test: simple test for the normalize structure, ensuring same function

Signed-off-by: Carl Flottmann <[email protected]>

Author: art1f1c3R

tests/malware_analyzer/pypi/resources/inspector_html_samples/posthog/posthog-6.7.4-tar-inspector.html

@@ -0,0 +1,93 @@
+<html>
+  <head>
+    <link rel="icon" href="data:image/svg+xml,<svg xmlns=%22http://www.w3.org/2000/svg%22 viewBox=%220 0 100 100%22><text y=%22.9em%22 font-size=%2290%22>🕵️</text></svg>">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  </head>
+  <body>
+    <main>
+      <h1><a href="/">Inspector</a></h1>
+      <form action="/">
+          <input type="text" name="project" placeholder="Project name" value="posthog" autocomplete="off">
+        <input type="submit">
+      </form>
+      <hr>
+      <h2>
+        <a href="/project/posthog">posthog</a>
+        (<a href="https://pypi.org/project/posthog">View this project on PyPI</a>)
+      </h2>
+      <h3>
+        <a href="/project/posthog/6.7.4">posthog==6.7.4</a>
+        (<a href="https://pypi.org/project/posthog/6.7.4">View this release on PyPI</a>)
+      </h3>
+      <h4>
+        <a href="/project/posthog/6.7.4/packages/0f/40/d7f585e09e47f492ebaeb8048a8e2ce5d9f49a3896856a7a975cbc1484fa/posthog-6.7.4.tar.gz/">posthog-6.7.4.tar.gz</a>
+      </h4>
+<ul>
+  <li><a href="./posthog-6.7.4/LICENSE">./posthog-6.7.4/LICENSE</a></li>
+  <li><a href="./posthog-6.7.4/MANIFEST.in">./posthog-6.7.4/MANIFEST.in</a></li>
+  <li><a href="./posthog-6.7.4/PKG-INFO">./posthog-6.7.4/PKG-INFO</a></li>
+  <li><a href="./posthog-6.7.4/README.md">./posthog-6.7.4/README.md</a></li>
+  <li><a href="./posthog-6.7.4/posthog/__init__.py">./posthog-6.7.4/posthog/__init__.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/ai/__init__.py">./posthog-6.7.4/posthog/ai/__init__.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/ai/anthropic/__init__.py">./posthog-6.7.4/posthog/ai/anthropic/__init__.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/ai/anthropic/anthropic.py">./posthog-6.7.4/posthog/ai/anthropic/anthropic.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/ai/anthropic/anthropic_async.py">./posthog-6.7.4/posthog/ai/anthropic/anthropic_async.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/ai/anthropic/anthropic_converter.py">./posthog-6.7.4/posthog/ai/anthropic/anthropic_converter.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/ai/anthropic/anthropic_providers.py">./posthog-6.7.4/posthog/ai/anthropic/anthropic_providers.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/ai/gemini/__init__.py">./posthog-6.7.4/posthog/ai/gemini/__init__.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/ai/gemini/gemini.py">./posthog-6.7.4/posthog/ai/gemini/gemini.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/ai/gemini/gemini_converter.py">./posthog-6.7.4/posthog/ai/gemini/gemini_converter.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/ai/langchain/__init__.py">./posthog-6.7.4/posthog/ai/langchain/__init__.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/ai/langchain/callbacks.py">./posthog-6.7.4/posthog/ai/langchain/callbacks.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/ai/openai/__init__.py">./posthog-6.7.4/posthog/ai/openai/__init__.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/ai/openai/openai.py">./posthog-6.7.4/posthog/ai/openai/openai.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/ai/openai/openai_async.py">./posthog-6.7.4/posthog/ai/openai/openai_async.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/ai/openai/openai_converter.py">./posthog-6.7.4/posthog/ai/openai/openai_converter.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/ai/openai/openai_providers.py">./posthog-6.7.4/posthog/ai/openai/openai_providers.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/ai/sanitization.py">./posthog-6.7.4/posthog/ai/sanitization.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/ai/types.py">./posthog-6.7.4/posthog/ai/types.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/ai/utils.py">./posthog-6.7.4/posthog/ai/utils.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/args.py">./posthog-6.7.4/posthog/args.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/client.py">./posthog-6.7.4/posthog/client.