{"id":27894,"library":"kernelguard","title":"KernelGuard","description":"KernelGuard is a rule-based GPU kernel hack detector for Python. It scans CUDA and HIP kernel source for suspicious patterns indicative of potential exploits or malicious modifications. Version 0.2.2 is current, with weekly releases.","status":"active","version":"0.2.2","language":"python","source_language":"en","source_url":"https://github.com/princeton-vl/kernelguard","tags":["gpu","security","kernel","cuda","hip","static-analysis"],"install":[{"cmd":"pip install kernelguard","lang":"bash","label":"Install"}],"dependencies":[],"imports":[{"note":"KernelScanner is a top-level export.","wrong":"from kernelguard.scanner import KernelScanner","symbol":"KernelScanner","correct":"from kernelguard import KernelScanner"},{"note":"scan_kernel is not a module attribute; it's a function exported at package level.","wrong":"import kernelguard; kernelguard.scan_kernel()","symbol":"scan_kernel","correct":"from kernelguard import scan_kernel"}],"quickstart":{"code":"from kernelguard import KernelScanner, Rule\nimport os\n\nscanner = KernelScanner()\nrule = Rule(\n    name=\"check_unsafe_memcpy\",\n    pattern=r\"cudaMemcpy\\s*\\(\",\n    severity=\"high\",\n    message=\"Direct cudaMemcpy call detected\"\n)\nscanner.add_rule(rule)\nsource_code = \"\"\"\n__global__ void kernel() {\n    cudaMemcpy(dest, src, size, cudaMemcpyDeviceToHost);\n}\n\"\"\"\nresults = scanner.scan(source_code)\nfor r in results:\n    print(r)\n","lang":"python","description":"Basic scan with custom rule."},"warnings":[{"fix":"with open('kernel.cu') as f: source = f.read()","message":"KernelScanner.scan() expects a string, not a file path — use open().read() first.","severity":"gotcha","affected_versions":">=0.1.0"},{"fix":"scanner = KernelScanner(); scanner.add_rule(rule)","message":"The 'rules' parameter in KernelScanner constructor is deprecated in 0.2.0; use add_rule() instead.","severity":"deprecated","affected_versions":">=0.2.0"},{"fix":"from kernelguard import RuleSeverity; rule = Rule(..., severity=RuleSeverity.HIGH)","message":"Rule severity enum values changed in 0.2.0 from strings ('low', 'medium', 'high') to enum members (RuleSeverity.LOW etc.).","severity":"breaking","affected_versions":">=0.2.0"},{"fix":"Use r\"pattern\" instead of \"pattern\".","message":"Patterns must be raw strings or escaped properly — backslashes are Python string escapes.","severity":"gotcha","affected_versions":">=0.1.0"}],"env_vars":null,"last_verified":"2026-05-09T00:00:00.000Z","next_check":"2026-08-07T00:00:00.000Z","problems":[{"fix":"from kernelguard import KernelScanner; scanner = KernelScanner(); scanner.scan(source)","cause":"scan is no longer a top-level function; use KernelScanner","error":"AttributeError: module 'kernelguard' has no attribute 'scan'"},{"fix":"Use enum: from kernelguard import RuleSeverity; Rule(..., severity=RuleSeverity.HIGH)","cause":"In 0.2.0, severity parameter changed to expect RuleSeverity enum, but the error occurs when passing a string that is not a valid keyword (actually older API).","error":"TypeError: Rule.__init__() got an unexpected keyword argument 'severity'"},{"fix":"Use raw string r\"...\" and escape special regex characters.","cause":"Pattern string contains unescaped characters that cause invalid regex","error":"ValueError: Pattern is not a valid regex"}],"ecosystem":"pypi","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}