Skip to content

feat: Add ML pipeline STRIDE coverage#284

Draft
purvanshbhatt wants to merge 3 commits into
kusari-oss:mainfrom
purvanshbhatt:feat/ml-pipeline-stride-coverage
Draft

feat: Add ML pipeline STRIDE coverage#284
purvanshbhatt wants to merge 3 commits into
kusari-oss:mainfrom
purvanshbhatt:feat/ml-pipeline-stride-coverage

Conversation

@purvanshbhatt

Copy link
Copy Markdown

Resolves the coverage gap for ML pipelines documented in the README.md where the tool previously returned 'Total findings: 0'.

This PR introduces intelligent STRIDE mapping for machine learning footprints (TAMPERING and ELEVATION_OF_PRIVILEGE). Because functions like torch.load and insecure deserialization in ML frameworks can lead to model poisoning and arbitrary code execution, mapping these to Tampering and EoP provides a vastly superior security audit than standard HTTP spoofing logic.

cc @mikedanese

@Marc-cn

Marc-cn commented Jun 6, 2026

Copy link
Copy Markdown
Collaborator

Thanks for the PR, Lint is failing, ruff errors in ml_test.py. Tests are failing too, please make sure the suite passes locally. Will review once CI is green.

@Marc-cn Marc-cn marked this pull request as draft June 6, 2026 18:20
@Marc-cn

Marc-cn commented Jun 19, 2026

Copy link
Copy Markdown
Collaborator

Thanks @purvanshbhatt, a few fixes needed:

  1. The loader check matches any .load() call (json.load, yaml.load, etc.), not just ML ones, so it flags normal code as ML threats. Please only flag a load when an ML library is actually imported in that file
  2. A plain import torch shouldn't create findings on its own, only real load calls should.
  3. Please remove test_ml.py (repo root) and packages/darnit-hello/ml_test.py, they're scratch files. Put the real test in tests/darnit_baseline/threat_model/.
  4. Revert the uv.lock change,this PR doesn't add dependencies.
    Happy to re-review when you push.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants