refactor: Changed heuristic name to wheel absence, given the naming c…

…onvention of other heuristics. Cleaned up code for the invalid test case for the heuristic's test Signed-off-by: Carl Flottmann <[email protected]>
oracle · Nov 29, 2024 · 0da8a8d · 0da8a8d
1 parent b18bc61
commit 0da8a8d
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 27 deletions.
diff --git a/src/macaron/malware_analyzer/pypi_heuristics/heuristics.py b/src/macaron/malware_analyzer/pypi_heuristics/heuristics.py
@@ -32,7 +32,7 @@ class Heuristics(str, Enum):
     SUSPICIOUS_SETUP = "suspicious_setup"
 
     #: Indicates that the package does not include a .whl file
-    WHEEL_PRESENCE = "wheel_presence"
+    WHEEL_ABSENCE = "wheel_absence"
 
 
 class HeuristicResult(str, Enum):

diff --git a/...ypi_heuristics/metadata/wheel_presence.py → ...pypi_heuristics/metadata/wheel_absence.py b/...ypi_heuristics/metadata/wheel_presence.py → ...pypi_heuristics/metadata/wheel_absence.py
@@ -1,7 +1,7 @@
 # Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/.
 
-"""The heuristic analyzer to check .whl file presence."""
+"""The heuristic analyzer to check .whl file absence."""
 
 import logging
 
@@ -14,7 +14,7 @@
 logger: logging.Logger = logging.getLogger(__name__)
 
 
-class WheelPresenceAnalyzer(BaseHeuristicAnalyzer):
+class WheelAbsenceAnalyzer(BaseHeuristicAnalyzer):
     """
     Analyze to see if a .whl file is available for the package.
 
@@ -26,8 +26,8 @@ class WheelPresenceAnalyzer(BaseHeuristicAnalyzer):
 
     def __init__(self) -> None:
         super().__init__(
-            name="download_file_presence_analyzer",
-            heuristic=Heuristics.WHEEL_PRESENCE,
+            name="wheel_absence_analyzer",
+            heuristic=Heuristics.WHEEL_ABSENCE,
             depends_on=None,
         )
 

diff --git a/src/macaron/slsa_analyzer/checks/detect_malicious_metadata_check.py b/src/macaron/slsa_analyzer/checks/detect_malicious_metadata_check.py
@@ -21,7 +21,7 @@
 from macaron.malware_analyzer.pypi_heuristics.metadata.one_release import OneReleaseAnalyzer
 from macaron.malware_analyzer.pypi_heuristics.metadata.unchanged_release import UnchangedReleaseAnalyzer
 from macaron.malware_analyzer.pypi_heuristics.metadata.unreachable_project_links import UnreachableProjectLinksAnalyzer
-from macaron.malware_analyzer.pypi_heuristics.metadata.wheel_presence import WheelPresenceAnalyzer
+from macaron.malware_analyzer.pypi_heuristics.metadata.wheel_absence import WheelAbsenceAnalyzer
 from macaron.malware_analyzer.pypi_heuristics.sourcecode.suspicious_setup import SuspiciousSetupAnalyzer
 from macaron.slsa_analyzer.analyze_context import AnalyzeContext
 from macaron.slsa_analyzer.build_tool.pip import Pip
@@ -72,7 +72,7 @@ class MaliciousMetadataFacts(CheckFacts):
     UnchangedReleaseAnalyzer,
     CloserReleaseJoinDateAnalyzer,
     SuspiciousSetupAnalyzer,
-    WheelPresenceAnalyzer,
+    WheelAbsenceAnalyzer,
 ]
 
