picklescan
picklescan | stable-diffusion-pickle-scanner | |
---|---|---|
7 | 9 | |
197 | 186 | |
- | - | |
5.7 | 0.0 | |
about 2 months ago | about 1 year ago | |
Python | Python | |
MIT License | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
picklescan
-
Planting Undetectable Backdoors in Machine Learning Models
It's Python's serialisation format: https://docs.python.org/3/library/pickle.html
There are tools to check the format for suspicious behaviour: https://github.com/mmaitre314/picklescan seems to be the most developed one.
You can also check the format manually (being careful not to call into it), like demonstrated by this more rudimentary scanner: https://github.com/zxix/stable-diffusion-pickle-scanner
It you do check for security issues yourself, you'll need to read up on what magical methods/variables may cause code execution. Simple demonstrations of dangerous code can be found all over the web (https://stackoverflow.com/questions/47705202/pickle-exploiti...) but I'm sure there are obfuscation tricks that simple scans won't catch.
- Keep yourself safe when downloading models, Pickle malware scanner GUI for Stable Diffusion
-
Photorealistic highres portraits
I ran it through both Python Malware Scanner and Stable Diffusion Pickle Scanner as I do with any model before and after I downloaded.
-
I'm a beginner at AI art, please give me tips.
There are a few you can run on your own too. https://github.com/zxix/stable-diffusion-pickle-scanner https://github.com/mmaitre314/picklescan
- Don't download the "Anything V3" model - It contains a malware threat inside the .ckpt file
-
Marathon, the power of chinese novel ai
"Picklescan" is available from here: https://github.com/mmaitre314/picklescan
-
Is there a way of scanning .ckpt files for exploits?
Not a definitive solution, but there is picklescan which catches some of the obvious malicious imports (like builtin eval, exec, etc...). The safeunpickle2 script throws a lot of false positives, since it is missing some datatypestorage classes from torch that some models use. It was probably meant to be a proof of concept primarily. But it is always a good practice to adapt that script and have it print out the complete list of imports and callbacks and manually scan through them
stable-diffusion-pickle-scanner
-
Safety of safetensors models
Sorry if this is something obvious, but do i need to scan for pickles in safetensors files. I have been only downloading safetensors models and loras from civitai. These models are not being scanned by a Stable Diffusion Pickle Scanner i have been trying to use. It would be great if someone could let me know safetensors are safe enough that they do not need to be scanned.
-
Planting Undetectable Backdoors in Machine Learning Models
It's Python's serialisation format: https://docs.python.org/3/library/pickle.html
There are tools to check the format for suspicious behaviour: https://github.com/mmaitre314/picklescan seems to be the most developed one.
You can also check the format manually (being careful not to call into it), like demonstrated by this more rudimentary scanner: https://github.com/zxix/stable-diffusion-pickle-scanner
It you do check for security issues yourself, you'll need to read up on what magical methods/variables may cause code execution. Simple demonstrations of dangerous code can be found all over the web (https://stackoverflow.com/questions/47705202/pickle-exploiti...) but I'm sure there are obfuscation tricks that simple scans won't catch.
-
Photorealistic highres portraits
I ran it through both Python Malware Scanner and Stable Diffusion Pickle Scanner as I do with any model before and after I downloaded.
- I made a simple site for Stable Diffusion custom-trained model checkpoints - will add to this
- I'm a beginner at AI art, please give me tips.
- Dark Souls and Blood Born model seem to have pickled files inside, but not sure if its fine
-
Don't download the "Anything V3" model - It contains a malware threat inside the .ckpt file
https://github.com/zxix/stable-diffusion-pickle-scanner - use this to scan your models, i think the webui actually already does this automatically, but still do if you dont trust it.
What are some alternatives?
Stable-Diffusion-Pickle-Scanner-GUI - Pickle Scanner GUI
NumPy - The fundamental package for scientific computing with Python.
stable-diffusion-docker - Run the official Stable Diffusion releases in a Docker container with txt2img, img2img, depth2img, pix2pix, upscale4x, and inpaint.