promptfoo · mldangelo · Mar 13, 2026 · Mar 13, 2026 · coderabbitai · Mar 13, 2026
diff --git a/modelaudit/scanners/xgboost_scanner.py b/modelaudit/scanners/xgboost_scanner.py
@@ -18,11 +18,13 @@
 - Known CVE patterns and exploit signatures
 """
 
+import importlib.util
 import json
 import os
 import re
 import subprocess
 import sys
+import tempfile
 from typing import Any, ClassVar
 
 from .base import BaseScanner, IssueSeverity, ScanResult
@@ -42,12 +44,7 @@
 
 def _check_xgboost_available() -> bool:
     """Check if XGBoost package is available."""
-    try:
-        import xgboost  # noqa: F401
-
-        return True
-    except ImportError:
-        return False
+    return importlib.util.find_spec("xgboost") is not None
 
 
 def _check_ubjson_available() -> bool:
@@ -610,7 +607,19 @@ def _safe_xgboost_load(self, path: str, result: ScanResult) -> None:
                 path,
             ]
 
-            proc = subprocess.run(cmd, capture_output=True, text=True, timeout=timeout, cwd=os.getcwd())
+            cmd.insert(1, "-I")
+            env = os.environ.copy()
+            env.pop("PYTHONPATH", None)
+
+            with tempfile.TemporaryDirectory(prefix="modelaudit-xgb-") as safe_cwd:
+                proc = subprocess.run(
+                    cmd,
+                    capture_output=True,
+                    text=True,
+                    timeout=timeout,
+                    cwd=safe_cwd,
+                    env=env,
+                )
 
             if proc.returncode == 0 and "SUCCESS" in proc.stdout:
                 result.add_check(

diff --git a/tests/scanners/test_xgboost_scanner.py b/tests/scanners/test_xgboost_scanner.py
@@ -379,12 +379,15 @@ def test_xgboost_loading_windows_path_passed_via_argv(self, mock_subprocess: Moc
 
         loading_scanner._safe_xgboost_load(windows_path, result)
 
-        run_args, _ = mock_subprocess.run.call_args
+        run_args, run_kwargs = mock_subprocess.run.call_args
         cmd = run_args[0]
-        script = cmd[2]
+        script = cmd[3]
+        assert cmd[1] == "-I"
         assert "sys.argv[1]" in script
         assert windows_path not in script
-        assert cmd[3] == windows_path
+        assert cmd[4] == windows_path
+        assert run_kwargs["cwd"] != str(Path.cwd())
+        assert "PYTHONPATH" not in run_kwargs["env"]
         assert any("loaded successfully" in str(check.message) for check in result.checks)
 
     @patch("modelaudit.scanners.xgboost_scanner._check_xgboost_available")