Jump to content

Connect SuperML | Leeroopedia MCP: Equip your AI agents with best practices, code verification, and debugging knowledge. Powered by Leeroo — building Organizational Superintelligence. Contact us at founders@leeroo.com.

Principle:Trailofbits Fickling Static Safety Analysis

From Leeroopedia
Revision as of 18:05, 16 February 2026 by Admin (talk | contribs) (Auto-imported from principles/Trailofbits_Fickling_Static_Safety_Analysis.md)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Knowledge Sources
Domains Security, Static_Analysis, Deserialization
Last Updated 2026-02-14 14:00 GMT

Overview

A multi-pass static analysis framework that examines pickle files for dangerous patterns by running a suite of analysis checks against the decompiled AST representation, without executing the pickle.

Description

Static Safety Analysis orchestrates multiple independent analysis passes over a parsed pickle file. Each pass examines a different aspect of the pickle's behavior:

  • Structural checks: Duplicate PROTO opcodes, misplaced PROTO, invalid opcodes, interpretation errors
  • Import analysis: Non-standard imports, unsafe module imports (os, subprocess, builtins), ML-specific unsafe imports
  • Call analysis: Calls to exec, eval, compile, open, and other dangerous functions
  • Variable analysis: Unused variable assignments that may indicate hidden payloads

Each pass yields AnalysisResult objects with a Severity level. The framework collects all results into an AnalysisResults container for aggregate assessment.

This approach is fundamentally static — it examines the pickle bytecode without executing it, making it safe to run on untrusted files.

Usage

Use this principle when you need to assess the safety of a pickle file before deciding whether to load it. It is the recommended approach for scanning pickle files in CI/CD pipelines, model registries, and upload validation.

Theoretical Basis

The analysis framework follows the visitor pattern over the decompiled AST:

# Pseudocode: Multi-pass analysis
results = []
for analysis_pass in [
    DuplicateProtoAnalysis,
    NonStandardImports,
    UnsafeImports,
    BadCalls,
    OvertlyBadEvals,
    UnusedVariables,
    # ... more passes
]:
    for result in analysis_pass.analyze(context):
        results.append(result)

overall_severity = max(r.severity for r in results)

Analysis passes are auto-registered via __init_subclass__, so defining a new Analysis subclass automatically adds it to the default analyzer.

Related Pages

Implemented By

Uses Heuristic

Page Connections

Double-click a node to navigate. Hold to expand connections.
Principle
Implementation
Heuristic
Environment