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/consumer.py">./posthog-6.7.4/posthog/consumer.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/contexts.py">./posthog-6.7.4/posthog/contexts.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/exception_capture.py">./posthog-6.7.4/posthog/exception_capture.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/exception_utils.py">./posthog-6.7.4/posthog/exception_utils.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/feature_flags.py">./posthog-6.7.4/posthog/feature_flags.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/integrations/__init__.py">./posthog-6.7.4/posthog/integrations/__init__.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/integrations/django.py">./posthog-6.7.4/posthog/integrations/django.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/poller.py">./posthog-6.7.4/posthog/poller.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/py.typed">./posthog-6.7.4/posthog/py.typed</a></li>
+  <li><a href="./posthog-6.7.4/posthog/request.py">./posthog-6.7.4/posthog/request.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/test/__init__.py">./posthog-6.7.4/posthog/test/__init__.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/test/test_before_send.py">./posthog-6.7.4/posthog/test/test_before_send.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/test/test_client.py">./posthog-6.7.4/posthog/test/test_client.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/test/test_consumer.py">./posthog-6.7.4/posthog/test/test_consumer.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/test/test_contexts.py">./posthog-6.7.4/posthog/test/test_contexts.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/test/test_exception_capture.py">./posthog-6.7.4/posthog/test/test_exception_capture.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/test/test_feature_flag.py">./posthog-6.7.4/posthog/test/test_feature_flag.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/test/test_feature_flag_result.py">./posthog-6.7.4/posthog/test/test_feature_flag_result.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/test/test_feature_flags.py">./posthog-6.7.4/posthog/test/test_feature_flags.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/test/test_module.py">./posthog-6.7.4/posthog/test/test_module.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/test/test_request.py">./posthog-6.7.4/posthog/test/test_request.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/test/test_size_limited_dict.py">./posthog-6.7.4/posthog/test/test_size_limited_dict.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/test/test_types.py">./posthog-6.7.4/posthog/test/test_types.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/test/test_utils.py">./posthog-6.7.4/posthog/test/test_utils.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/types.py">./posthog-6.7.4/posthog/types.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/utils.py">./posthog-6.7.4/posthog/utils.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog/version.py">./posthog-6.7.4/posthog/version.py</a></li>
+  <li><a href="./posthog-6.7.4/posthog.egg-info/PKG-INFO">./posthog-6.7.4/posthog.egg-info/PKG-INFO</a></li>
+  <li><a href="./posthog-6.7.4/posthog.egg-info/SOURCES.txt">./posthog-6.7.4/posthog.egg-info/SOURCES.txt</a></li>
+  <li><a href="./posthog-6.7.4/posthog.egg-info/dependency_links.txt">./posthog-6.7.4/posthog.egg-info/dependency_links.txt</a></li>
+  <li><a href="./posthog-6.7.4/posthog.egg-info/requires.txt">./posthog-6.7.4/posthog.egg-info/requires.txt</a></li>
+  <li><a href="./posthog-6.7.4/posthog.egg-info/top_level.txt">./posthog-6.7.4/posthog.egg-info/top_level.txt</a></li>
+  <li><a href="./posthog-6.7.4/pyproject.toml">./posthog-6.7.4/pyproject.toml</a></li>
+  <li><a href="./posthog-6.7.4/setup.cfg">./posthog-6.7.4/setup.cfg</a></li>
+  <li><a href="./posthog-6.7.4/setup.py">./posthog-6.7.4/setup.py</a></li>
+</ul>
+    </main>
+    <footer>
+      <small>Source: <a href="https://github.com/pypi/inspector">https://github.com/pypi/inspector</a></small>
+    </footer>
+  </body>
+</html>

tests/malware_analyzer/pypi/resources/inspector_html_samples/posthog/posthog-6.7.4-whl-inspector.html

