Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor: improve experimental source code pattern analysis of pypi packages #965

Draft
wants to merge 1 commit into
base: staging
Choose a base branch
from
Draft

refactor: improve experimental source code pattern analysis of pypi packages #965

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 7 additions & 4 deletions src/macaron/__main__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Copyright (c) 2022 - 2024, Oracle and/or its affiliates. All rights reserved.
# Copyright (c) 2022 - 2025, Oracle and/or its affiliates. All rights reserved.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/.

"""This is the main entrypoint to run Macaron."""
Expand Down Expand Up @@ -179,7 +179,7 @@ def analyze_slsa_levels_single(analyzer_single_args: argparse.Namespace) -> None
analyzer_single_args.sbom_path,
deps_depth,
provenance_payload=prov_payload,
validate_malware_switch=analyzer_single_args.validate_malware_switch,
analyze_source=analyzer_single_args.analyze_source,
)
sys.exit(status_code)

Expand Down Expand Up @@ -486,10 +486,13 @@ def main(argv: list[str] | None = None) -> None:
)

single_analyze_parser.add_argument(
"--validate-malware-switch",
"--analyze-source",
required=False,
action="store_true",
help=("Enable malware validation."),
help=(
"EXPERIMENTAL. For improved malware detection, analyze the source code of the"
+ " (PyPI) package using a textual scan and dataflow analysis."
),
)

# Dump the default values.
Expand Down
4 changes: 4 additions & 0 deletions src/macaron/config/defaults.ini
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -594,3 +594,7 @@ major_threshold = 20
epoch_threshold = 3
# The number of days +/- the day of publish the calendar versioning day may be.
day_publish_error = 4

# yaml configuration file containing suspicious patterns. Can be full path or relative to
# folder where macaron is installed
suspicious_patterns_file = src/macaron/malware_analyzer/pypi_heuristics/sourcecode/suspicious_patterns.yaml
3 changes: 3 additions & 0 deletions src/macaron/malware_analyzer/pypi_heuristics/heuristics.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,9 @@ class Heuristics(str, Enum):
#: Indicates that the package has an unusually large version number for a single release.
ANOMALOUS_VERSION = "anomalous_version"

#: Indicates that the package source code contains suspicious code patterns.
SUSPICIOUS_PATTERNS = "suspicious_patterns"


class HeuristicResult(str, Enum):
"""Result type indicating the outcome of a heuristic."""
Expand Down
Loading
Loading