refactor(core): improve logic, error handling, and apply minor fixes

AmineRaouane · AmineRaouane · commit dc04491e7cd0 · 2025-05-20T13:11:50.000+01:00
Signed-off-by: Amine &lt;amine.raouane@enim.ac.ma&gt;
diff --git a/.DS_Store b/.DS_Store
diff --git a/.gitignore b/.gitignore
@@ -181,3 +181,4 @@ docs/_build
 bin/
 requirements.txt
 .macaron_env_file
+**/.DS_Store
diff --git a/src/macaron/malware_analyzer/pypi_heuristics/metadata/typosquatting_presence.py b/src/macaron/malware_analyzer/pypi_heuristics/metadata/typosquatting_presence.py
@@ -7,6 +7,7 @@
 
 from macaron.config.defaults import defaults
 from macaron.config.global_config import global_config
+from macaron.errors import HeuristicAnalyzerValueError
 from macaron.json_tools import JsonType
 from macaron.malware_analyzer.pypi_heuristics.base_analyzer import BaseHeuristicAnalyzer
 from macaron.malware_analyzer.pypi_heuristics.heuristics import HeuristicResult, Heuristics
@@ -58,44 +59,64 @@ class TyposquattingPresenceAnalyzer(BaseHeuristicAnalyzer):
         "m": (3, 6),
     }
 
-    def __init__(self) -> None:
+    def __init__(self, popular_packages_path: str | None = None) -> None:
         super().__init__(
             name="typosquatting_presence_analyzer", heuristic=Heuristics.TYPOSQUATTING_PRESENCE, depends_on=None
         )
-        self.popular_packages_path, self.distance_ratio_threshold, self.keyboard, self.scaling, self.cost = (
+        self.default_path = os.path.join(global_config.resources_path, "popular_packages.txt")
+        if popular_packages_path:
+            self.default_path = popular_packages_path
+        self.popular_packages, self.distance_ratio_threshold, self.keyboard, self.scaling, self.cost = (
             self._load_defaults()
         )
 
-    def _load_defaults(self) -> tuple[str, float, float, float, float]:
+    def _load_defaults(self) -> tuple[list[str], float, float, float, float]:
         """Load default settings from defaults.ini.
 
         Returns
         -------
-        tuple[str, float, float, float, float]:
-            The path to the popular packages file, distance ratio threshold,
+        tuple[list[str], float, float, float, float]:
+            The popular packages list, distance ratio threshold,
             keyboard awareness factor, scaling factor, and cost factor.
         """
         section_name = "heuristic.pypi"
-        default_path = os.path.join(global_config.resources_path, "popular_packages.txt")
+        path = self.default_path
+        distance_ratio_threshold = 0.95
+        keyboard = 0.8
+        scaling = 0.15
+        cost = 1.0
+
         if defaults.has_section(section_name):
             section = defaults[section_name]
-            path = section.get("popular_packages_path", default_path)
+            path_from_config = section.get("popular_packages_path", self.default_path)
             # Fall back to default if the path in defaults.ini is empty.
-            if not path.strip():
-                path = default_path
-            return (
-                path,
-                section.getfloat("distance_ratio_threshold", 0.95),
-                section.getfloat("keyboard", 0.8),
-                section.getfloat("scaling", 0.15),
-                section.getfloat("cost", 1.0),
-            )
+            if path_from_config.strip():
+                path = path_from_config
+            distance_ratio_threshold = section.getfloat("distance_ratio_threshold", 0.95)
+            keyboard = section.getfloat("keyboard", 0.8)
+            scaling = section.getfloat("scaling", 0.15)
+            cost = section.getfloat("cost", 1.0)
+
+        if not path or not os.path.exists(path):
+            err_msg = "Popular packages file not found or path not configured"
+            logger.debug(err_msg)
+            raise HeuristicAnalyzerValueError(err_msg)
+
+        popular_packages_list = []
+        try:
+            with open(path, encoding="utf-8") as file:
+                popular_packages_list = file.read().splitlines()
+        except OSError as error:
+            err_msg = "Could not read popular packages file"
+            logger.debug(err_msg)
+            raise HeuristicAnalyzerValueError(err_msg) from error
+
         return (
-            default_path,
-            0.95,
-            0.8,
-            0.15,
-            1.0,
+            popular_packages_list,
+            distance_ratio_threshold,
+            keyboard,
+            scaling,
+            cost,
         )
 
