabled auto-merge (squash) July 2, 2026 04:32
@mldangelo-oai mldangelo-oai merged commit cbde525 into main Jul 2, 2026
34 checks passed
@mldangelo-oai mldangelo-oai deleted the fix/picklescan-preserve-posix-ctime branch July 2, 2026 05:13
@github-actions github-actions Bot mentioned this pull request Jul 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants