Skip to content

fix: add import alias tracking and getattr detection to anti-hack#37

Merged
factnn merged 1 commit into
mainfrom
antihack-improve
Jun 16, 2026
Merged

fix: add import alias tracking and getattr detection to anti-hack#37
factnn merged 1 commit into
mainfrom
antihack-improve

Conversation

@factnn

@factnn factnn commented Jun 16, 2026

Copy link
Copy Markdown
Collaborator

Summary

Close two anti-hack bypass vectors:

  1. Import alias: import torch as tr; tr.sum() now correctly detected as forbidden torch API
  2. getattr dynamic access: getattr(torch, "sum") now caught

Alias resolution + getattr detection work together for combined attacks.
Both respect the same torch API whitelist.

@claude
fix: add import alias tracking and getattr detection to anti-hack Lay…
8baf15e 
…er 1

Two new defenses:
1. Import alias resolution: 'import torch as tr' followed by 'tr.sum()'
   is now correctly identified as torch.sum()
2. getattr detection: 'getattr(torch, "sum")' is caught as dynamic
   torch API access

Also detects combinations of both (alias + getattr).

All three detection vectors correctly handle the torch API whitelist:
- Direct call:     torch.sum()  -> check whitelist
- Alias call:      tr.sum()     -> resolve alias -> check whitelist
- Dynamic call:    getattr(torch, "sum") -> check whitelist

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@factnn factnn force-pushed the antihack-improve branch from 5e7ee21 to 8baf15e Compare June 16, 2026 13:50
@factnn factnn merged commit 32863ab into main Jun 16, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@factnn