Jump to content

Connect Leeroopedia MCP: Equip your AI agents to search best practices, build plans, verify code, diagnose failures, and look up hyperparameter defaults.

Principle:Protectai Modelscan Scan Configuration

From Leeroopedia
Knowledge Sources
Domains ML_Security, Configuration
Last Updated 2026-02-14 12:00 GMT

Overview

A declarative configuration system that controls which scanners, middlewares, unsafe operator lists, and reporting modules are active during a model security scan.

Description

Scan Configuration is the principle of externalizing security scanning behavior into a structured settings dictionary. Rather than hard-coding which file formats to scan or which Python modules are considered dangerous, the configuration defines:

  • Scanner registry: Which scanner classes are enabled and what file extensions they handle
  • Middleware pipeline: Which preprocessing steps run before scanning (e.g., format detection by file extension)
  • Unsafe globals: A severity-classified dictionary mapping Python modules and functions to threat levels
  • Reporting: Which output module generates the scan report

This separation allows users to customize scanning behavior without modifying code — for example, adding new file extensions, adjusting severity levels, or disabling specific scanners for performance.

Usage

Apply this principle when:

  • Setting up modelscan with custom scanner configurations
  • Adjusting severity classifications for specific Python modules
  • Disabling scanners for formats you don't use (e.g., TensorFlow scanners in a PyTorch-only environment)
  • Creating a persistent settings file (TOML) for team-wide scanning standards
  • Extending modelscan with custom scanner plugins that need configuration entries

Theoretical Basis

The configuration follows a registry pattern where components are referenced by fully-qualified Python module paths and dynamically loaded at runtime via importlib: 

# Pseudo-code for configuration-driven component loading
for class_path, config in settings["scanners"].items():
    if config["enabled"]:
        module_name, class_name = class_path.rsplit(".", 1)
        module = importlib.import_module(module_name)
        scanner_class = getattr(module, class_name)
        active_scanners.append(scanner_class)

The unsafe globals configuration uses a severity-keyed dictionary structure: 

# Pseudo-code for severity classification
unsafe_globals = {
    "CRITICAL": {"os": "*", "subprocess": "*", "builtins": ["exec", "eval"]},
    "HIGH": {"webbrowser": "*", "requests.api": "*"},
    "MEDIUM": {},
    "LOW": {},
}
# "*" means ALL functions in that module are flagged
# A list means only specific functions are flagged

This structure enables O(1) lookup of any detected global import against the unsafe list, with immediate severity classification.

Related Pages

Implemented By

Page Connections

Double-click a node to navigate. Hold to expand connections.
Principle
Implementation
Heuristic
Environment
Retrieved from "https://leeroopedia.com/index.php?title=Principle:Protectai_Modelscan_Scan_Configuration&oldid=26906"