docs: update docs and refine existing test

AmineRaouane · AmineRaouane · commit 8868bded8109 · 2025-05-20T22:33:14.000+01:00
Signed-off-by: Amine &lt;amine.raouane@enim.ac.ma&gt;
diff --git a/src/macaron/malware_analyzer/README.md b/src/macaron/malware_analyzer/README.md
@@ -52,6 +52,11 @@ When a heuristic fails, with `HeuristicResult.FAIL`, then that is an indicator b
    - **Rule**: Return `HeuristicResult.FAIL` if the major or epoch is abnormally high; otherwise, return `HeuristicResult.PASS`.
    - **Dependency**: Will be run if the One Release heuristic fails.
 
+10. **Typosquatting Presence**
+    - **Description**:  Checks if the package name is suspiciously similar to any package name in a predefined list of popular packages. The similarity check incorporates the Jaro-Winkler distance and considers keyboard layout proximity to identify potential typosquatting.
+    - **Rule**: Return `HeuristicResult.FAIL` if the similarity ratio between the package name and any popular package name meets or exceeds a defined threshold; otherwise, return `HeuristicResult.PASS`.
+    - **Dependency**: None.
+
 ### Contributing
 
 When contributing an analyzer, it must meet the following requirements:
@@ -64,7 +69,7 @@ When contributing an analyzer, it must meet the following requirements:
    - Ensure it is assigned to the `problog_result_access` string variable, otherwise it will not be queried and evaluated.
    - Assign a rule ID to the rule. This will be used to backtrack to determine if it was triggered.
    - Make sure to wrap pass/fail statements in `passed()` and `failed()`. Not doing so may result in undesirable behaviour, see the comments in the model for more details.
-   - If there are commonly used combinations introduced by adding the heuristic, combine and justify them at the top of the static model (see `quickUndetailed` and `forceSetup` as current examples).  
+   - If there are commonly used combinations introduced by adding the heuristic, combine and justify them at the top of the static model (see `quickUndetailed` and `forceSetup` as current examples).
 
 ### Confidence Score Motivation
 
diff --git a/tests/malware_analyzer/pypi/test_typosquatting_presence.py b/tests/malware_analyzer/pypi/test_typosquatting_presence.py
@@ -2,7 +2,6 @@
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/.
 
 """Tests for the TyposquattingPresenceAnalyzer heuristic."""
-# pylint: disable=redefined-outer-name
 
 
 import os
@@ -16,8 +15,8 @@
 from macaron.malware_analyzer.pypi_heuristics.metadata.typosquatting_presence import TyposquattingPresenceAnalyzer
 
 
-@pytest.fixture()
-def analyzer(tmp_path: Path) -> TyposquattingPresenceAnalyzer:
+@pytest.fixture(name="analyzer")
+def analyzer_(tmp_path: Path) -> TyposquattingPresenceAnalyzer:
     """Pytest fixture to create a TyposquattingPresenceAnalyzer instance with a dummy popular packages file."""
     # Create a dummy popular packages file.
     pkg_file = Path(os.path.join(tmp_path, "popular.txt"))