     def are_neighbors(self, first_char: str, second_char: str) -> bool:
@@ -244,27 +265,13 @@ def analyze(self, pypi_package_json: PyPIPackageJsonAsset) -> tuple[HeuristicRes
         tuple[HeuristicResult, dict[str, JsonType]]:
             The result and related information collected during the analysis.
         """
-        if not self.popular_packages_path or not os.path.exists(self.popular_packages_path):
-            err_msg = f"Popular packages file not found or path not configured: {self.popular_packages_path}"
-            logger.warning("%s. Skipping typosquatting check.", err_msg)
-            return HeuristicResult.SKIP, {"error": err_msg}
-
-        popular_packages = []
-        try:
-            with open(self.popular_packages_path, encoding="utf-8") as file:
-                popular_packages = file.read().splitlines()
-        except OSError as exception:
-            err_msg = f"Could not read popular packages file {self.popular_packages_path}: {exception}"
-            logger.error(err_msg)
-            return HeuristicResult.SKIP, {"error": err_msg}
-
-        if not popular_packages:
-            err_msg = f"Popular packages file is empty: {self.popular_packages_path}"
+        if not self.popular_packages:
+            err_msg = "Popular packages file is empty"
             logger.warning(err_msg)
             return HeuristicResult.SKIP, {"error": err_msg}
 
         package_name = pypi_package_json.component_name
-        for popular_package in popular_packages:
+        for popular_package in self.popular_packages:
             # If there is a popular packages file, check if the package name is similar to any of them.
             if package_name == popular_package:
                 return HeuristicResult.PASS, {"package_name": package_name}
diff --git a/src/macaron/slsa_analyzer/checks/detect_malicious_metadata_check.py b/src/macaron/slsa_analyzer/checks/detect_malicious_metadata_check.py
@@ -383,6 +383,10 @@ def run_check(self, ctx: AnalyzeContext) -> CheckResultData:
         failed({Heuristics.CLOSER_RELEASE_JOIN_DATE.value}),
         forceSetup.
 
+    % Package released with a name similar to a popular package.
+    {Confidence.HIGH.value}::trigger(malware_high_confidence_4) :-
+        quickUndetailed, forceSetup, failed({Heuristics.TYPOSQUATTING_PRESENCE.value}).
+
     % Package released recently with little detail, with multiple releases as a trust marker, but frequent and with
     % the same code.
     {Confidence.MEDIUM.value}::trigger(malware_medium_confidence_1) :-
@@ -397,18 +401,13 @@ def run_check(self, ctx: AnalyzeContext) -> CheckResultData:
         failed({Heuristics.ONE_RELEASE.value}),
         failed({Heuristics.ANOMALOUS_VERSION.value}).
 
-    % Package released with a name similar to a popular package.
-    {Confidence.HIGH.value}::trigger(malware_high_confidence_4) :-
-        quickUndetailed, forceSetup, failed({Heuristics.TYPOSQUATTING_PRESENCE.value}).
-
     % ----- Evaluation -----
 
