macaron.malware_analyzer.pypi_heuristics.metadata package

Submodules

macaron.malware_analyzer.pypi_heuristics.metadata.closer_release_join_date module

Analyzer checks whether the maintainers’ join date closer to latest package’s release date.

class macaron.malware_analyzer.pypi_heuristics.metadata.closer_release_join_date.CloserReleaseJoinDateAnalyzer

Bases: BaseHeuristicAnalyzer

Analyzer checks the heuristic.

If any maintainer’s date duration is larger than threshold, we consider it as “PASS”.

__init__()

analyze(pypi_package_json)

Check whether the maintainers’ join date closer to package’s latest release date.

Parameters:

pypi_package_json (PyPIPackageJsonAsset) – The PyPI package JSON asset object.

Returns:

The result and related information collected during the analysis.

Return type:

tuple[HeuristicResult, dict[str, JsonType]]

macaron.malware_analyzer.pypi_heuristics.metadata.empty_project_link module

Analyzer checks there is no project link of the package.

class macaron.malware_analyzer.pypi_heuristics.metadata.empty_project_link.EmptyProjectLinkAnalyzer

Bases: BaseHeuristicAnalyzer

Analyzer checks heuristic.

__init__()

analyze(pypi_package_json)

Check whether the PyPI package has no project link.

Parameters:

pypi_package_json (PyPIPackageJsonAsset) – The PyPI package JSON asset object.

Returns:

The result and related information collected during the analysis.

Return type:

tuple[HeuristicResult, dict[str, JsonType]]

macaron.malware_analyzer.pypi_heuristics.metadata.high_release_frequency module

Analyzer checks the frequent release heuristic.

class macaron.malware_analyzer.pypi_heuristics.metadata.high_release_frequency.HighReleaseFrequencyAnalyzer

Bases: BaseHeuristicAnalyzer

Analyzer checks heuristic.

__init__()

analyze(pypi_package_json)

Check whether the release frequency is high.

Parameters:

pypi_package_json (PyPIPackageJsonAsset) – The PyPI package JSON asset object.

Returns:

The result and related information collected during the analysis.

Return type:

tuple[HeuristicResult, dict[str, JsonType]]

macaron.malware_analyzer.pypi_heuristics.metadata.one_release module

Analyzer checks the packages contain one release.

class macaron.malware_analyzer.pypi_heuristics.metadata.one_release.OneReleaseAnalyzer

Bases: BaseHeuristicAnalyzer

Analyzer checks heuristic.

__init__()

analyze(pypi_package_json)

Check the releases’ total is one.

Parameters:

pypi_package_json (PyPIPackageJsonAsset) – The PyPI package JSON asset object.

Returns:

The result and related information collected during the analysis.

Return type:

tuple[HeuristicResult, dict[str, JsonType]]

macaron.malware_analyzer.pypi_heuristics.metadata.unchanged_release module

Heuristics analyzer to check unchanged content in multiple releases.

class macaron.malware_analyzer.pypi_heuristics.metadata.unchanged_release.UnchangedReleaseAnalyzer

Bases: BaseHeuristicAnalyzer

Analyze whether the content of the package is updated by the maintainer.

__init__()

analyze(pypi_package_json)

Check the content of releases keep updating.

Parameters:

pypi_package_json (PyPIPackageJsonAsset) – The PyPI package JSON asset object.

Returns:

The result and related information collected during the analysis.

Return type:

tuple[HeuristicResult, dict[str, JsonType]]

macaron.malware_analyzer.pypi_heuristics.metadata.unreachable_project_links module

The heuristic analyzer to check the project links.

class macaron.malware_analyzer.pypi_heuristics.metadata.unreachable_project_links.UnreachableProjectLinksAnalyzer

Bases: BaseHeuristicAnalyzer

Analyze the accessibility of the project links.

If >= 1 project links are reachable, the analyzer consider the package as benign.

__init__()

analyze(pypi_package_json)

Analyze the package.

Parameters:

pypi_package_json (PyPIPackageJsonAsset) – The PyPI package JSON asset object.

Returns:

The result and related information collected during the analysis.

Return type:

tuple[HeuristicResult, dict[str, JsonType]]