@@ -0,0 +1,86 @@
+<html>
+  <head>
+    <link rel="icon" href="data:image/svg+xml,<svg xmlns=%22http://www.w3.org/2000/svg%22 viewBox=%220 0 100 100%22><text y=%22.9em%22 font-size=%2290%22>🕵️</text></svg>">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  </head>
+  <body>
+    <main>
+      <h1><a href="/">Inspector</a></h1>
+      <form action="/">
+          <input type="text" name="project" placeholder="Project name" value="posthog" autocomplete="off">
+        <input type="submit">
+      </form>
+      <hr>
+      <h2>
+        <a href="/project/posthog">posthog</a>
+        (<a href="https://pypi.org/project/posthog">View this project on PyPI</a>)
+      </h2>
+      <h3>
+        <a href="/project/posthog/6.7.4">posthog==6.7.4</a>
+        (<a href="https://pypi.org/project/posthog/6.7.4">View this release on PyPI</a>)
+      </h3>
+      <h4>
+        <a href="/project/posthog/6.7.4/packages/bb/95/e795059ef73d480a7f11f1be201087f65207509525920897fb514a04914c/posthog-6.7.4-py3-none-any.whl/">posthog-6.7.4-py3-none-any.whl</a>
+      </h4>
+<ul>
+  <li><a href="./posthog/__init__.py">./posthog/__init__.py</a></li>
+  <li><a href="./posthog/args.py">./posthog/args.py</a></li>
+  <li><a href="./posthog/client.py">./posthog/client.py</a></li>
+  <li><a href="./posthog/consumer.py">./posthog/consumer.py</a></li>
+  <li><a href="./posthog/contexts.py">./posthog/contexts.py</a></li>
+  <li><a href="./posthog/exception_capture.py">./posthog/exception_capture.py</a></li>
+  <li><a href="./posthog/exception_utils.py">./posthog/exception_utils.py</a></li>
+  <li><a href="./posthog/feature_flags.py">./posthog/feature_flags.py</a></li>
+  <li><a href="./posthog/poller.py">./posthog/poller.py</a></li>
+  <li><a href="./posthog/py.typed">./posthog/py.typed</a></li>
+  <li><a href="./posthog/request.py">./posthog/request.py</a></li>
+  <li><a href="./posthog/types.py">./posthog/types.py</a></li>
+  <li><a href="./posthog/utils.py">./posthog/utils.py</a></li>
+  <li><a href="./posthog/version.py">./posthog/version.py</a></li>
+  <li><a href="./posthog/ai/__init__.py">./posthog/ai/__init__.py</a></li>
+  <li><a href="./posthog/ai/sanitization.py">./posthog/ai/sanitization.py</a></li>
+  <li><a href="./posthog/ai/types.py">./posthog/ai/types.py</a></li>
+  <li><a href="./posthog/ai/utils.py">./posthog/ai/utils.py</a></li>
+  <li><a href="./posthog/ai/anthropic/__init__.py">./posthog/ai/anthropic/__init__.py</a></li>
+  <li><a href="./posthog/ai/anthropic/anthropic.py">./posthog/ai/anthropic/anthropic.py</a></li>
+  <li><a href="./posthog/ai/anthropic/anthropic_async.py">./posthog/ai/anthropic/anthropic_async.py</a></li>
+  <li><a href="./posthog/ai/anthropic/anthropic_converter.py">./posthog/ai/anthropic/anthropic_converter.py</a></li>
+  <li><a href="./posthog/ai/anthropic/anthropic_providers.py">./posthog/ai/anthropic/anthropic_providers.py</a></li>
+  <li><a href="./posthog/ai/gemini/__init__.py">./posthog/ai/gemini/__init__.py</a></li>