     % Aggregate result
     {problog_result_access} :- trigger(malware_high_confidence_1).
     {problog_result_access} :- trigger(malware_high_confidence_2).
     {problog_result_access} :- trigger(malware_high_confidence_3).
     {problog_result_access} :- trigger(malware_high_confidence_4).
-    {problog_result_access} :- trigger(malware_high_confidence_5).
     {problog_result_access} :- trigger(malware_medium_confidence_2).
     {problog_result_access} :- trigger(malware_medium_confidence_1).
     query({problog_result_access}).
diff --git a/tests/malware_analyzer/pypi/test_typosquatting_presence.py b/tests/malware_analyzer/pypi/test_typosquatting_presence.py
@@ -10,6 +10,7 @@
 
 import pytest
 
+from macaron.errors import HeuristicAnalyzerValueError
 from macaron.malware_analyzer.pypi_heuristics.heuristics import HeuristicResult
 from macaron.malware_analyzer.pypi_heuristics.metadata.typosquatting_presence import TyposquattingPresenceAnalyzer
 
@@ -19,9 +20,9 @@ def analyzer(tmp_path: Path) -> TyposquattingPresenceAnalyzer:
     """Pytest fixture to create a TyposquattingPresenceAnalyzer instance with a dummy popular packages file."""
     # create a dummy popular packages file
     pkg_file = tmp_path / "popular.txt"
-    pkg_file.write_text("\n".join(["requests", "flask", "pytest"]))
-    analyzer_instance = TyposquattingPresenceAnalyzer()
-    analyzer_instance.popular_packages_path = str(pkg_file)
+    popular_packages = ["requests", "flask", "pytest"]
+    pkg_file.write_text("\n".join(popular_packages))
+    analyzer_instance = TyposquattingPresenceAnalyzer(str(pkg_file))
     return analyzer_instance
 
 
@@ -53,15 +54,11 @@ def test_analyze_unrelated_name_pass(analyzer: TyposquattingPresenceAnalyzer, py
     assert info == {"package_name": "launchable"}
 
 
-def test_analyze_nonexistent_file_skip(pypi_package_json: MagicMock) -> None:
-    """Test the analyzer skips if the popular packages file does not exist."""
-    analyzer = TyposquattingPresenceAnalyzer()
-    analyzer.popular_packages_path = "/path/does/not/exist.txt"
-    result, info = analyzer.analyze(pypi_package_json)
-    assert result == HeuristicResult.SKIP
-    error_msg = info.get("error")
-    assert isinstance(error_msg, str)
-    assert "Popular packages file not found" in error_msg
+def test_analyze_nonexistent_file_skip() -> None:
+    """Test the analyzer raises an error if the popular packages file does not exist."""
+    with pytest.raises(HeuristicAnalyzerValueError) as exc_info:
+        TyposquattingPresenceAnalyzer("nonexistent_file.txt")
+    assert "Popular packages file not found or path not configured" in str(exc_info.value)
 
 
 @pytest.mark.parametrize(
@@ -72,19 +69,17 @@ def test_analyze_nonexistent_file_skip(pypi_package_json: MagicMock) -> None:
         ("abcd", "wxyz", 0.0),
     ],
 )
-def test_jaro_distance(s1: str, s2: str, expected: float) -> None:
+def test_jaro_distance(analyzer: TyposquattingPresenceAnalyzer, s1: str, s2: str, expected: float) -> None:
     """Test the Jaro distance calculation."""
-    analyzer = TyposquattingPresenceAnalyzer()
     assert analyzer.jaro_distance(s1, s2) == expected
 
 
 def test_empty_popular_packages_file(tmp_path: Path, pypi_package_json: MagicMock) -> None:
     """Test the analyzer skips when the popular packages file is empty."""
     pkg_file = tmp_path / "empty_popular.txt"
-    pkg_file.write_text("")  # Create an empty file
-    analyzer = TyposquattingPresenceAnalyzer()
-    analyzer.popular_packages_path = str(pkg_file)
-    result, info = analyzer.analyze(pypi_package_json)
+    pkg_file.write_text("")
+    analyzer_instance = TyposquattingPresenceAnalyzer(str(pkg_file))
+    result, info = analyzer_instance.analyze(pypi_package_json)
     assert result == HeuristicResult.SKIP
     error_msg = info.get("error")
     assert isinstance(error_msg, str)