 # The HeuristicResult sequence is aligned with the sequence of ANALYZERS list
@@ -97,7 +97,7 @@ class MaliciousMetadataFacts(CheckFacts):
         HeuristicResult.SKIP,  # Unchanged Release
         HeuristicResult.FAIL,  # Closer Release Join Date
         HeuristicResult.FAIL,  # Suspicious Setup
-        HeuristicResult.FAIL,  # Wheel Presence
+        HeuristicResult.FAIL,  # Wheel Absence
         # No project link, only one release, and the maintainer released it shortly
         # after account registration.
         # The setup.py file contains suspicious imports and .whl file isn't present.
@@ -110,7 +110,7 @@ class MaliciousMetadataFacts(CheckFacts):
         HeuristicResult.FAIL,  # Unchanged Release
         HeuristicResult.FAIL,  # Closer Release Join Date
         HeuristicResult.FAIL,  # Suspicious Setup
-        HeuristicResult.FAIL,  # Wheel Presence
+        HeuristicResult.FAIL,  # Wheel Absence
         # No project link, frequent releases of multiple versions without modifying the content,
         # and the maintainer released it shortly after account registration.
         # The setup.py file contains suspicious imports and .whl file isn't present.
@@ -123,7 +123,7 @@ class MaliciousMetadataFacts(CheckFacts):
         HeuristicResult.PASS,  # Unchanged Release
         HeuristicResult.FAIL,  # Closer Release Join Date
         HeuristicResult.FAIL,  # Suspicious Setup
-        HeuristicResult.FAIL,  # Wheel Presence
+        HeuristicResult.FAIL,  # Wheel Absence
         # No project link, frequent releases of multiple versions,
         # and the maintainer released it shortly after account registration.
         # The setup.py file contains suspicious imports and .whl file isn't present.
@@ -136,10 +136,10 @@ class MaliciousMetadataFacts(CheckFacts):
         HeuristicResult.FAIL,  # Unchanged Release
         HeuristicResult.FAIL,  # Closer Release Join Date
         HeuristicResult.PASS,  # Suspicious Setup
-        HeuristicResult.PASS,  # Wheel Presence
+        HeuristicResult.PASS,  # Wheel Absence
         # No project link, frequent releases of multiple versions without modifying the content,
-        # and the maintainer released it shortly after account registration. Presence of .whl file
-        # has no effect
+        # and the maintainer released it shortly after account registration. Presence/Absence of
+        # .whl file has no effect
     ): Confidence.MEDIUM,
     (
         HeuristicResult.FAIL,  # Empty Project
@@ -149,10 +149,10 @@ class MaliciousMetadataFacts(CheckFacts):
         HeuristicResult.FAIL,  # Unchanged Release
         HeuristicResult.FAIL,  # Closer Release Join Date
         HeuristicResult.PASS,  # Suspicious Setup
-        HeuristicResult.FAIL,  # Wheel Presence
+        HeuristicResult.FAIL,  # Wheel Absence
         # No project link, frequent releases of multiple versions without modifying the content,
-        # and the maintainer released it shortly after account registration. Presence of .whl file
-        # has no effect
+        # and the maintainer released it shortly after account registration. Presence/Absence of
+        # .whl file has no effect
     ): Confidence.MEDIUM,
     (
         HeuristicResult.PASS,  # Empty Project
@@ -162,7 +162,7 @@ class MaliciousMetadataFacts(CheckFacts):
         HeuristicResult.PASS,  # Unchanged Release
         HeuristicResult.FAIL,  # Closer Release Join Date
         HeuristicResult.FAIL,  # Suspicious Setup
-        HeuristicResult.FAIL,  # Wheel Presence
+        HeuristicResult.FAIL,  # Wheel Absence
         # All project links are unreachable, frequent releases of multiple versions,
         # and the maintainer released it shortly after account registration.
         # The setup.py file contains suspicious imports and .whl file isn't present.

diff --git a/...ware_analyzer/pypi/test_wheel_presence.py → ...lware_analyzer/pypi/test_wheel_absence.py b/...ware_analyzer/pypi/test_wheel_presence.py → ...lware_analyzer/pypi/test_wheel_absence.py
@@ -1,32 +1,29 @@
 # Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/.
 
-"""Tests for heuristic detecting wheel (.whl) file presence from PyPI"""
+"""Tests for heuristic detecting wheel (.whl) file absence from PyPI packages"""
 from unittest.mock import MagicMock
 
 import pytest
 
 from macaron.errors import HeuristicAnalyzerValueError
 from macaron.malware_analyzer.pypi_heuristics.heuristics import HeuristicResult
-from macaron.malware_analyzer.pypi_heuristics.metadata.wheel_presence import WheelPresenceAnalyzer
+from macaron.malware_analyzer.pypi_heuristics.metadata.wheel_absence import WheelAbsenceAnalyzer
 
 
 def test_analyze_no_information(pypi_package_json: MagicMock) -> None:
     """Test for when there is no release information, so error"""
-    analyzer = WheelPresenceAnalyzer()
+    analyzer = WheelAbsenceAnalyzer()
 
     pypi_package_json.get_releases.return_value = None
 
-    try:
+    with pytest.raises(HeuristicAnalyzerValueError):
         analyzer.analyze(pypi_package_json)
-        pytest.fail("Analyzer did not through a HeuristicAnalyzerValueError")
-    except HeuristicAnalyzerValueError:
-        pass
 
 
 def test_analyze_tar_present(pypi_package_json: MagicMock) -> None:
     """Test for when only .tar.gz is present, so failed"""
-    analyzer = WheelPresenceAnalyzer()
+    analyzer = WheelAbsenceAnalyzer()
     version = "0.1.0"
     filename = "ttttttttest_nester.py-0.1.0.tar.gz"
 
@@ -72,7 +69,7 @@ def test_analyze_tar_present(pypi_package_json: MagicMock) -> None:
 
 def test_analyze_whl_present(pypi_package_json: MagicMock) -> None:
     """Test for when only .whl is present, so pass"""
-    analyzer = WheelPresenceAnalyzer()
+    analyzer = WheelAbsenceAnalyzer()
     version = "0.1.0"
     filename = "ttttttttest_nester.py-0.1.0.whl"
 
@@ -117,7 +114,7 @@ def test_analyze_whl_present(pypi_package_json: MagicMock) -> None:
 
 def test_analyze_both_present(pypi_package_json: MagicMock) -> None:
     """Test for when both .tar.gz and .whl are present, so passed"""
-    analyzer = WheelPresenceAnalyzer()
+    analyzer = WheelAbsenceAnalyzer()
     version = "0.1.0"
     file_prefix = "ttttttttest_nester.py-0.1.0"