+  <li><a href="./posthog/ai/gemini/gemini.py">./posthog/ai/gemini/gemini.py</a></li>
+  <li><a href="./posthog/ai/gemini/gemini_converter.py">./posthog/ai/gemini/gemini_converter.py</a></li>
+  <li><a href="./posthog/ai/langchain/__init__.py">./posthog/ai/langchain/__init__.py</a></li>
+  <li><a href="./posthog/ai/langchain/callbacks.py">./posthog/ai/langchain/callbacks.py</a></li>
+  <li><a href="./posthog/ai/openai/__init__.py">./posthog/ai/openai/__init__.py</a></li>
+  <li><a href="./posthog/ai/openai/openai.py">./posthog/ai/openai/openai.py</a></li>
+  <li><a href="./posthog/ai/openai/openai_async.py">./posthog/ai/openai/openai_async.py</a></li>
+  <li><a href="./posthog/ai/openai/openai_converter.py">./posthog/ai/openai/openai_converter.py</a></li>
+  <li><a href="./posthog/ai/openai/openai_providers.py">./posthog/ai/openai/openai_providers.py</a></li>
+  <li><a href="./posthog/integrations/__init__.py">./posthog/integrations/__init__.py</a></li>
+  <li><a href="./posthog/integrations/django.py">./posthog/integrations/django.py</a></li>
+  <li><a href="./posthog/test/__init__.py">./posthog/test/__init__.py</a></li>
+  <li><a href="./posthog/test/test_before_send.py">./posthog/test/test_before_send.py</a></li>
+  <li><a href="./posthog/test/test_client.py">./posthog/test/test_client.py</a></li>
+  <li><a href="./posthog/test/test_consumer.py">./posthog/test/test_consumer.py</a></li>
+  <li><a href="./posthog/test/test_contexts.py">./posthog/test/test_contexts.py</a></li>
+  <li><a href="./posthog/test/test_exception_capture.py">./posthog/test/test_exception_capture.py</a></li>
+  <li><a href="./posthog/test/test_feature_flag.py">./posthog/test/test_feature_flag.py</a></li>
+  <li><a href="./posthog/test/test_feature_flag_result.py">./posthog/test/test_feature_flag_result.py</a></li>
+  <li><a href="./posthog/test/test_feature_flags.py">./posthog/test/test_feature_flags.py</a></li>
+  <li><a href="./posthog/test/test_module.py">./posthog/test/test_module.py</a></li>
+  <li><a href="./posthog/test/test_request.py">./posthog/test/test_request.py</a></li>
+  <li><a href="./posthog/test/test_size_limited_dict.py">./posthog/test/test_size_limited_dict.py</a></li>
+  <li><a href="./posthog/test/test_types.py">./posthog/test/test_types.py</a></li>
+  <li><a href="./posthog/test/test_utils.py">./posthog/test/test_utils.py</a></li>
+  <li><a href="./posthog-6.7.4.dist-info/licenses/LICENSE">./posthog-6.7.4.dist-info/licenses/LICENSE</a></li>
+  <li><a href="./posthog-6.7.4.dist-info/METADATA">./posthog-6.7.4.dist-info/METADATA</a></li>
+  <li><a href="./posthog-6.7.4.dist-info/WHEEL">./posthog-6.7.4.dist-info/WHEEL</a></li>
+  <li><a href="./posthog-6.7.4.dist-info/top_level.txt">./posthog-6.7.4.dist-info/top_level.txt</a></li>
+  <li><a href="./posthog-6.7.4.dist-info/RECORD">./posthog-6.7.4.dist-info/RECORD</a></li>
+</ul>
+    </main>
+    <footer>
+      <small>Source: <a href="https://github.com/pypi/inspector">https://github.com/pypi/inspector</a></small>
+    </footer>
+  </body>
+</html>

