refactor: remove depends_on fields from heuristics and handle skips in problog #1133
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
oracle-contributor-agreement
bot
added
the
OCA Verified
art1f1c3R
force-pushed
the
art1f1c3R/malware-dependencies-cleanup
branch
from
15a0c52 to
24d224e
Compare
tromai
reviewed
Aug 4, 2025
| mock_defaults.__getitem__.side_effect = lambda section: ( | ||
| MagicMock(get=lambda _: None) if section == "heuristic.pypi" else None | ||
| ) | ||
| defaults["heuristic.pypi"].clear() |
There was a problem hiding this comment.
What is the scenario where this case happen? For instance, what would be the values in the user provided defaults.ini (if any).
There was a problem hiding this comment.
Our defaults.ini usually looks like this:
disabled_default_rulesets = exfiltration
disabled_rules =
custom_semgrep_rules_path =
disabled_custom_rulesets =
The reason I used .clear() here is to make sure that the rules that are being tested aren't disabled. Particularly here, by default our exfiltration ruleset is disabled, but it is tested in this unit test, so the test would fail if I didn't remove that setting.
6 tasks
Signed-off-by: Carl Flottmann <[email protected]>
…nges, modified docstrings.
Signed-off-by: Carl Flottmann <[email protected]>
art1f1c3R
force-pushed
the
art1f1c3R/malware-dependencies-cleanup
branch
from
0c5b3b7 to
08bcd50
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
The purpose of this PR is to address #1052, and implement appropriate skip and error handling in all existing heuristics. This PR removes the
depends_onfield from heuristics and makes it a responsibility of the heuristic code to determine if it should be skipped or not. All skip handling is then done my the ProbLog logic.Description of changes
The
BaseHeuristicAnalyzerno longer has thedepends_onfield, and this has propagated to all other analyzers. The description for aSKIPresult has been updated in line with issue #1052, andHeuristicAnalyzerValueErrors have replaced someSKIPresults previously used when malformed data was encountered. Unit tests have been updated accordingly.Some refactoring to the
test_pypi_sourcecode_analyzer.pyunit tests have also been done in this PR to address #1108, adding in temporary.iniconfig files to the unit tests as opposed to the existing mock objects.Related issues
Closes #1052 and #1108.
Blockers
Currently blocked by #1147, as this is treated as a
HeuristicAnalyzerValueErrorin this PR and causes integration tests to fail.Checklist
verifiedlabel should appear next to all of your commits on GitHub.