Missing detection when calling Python functions (#49)

Address: 
- Missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_autograd_prof GHSA-4whj-rm5r-c2v8
- Missing detection when calling built-in python ensurepip._run_pip GHSA-xp4f-hrf8-rxw7
- Missing detection when calling built-in python lib2to3.pgen2.pgen.ParserGenerator.make_label GHSA-p9w7-82w4-7q8m
- Missing detection when calling built-in python idlelib.run.Executive.runcode GHSA-m869-42cg-3xwr
- Missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcommand GHSA-j343-8v2j-ff7w
- Missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcode GHSA-3gf5-cxq9-w223
- Missing detection when calling built-in python doctest.debug_script GHSA-fqq6-7vqf-w3fg
- Missing detection when calling built-in python cProfile.runctx GHSA-9w88-8rmg-7g2p
- Missing detection when calling built-in python cProfile.run GHSA-49gj-c84q-6qm9
- Missing detection when calling built-in python library asyncio.unix_events._UnixSubprocessTransport._start GHSA-q77w-mwjj-7mqx

Co-authored-by: Matthieu Maitre <[email protected]>

Author: mmaitre314

README.md

@@ -15,9 +15,6 @@
 
 Security scanner detecting Python Pickle files performing suspicious actions.
 
-> For more generic model scanning, Protect AI's [modelscan](https://github.com/protectai/modelscan) is now available to scan not only Pickle files but
-> also PyTorch, TensorFlow, and Keras.
-
 ## Getting started
 
 Scan a malicious model on [Hugging Face](https://huggingface.co/):

setup.cfg

@@ -1,6 +1,6 @@
 [metadata]
 name = picklescan
-version = 0.0.29
+version = 0.0.30
 author = Matthieu Maitre
 author_email = [email protected]
 description = Security scanner detecting Python Pickle files performing suspicious actions

src/picklescan/scanner.py

@@ -134,11 +134,18 @@ def __str__(self) -> str:
     "ssl": "*",  # DNS exfiltration via ssl.get_server_certificate()
     "subprocess": "*",
     "sys": "*",
+    "asyncio.unix_events": {"_UnixSubprocessTransport._start"},
     "code": {"InteractiveInterpreter.runcode"},
+    "cProfile": {"runctx", "run"},
+    "doctest": {"debug_script"},
+    "ensurepip": {"_run_pip"},
     "idlelib.autocomplete": {"AutoComplete.get_entity", "AutoComplete.fetch_completions"},
     "idlelib.calltip": {"Calltip.fetch_tip", "get_entity"},
     "idlelib.debugobj": {"ObjectTreeItem.SetText"},
+    "idlelib.pyshell": {"ModifiedInterpreter.runcode", "ModifiedInterpreter.runcommand"},
+    "idlelib.run": {"Executive.runcode"},
     "lib2to3.pgen2.grammar": {"Grammar.loads"},
+    "lib2to3.pgen2.pgen": {"ParserGenerator.make_label"},
     "pdb": "*",
     "pickle": "*",
     "_pickle": "*",
@@ -154,7 +161,7 @@ def __str__(self) -> str:
     "torch.utils._config_module": {
         "ConfigModule.load_config"
     },  # allows storing a pickle inside a pickle (if this has valid use cases, scan the input bytes instead of flagging the global)
-    "torch.utils.bottleneck.__main__": {"run_cprofile"},
+    "torch.utils.bottleneck.__main__": {"run_cprofile", "run_autograd_prof"},
     "torch.utils.collect_env": {"run"},
     "torch.utils.data.datapipes.utils.decoder": {
         "basichandlers"