fix: include inspector links with information on if they are reachable. (#1102)

The detail info containing inspector links now contains links as keys regardless of whether they are reachable, and includes a boolean value for reachability.

Signed-off-by: Carl Flottmann <[email protected]>

Author: art1f1c3R

src/macaron/malware_analyzer/pypi_heuristics/metadata/wheel_absence.py

@@ -70,7 +70,8 @@ def analyze(self, pypi_package_json: PyPIPackageJsonAsset) -> tuple[HeuristicRes
                 logger.debug(error_msg)
                 raise HeuristicAnalyzerValueError(error_msg)
 
-        inspector_links: list[JsonType] = []
+        # Contains a boolean field identifying if the link is reachable by this Macaron instance or not.
+        inspector_links: dict[str, JsonType] = {}
         wheel_present: bool = False
 
         release_distributions = json_extract(releases, [version], list)
@@ -120,10 +121,9 @@ def analyze(self, pypi_package_json: PyPIPackageJsonAsset) -> tuple[HeuristicRes
             )
 
             # use a head request because we don't care about the response contents
-            if send_head_http_raw(inspector_link) is None:
-                inspector_links.append(None)
-            else:
-                inspector_links.append(inspector_link)
+            inspector_links[inspector_link] = False
+            if send_head_http_raw(inspector_link):
+                inspector_links[inspector_link] = True  # link was reachable
 
         detail_info: dict[str, JsonType] = {
             "inspector_links": inspector_links,

tests/malware_analyzer/pypi/test_wheel_absence.py

@@ -75,7 +75,7 @@ def test_analyze_tar_present(mock_send_head_http_raw: MagicMock, pypi_package_js
     mock_send_head_http_raw.return_value = MagicMock()  # assume valid URL for testing purposes
 
     expected_detail_info = {
-        "inspector_links": [inspector_link_expected],
+        "inspector_links": {inspector_link_expected: True},
     }
 
     expected_result: tuple[HeuristicResult, dict] = (HeuristicResult.FAIL, expected_detail_info)
@@ -134,7 +134,7 @@ def test_analyze_whl_present(mock_send_head_http_raw: MagicMock, pypi_package_js
     mock_send_head_http_raw.return_value = MagicMock()  # assume valid URL for testing purposes
 
     expected_detail_info = {
-        "inspector_links": [inspector_link_expected],
+        "inspector_links": {inspector_link_expected: True},
     }
 
     expected_result: tuple[HeuristicResult, dict] = (HeuristicResult.PASS, expected_detail_info)
@@ -222,7 +222,7 @@ def test_analyze_both_present(mock_send_head_http_raw: MagicMock, pypi_package_j
     mock_send_head_http_raw.return_value = MagicMock()  # assume valid URL for testing purposes
 
     expected_detail_info = {
-        "inspector_links": [wheel_link_expected, tar_link_expected],
+        "inspector_links": {wheel_link_expected: True, tar_link_expected: True},
     }
 
     expected_result: tuple[HeuristicResult, dict] = (HeuristicResult.PASS, expected_detail_info)