refactor: now use json_extract for all operations on the json data

oracle · Dec 6, 2024 · 03bf0db · 03bf0db
1 parent 48725d9
commit 03bf0db
Showing 1 changed file with 48 additions and 30 deletions.
diff --git a/src/macaron/malware_analyzer/pypi_heuristics/metadata/wheel_absence.py b/src/macaron/malware_analyzer/pypi_heuristics/metadata/wheel_absence.py
@@ -52,7 +52,7 @@ def analyze(self, pypi_package_json: PyPIPackageJsonAsset) -> tuple[HeuristicRes
         Raises
         ------
         HeuristicAnalyzerValueError
-            If there is no release information, or has no most recent version (if queried).
+            If there is no release information, or has other missing package information.
         """
         releases = pypi_package_json.get_releases()
         if releases is None:  # no release information
@@ -72,37 +72,55 @@ def analyze(self, pypi_package_json: PyPIPackageJsonAsset) -> tuple[HeuristicRes
         inspector_links: list[JsonType] = []
         wheel_present: bool = False
 
-        try:
-            for release_metadata in releases[version]:
-                if release_metadata["packagetype"] == self.WHEEL:
-                    wheel_present = True
-
-                name = json_extract(pypi_package_json.package_json, ["info", "name"], str)
-                if name is None:
-                    error_msg = "There is no 'name' field for this package."
-                    logger.debug(error_msg)
-                    raise HeuristicAnalyzerValueError(error_msg)
-
-                blake2b_256 = release_metadata["digests"]["blake2b_256"]
-                inspector_link = self.INSPECTOR_TEMPLATE.format(
-                    name=name,
-                    version=version,
-                    first=blake2b_256[0:2],
-                    second=blake2b_256[2:4],
-                    rest=blake2b_256[4:],
-                    filename=release_metadata["filename"],
-                )
-
-                # use a head request because we don't care about the response contents
-                if send_head_http_raw(inspector_link) is None:
-                    inspector_links.append(None)
-                else:
-                    inspector_links.append(inspector_link)
-
-        except KeyError as error:
+        release_distributions = json_extract(releases, [version], list)
+        if release_distributions is None:
             error_msg = f"The version {version} is not available as a release."
             logger.debug(error_msg)
-            raise HeuristicAnalyzerValueError(error_msg) from error
+            raise HeuristicAnalyzerValueError(error_msg)
+
+        for distribution in release_distributions:
+            # validate data
+            package_type = json_extract(distribution, ["packagetype"], str)
+            if package_type is None:
+                error_msg = f"The version {version} has no 'package type' field in a distribution"
+                logger.debug(error_msg)
+                raise HeuristicAnalyzerValueError(error_msg)
+
+            name = json_extract(pypi_package_json.package_json, ["info", "name"], str)
+            if name is None:
+                error_msg = f"The version {version} has no 'name' field in a distribution"
+                logger.debug(error_msg)
+                raise HeuristicAnalyzerValueError(error_msg)
+
+            blake2b_256 = json_extract(distribution, ["digests", "blake2b_256"], str)
+            if blake2b_256 is None:
+                error_msg = f"The version {version} has no 'blake2b_256' field in a distribution"
+                logger.debug(error_msg)
+                raise HeuristicAnalyzerValueError(error_msg)
+
+            filename = json_extract(distribution, ["filename"], str)
+            if filename is None:
+                error_msg = f"The version {version} has no 'filename' field in a distribution"
+                logger.debug(error_msg)
+                raise HeuristicAnalyzerValueError(error_msg)
+
+            if package_type == self.WHEEL:
+                wheel_present = True
+
+            inspector_link = self.INSPECTOR_TEMPLATE.format(
+                name=name,
+                version=version,
+                first=blake2b_256[0:2],
+                second=blake2b_256[2:4],
+                rest=blake2b_256[4:],
+                filename=filename,
+            )
+
+            # use a head request because we don't care about the response contents
+            if send_head_http_raw(inspector_link) is None:
+                inspector_links.append(None)
+            else:
+                inspector_links.append(inspector_link)
 
         detail_info: dict[str, JsonType] = {
             "inspector_links": inspector_links,