tests/malware_analyzer/pypi/test_similar_projects.py

@@ -3,3 +3,96 @@
 
 """Tests for the SimilarProjectAnalyzer heuristic."""
 # pylint: disable=redefined-outer-name
+
+import os
+from collections.abc import Callable, Generator
+from unittest.mock import MagicMock, patch
+
+import pytest
+
+from macaron.malware_analyzer.pypi_heuristics.metadata.similar_projects import SimilarProjectAnalyzer
+
+TEST_SDIST_LINK = (
+    "https://inspector.pypi.io/project/posthog/6.7.4/packages/0f/40/"
+    "d7f585e09e47f492ebaeb8048a8e2ce5d9f49a3896856a7a975cbc1484fa/posthog-6.7.4.tar.gz/"
+)
+TEST_WHL_LINK = (
+    "https://inspector.pypi.io/project/posthog/6.7.4/packages/bb/95/"
+    "e795059ef73d480a7f11f1be201087f65207509525920897fb514a04914c/posthog-6.7.4-py3-none-any.whl/"
+)
+
+
+@pytest.fixture()
+def mock_send_get_http_raw() -> Generator[Callable]:
+    """Mock the send_get_http_raw function for inspector HTML.
+
+    Returns
+    -------
+    Generator[Callable, None, None]
+        A mocked send_get_http_raw function that can just be included as a function parameter to work.
+    """
+    html_samples_path = os.path.join(
+        os.path.dirname(os.path.abspath(__file__)), "resources", "inspector_html_samples", "posthog"
+    )
+
+    with open(os.path.join(html_samples_path, "posthog-6.7.4-tar-inspector.html"), "rb") as file:
+        tarfile_inspector = file.read()
+    with open(os.path.join(html_samples_path, "posthog-6.7.4-whl-inspector.html"), "rb") as file:
+        wheel_inspector = file.read()
+
+    tarfile_response = MagicMock()
+    tarfile_response.content = tarfile_inspector
+    wheel_response = MagicMock()
+    wheel_response.content = wheel_inspector
+
+    def mock_send_get_http_raw_side_effect(url: str) -> bytes | None:
+        if url == TEST_SDIST_LINK:
+            return tarfile_response
+        if url == TEST_WHL_LINK:
+            return wheel_response
+        return None
+
+    with patch(
+        "macaron.slsa_analyzer.package_registry.pypi_registry.send_get_http_raw",
+        side_effect=mock_send_get_http_raw_side_effect,
+    ) as mock_send_get_http_raw:
+        yield mock_send_get_http_raw
+
+
+@pytest.fixture()
+def analyzer() -> SimilarProjectAnalyzer:
+    """Pytest fixture to create a SimilarProjectAnalyzer instance."""
+    analyzer_instance = SimilarProjectAnalyzer()
+    return analyzer_instance
+
+
+def test_get_normalized_structure(
+    analyzer: SimilarProjectAnalyzer,
+    mock_send_get_http_raw: Callable,  # pylint: disable=unused-argument
+    pypi_package_json: MagicMock,
+) -> None:
+    """Test the get_normalized_structure function to ensure it extracts the same structure for a wheel and tarball.
+
+    Parameters
+    ----------
+    pypi_package_json: PyPIPackageJsonAsset
+        The PyPI package JSON asset object.
+    analyzer: SimilarProjectAnalyzer
+        An instantiated similar projects analyzer.
+    mock_send_get_http_raw: Callable
+        A mocked send_get_http_raw function to return inspector html.
+    """
+    pypi_package_json.component_version = "6.7.4"
+    pypi_package_json.component_name = "posthog"
+
+    pypi_package_json.inspector_asset.package_sdist_link = TEST_SDIST_LINK
+    pypi_package_json.inspector_asset.package_link_reachability = {TEST_SDIST_LINK: True}
+    pypi_package_json.inspector_asset.package_whl_links = []
+    sdist_structure = analyzer.get_normalized_structure(pypi_package_json)
+
+    pypi_package_json.inspector_asset.package_sdist_link = ""
+    pypi_package_json.inspector_asset.package_whl_links = [TEST_WHL_LINK]
+    pypi_package_json.inspector_asset.package_link_reachability = {TEST_WHL_LINK: True}
+    wheel_structure = analyzer.get_normalized_structure(pypi_package_json)
+
+    assert sdist_structure == wheel_structure