chore: refactor changes to accomodate changes in main

Signed-off-by: Carl Flottmann <carl.flottmann@oracle.com>

Author: art1f1c3R

src/macaron/malware_analyzer/pypi_heuristics/metadata/anomalous_version.py

@@ -106,9 +106,6 @@ def analyze(self, pypi_package_json: PyPIPackageJsonAsset) -> tuple[HeuristicRes
             logger.debug(error_msg)
             raise HeuristicAnalyzerValueError(error_msg)
 
-        if len(releases) != 1:  # We only analyze packages with a single release, this heuristic does not apply.
-            return HeuristicResult.SKIP, {}
-
         # Since there is only one release, the latest version should be that release
         release = pypi_package_json.get_latest_version()
         if release is None:
@@ -128,6 +125,9 @@ def analyze(self, pypi_package_json: PyPIPackageJsonAsset) -> tuple[HeuristicRes
             logger.debug(error_msg)
             raise HeuristicAnalyzerValueError(error_msg)
 
+        if len(releases) != 1:  # We only analyze packages with a single release, this heuristic does not apply.
+            return HeuristicResult.SKIP, {}
+
         years = []
         months = []
         publish_days = []

src/macaron/malware_analyzer/pypi_heuristics/metadata/package_description_intent.py

@@ -24,9 +24,7 @@ class PackageDescriptionIntentAnalyzer(BaseHeuristicAnalyzer):
     )
 
     def __init__(self) -> None:
-        super().__init__(
-            name="package_description_intent", heuristic=Heuristics.PACKAGE_DESCRIPTION_INTENT, depends_on=None
-        )
+        super().__init__(name="package_description_intent", heuristic=Heuristics.PACKAGE_DESCRIPTION_INTENT)
 
     def analyze(self, pypi_package_json: PyPIPackageJsonAsset) -> tuple[HeuristicResult, dict[str, JsonType]]:
         """Analyze the package.

src/macaron/malware_analyzer/pypi_heuristics/metadata/similar_projects.py

@@ -21,23 +21,13 @@ class SimilarProjectAnalyzer(BaseHeuristicAnalyzer):
     """Check whether the package has a similar structure to other packages maintained by the same user."""
 
     def __init__(self) -> None:
+        # TODO: not touched by depends_on refactoring yet
         super().__init__(
             name="similar_project_analyzer",
             heuristic=Heuristics.SIMILAR_PROJECTS,
             # TODO: these dependencies are used as this heuristic currently downloads many package sourcecode
             # tarballs. Refactoring this heuristic to run more efficiently means this should have depends_on=None.
-            depends_on=[
-                (Heuristics.EMPTY_PROJECT_LINK, HeuristicResult.FAIL),
-                (Heuristics.ONE_RELEASE, HeuristicResult.FAIL),
-                (Heuristics.HIGH_RELEASE_FREQUENCY, HeuristicResult.FAIL),
-                (Heuristics.UNCHANGED_RELEASE, HeuristicResult.FAIL),
-                (Heuristics.CLOSER_RELEASE_JOIN_DATE, HeuristicResult.FAIL),
-                (Heuristics.SUSPICIOUS_SETUP, HeuristicResult.FAIL),
-                (Heuristics.WHEEL_ABSENCE, HeuristicResult.FAIL),
-                (Heuristics.ANOMALOUS_VERSION, HeuristicResult.FAIL),
-                (Heuristics.TYPOSQUATTING_PRESENCE, HeuristicResult.FAIL),
-                (Heuristics.FAKE_EMAIL, HeuristicResult.FAIL),
-            ],
+            # TODO: depends_on doesn't exist anymore, try fix this...
         )
 
     def analyze(self, pypi_package_json: PyPIPackageJsonAsset) -> tuple[HeuristicResult, dict[str, JsonType]]:

src/macaron/malware_analyzer/pypi_heuristics/metadata/stub_name.py

@@ -17,11 +17,8 @@ class StubNameAnalyzer(BaseHeuristicAnalyzer):
     """Check whether the package name contains 'stub'."""
 
     def __init__(self) -> None:
-        super().__init__(
-            name="stub_name_analyzer",
-            heuristic=Heuristics.STUB_NAME,
-            depends_on=None,
-        )
+        # TODO: not touched by depends_on refactoring yet
+        super().__init__(name="stub_name_analyzer", heuristic=Heuristics.STUB_NAME)
 
     def analyze(self, pypi_package_json: PyPIPackageJsonAsset) -> tuple[HeuristicResult, dict[str, JsonType]]:
         """Analyze the package.

src/macaron/malware_analyzer/pypi_heuristics/metadata/type_stub_file.py

@@ -20,11 +20,8 @@ class TypeStubFileAnalyzer(BaseHeuristicAnalyzer):
     FILES_THRESHOLD = 10
 
     def __init__(self) -> None:
-        super().__init__(
-            name="type_stub_file",
-            heuristic=Heuristics.TYPE_STUB_FILE,
-            depends_on=None,
-        )
+        # TODO: not touched by depends_on refactoring yet
+        super().__init__(name="type_stub_file", heuristic=Heuristics.TYPE_STUB_FILE)
 
     def analyze(self, pypi_package_json: PyPIPackageJsonAsset) -> tuple[HeuristicResult, dict[str, JsonType]]:
         """Analyze the package.

tests/malware_analyzer/pypi/test_anomalous_version.py

@@ -416,6 +416,7 @@ def test_multiple_releases(pypi_package_json: MagicMock) -> None:
         "0.2": release_content,
     }
     pypi_package_json.get_releases.return_value = releases
+    pypi_package_json.get_latest_version.return_value = "0.2"
     expected_result: tuple[HeuristicResult, dict] = (HeuristicResult.SKIP, {})
 
     actual_result = analyzer.analyze(pypi_package_json)

tests/malware_analyzer/pypi/test_pypi_sourcecode_analyzer.py

@@ -120,22 +120,31 @@ def test_nonexistent_rule_path(tmp_path: Path) -> None:
         _ = PyPISourcecodeAnalyzer(resources_path=RESOURCES_PATH)
 
 
-def test_invalid_custom_rules(tmp_path: Path) -> None:
+def test_invalid_custom_rules(tmp_path: Path, pypi_package_json: MagicMock) -> None:
     """Test for when the provided file is not a valid semgrep rule (should error).
 
     Parameters
     ----------
     tmp_path: Path
         Pytest temporary path fixture.
+    pypi_package_json: MagicMock
+        The PyPIPackageJsonAsset MagicMock fixture.
     """
     # Use this file as an invalid semgrep rule as it is most definitely not a semgrep rule, and does exist.
     defaults_content = f"""
     [heuristic.pypi]
     custom_semgrep_rules_path = {os.path.abspath(__file__)}
     """
     config_defaults(tmp_path, defaults_content)
-    with pytest.raises(ConfigurationError):
-        _ = PyPISourcecodeAnalyzer(resources_path=RESOURCES_PATH)
+
+    analyzer = PyPISourcecodeAnalyzer(resources_path=RESOURCES_PATH)
+    pypi_package_json.package_sourcecode_path = os.path.join(
+        os.path.dirname(os.path.abspath(__file__)), "resources", "sourcecode_samples"
+    )
+
+    # Semgrep should fail to run when we launch analysis
+    with pytest.raises(HeuristicAnalyzerValueError):
+        _ = analyzer.analyze(pypi_package_json)
 
 
 @pytest.mark.parametrize(