From 164d0aa8d7b513cde6f10863a1bc0063914dcb17 Mon Sep 17 00:00:00 2001 From: Carl Flottmann Date: Thu, 12 Jun 2025 11:22:05 +1000 Subject: [PATCH 1/2] fix: include inspector links regardless, using them as keys and reachable booleans as values Signed-off-by: Carl Flottmann --- .../pypi_heuristics/metadata/wheel_absence.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/macaron/malware_analyzer/pypi_heuristics/metadata/wheel_absence.py b/src/macaron/malware_analyzer/pypi_heuristics/metadata/wheel_absence.py index 3a3033e22..0198a932d 100644 --- a/src/macaron/malware_analyzer/pypi_heuristics/metadata/wheel_absence.py +++ b/src/macaron/malware_analyzer/pypi_heuristics/metadata/wheel_absence.py @@ -70,7 +70,8 @@ def analyze(self, pypi_package_json: PyPIPackageJsonAsset) -> tuple[HeuristicRes logger.debug(error_msg) raise HeuristicAnalyzerValueError(error_msg) - inspector_links: list[JsonType] = [] + # Contains a boolean field identifying if the link is reachable by this Macaron instance or not. + inspector_links: dict[str, JsonType] = {} wheel_present: bool = False release_distributions = json_extract(releases, [version], list) @@ -120,10 +121,9 @@ def analyze(self, pypi_package_json: PyPIPackageJsonAsset) -> tuple[HeuristicRes ) # use a head request because we don't care about the response contents - if send_head_http_raw(inspector_link) is None: - inspector_links.append(None) - else: - inspector_links.append(inspector_link) + inspector_links[inspector_link] = False + if send_head_http_raw(inspector_link): + inspector_links[inspector_link] = True # link was reachable detail_info: dict[str, JsonType] = { "inspector_links": inspector_links, From 2ca91b1d24f016c895007289d216cc7cae0135ff Mon Sep 17 00:00:00 2001 From: Carl Flottmann Date: Thu, 12 Jun 2025 11:47:44 +1000 Subject: [PATCH 2/2] test: change expected result of unit tests to include reachable booleans Signed-off-by: Carl Flottmann --- tests/malware_analyzer/pypi/test_wheel_absence.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/malware_analyzer/pypi/test_wheel_absence.py b/tests/malware_analyzer/pypi/test_wheel_absence.py index 3cfccfbe7..b79df0b7f 100644 --- a/tests/malware_analyzer/pypi/test_wheel_absence.py +++ b/tests/malware_analyzer/pypi/test_wheel_absence.py @@ -75,7 +75,7 @@ def test_analyze_tar_present(mock_send_head_http_raw: MagicMock, pypi_package_js mock_send_head_http_raw.return_value = MagicMock() # assume valid URL for testing purposes expected_detail_info = { - "inspector_links": [inspector_link_expected], + "inspector_links": {inspector_link_expected: True}, } expected_result: tuple[HeuristicResult, dict] = (HeuristicResult.FAIL, expected_detail_info) @@ -134,7 +134,7 @@ def test_analyze_whl_present(mock_send_head_http_raw: MagicMock, pypi_package_js mock_send_head_http_raw.return_value = MagicMock() # assume valid URL for testing purposes expected_detail_info = { - "inspector_links": [inspector_link_expected], + "inspector_links": {inspector_link_expected: True}, } expected_result: tuple[HeuristicResult, dict] = (HeuristicResult.PASS, expected_detail_info) @@ -222,7 +222,7 @@ def test_analyze_both_present(mock_send_head_http_raw: MagicMock, pypi_package_j mock_send_head_http_raw.return_value = MagicMock() # assume valid URL for testing purposes expected_detail_info = { - "inspector_links": [wheel_link_expected, tar_link_expected], + "inspector_links": {wheel_link_expected: True, tar_link_expected: True}, } expected_result: tuple[HeuristicResult, dict] = (HeuristicResult.PASS, expected_detail_info)