feat: added in loading from defaults.ini. Removed minor version checking until testing suggests it is needed

Author: art1f1c3R

src/macaron/config/defaults.ini

@@ -579,3 +579,10 @@ releases_frequency_threshold = 2
 # The gap threshold.
 # The timedelta indicate the gap between the date maintainer registers their pypi's account and the date of latest release.
 timedelta_threshold_of_join_release = 5
+
+# Any major version above this value is detected as anomalistic and marked as suspicious
+major_threshold = 20
+# Any epoch number avove this value is detected as anomalistic and marked as suspicious
+epoch_threshold = 5
+# The number of days +/- the day of publish the calendar versioning day may be
+day_publish_error = 2

src/macaron/malware_analyzer/pypi_heuristics/metadata/anomalistic_version.py

@@ -8,6 +8,7 @@
 
 from packaging.version import InvalidVersion, parse
 
+from macaron.config.defaults import defaults
 from macaron.errors import HeuristicAnalyzerValueError
 from macaron.json_tools import JsonType, json_extract
 from macaron.malware_analyzer.datetime_parser import parse_datetime
@@ -35,12 +36,7 @@ class AnomalisticVersionAnalyzer(BaseHeuristicAnalyzer):
     All other versionings are detected as semantic versioning.
     """
 
-    DATETIME_FORMAT: str = "%Y-%m-%dT%H:%M:%S"
-
-    MAJOR_THRESHOLD: int = 20
-    MINOR_THRESHOLD: int = 40
-    EPOCH_THRESHOLD: int = 5
-
+    CALENDAR_YEAR_LENGTHS: list[int] = [2, 4]
     DETAIL_INFO_KEY: str = "versioning"
 
     def __init__(self) -> None:
@@ -49,6 +45,20 @@ def __init__(self) -> None:
             heuristic=Heuristics.ANOMALISTIC_VERSION,
             depends_on=[(Heuristics.ONE_RELEASE, HeuristicResult.FAIL)],
         )
+        self.major_threshold, self.epoch_threshold, self.day_publish_error = self._load_defaults()
+
+    def _load_defaults(self) -> tuple[int, int, int]:
+        """Load default settings from defaults.ini."""
+        section_name = "heuristic.pypi"
+        if defaults.has_section(section_name):
+            section = defaults[section_name]
+            return (
+                section.getint("major_threshold"),
+                section.getint("epoch_threshold"),
+                section.getint("day_publish_error"),
+            )
+        # Major threshold, Epoch threshold, Day pushlish error
+        return 20, 5, 2
 
     def analyze(self, pypi_package_json: PyPIPackageJsonAsset) -> tuple[HeuristicResult, dict[str, JsonType]]:
         """Analyze the package.
@@ -103,7 +113,7 @@ def analyze(self, pypi_package_json: PyPIPackageJsonAsset) -> tuple[HeuristicRes
 
         calendar_semantic = False
 
-        if len(str(version.major)) == 4 or len(str(version.major)) == 2:
+        if len(str(version.major)) in self.CALENDAR_YEAR_LENGTHS:
             # possible this version number refers to a date
 
             for distribution in release_metadata:
@@ -113,7 +123,7 @@ def analyze(self, pypi_package_json: PyPIPackageJsonAsset) -> tuple[HeuristicRes
                     logger.debug(error_msg)
                     raise HeuristicAnalyzerValueError(error_msg)
 
-                parsed_time = parse_datetime(upload_time, self.DATETIME_FORMAT)
+                parsed_time = parse_datetime(upload_time)
                 if parsed_time is None:
                     error_msg = "Upload time is not of the expected PyPI format"
                     logger.debug(error_msg)
@@ -123,12 +133,14 @@ def analyze(self, pypi_package_json: PyPIPackageJsonAsset) -> tuple[HeuristicRes
                     # the major of the version refers to the year published
                     if (
                         parsed_time.month == version.minor
-                        and parsed_time.day + 2 >= version.micro >= parsed_time.day - 2
+                        and parsed_time.day + self.day_publish_error
+                        >= version.micro
+                        >= parsed_time.day - self.day_publish_error
                         and len(version.release) == 3
                     ):
                         # In the format of full_year.month.day or year.month.day, with a 48-hour buffer for timezone differences
                         detail_info: dict[str, JsonType] = {self.DETAIL_INFO_KEY: Versioning.CALENDAR.value}
-                        if version.epoch > self.EPOCH_THRESHOLD:
+                        if version.epoch > self.epoch_threshold:
                             return HeuristicResult.FAIL, detail_info
 
                         return HeuristicResult.PASS, detail_info
@@ -138,21 +150,19 @@ def analyze(self, pypi_package_json: PyPIPackageJsonAsset) -> tuple[HeuristicRes
         if calendar_semantic:
             detail_info = {self.DETAIL_INFO_KEY: Versioning.CALENDAR_SEMANTIC.value}
             # analyze starting from the minor instead
-            if version.epoch > self.EPOCH_THRESHOLD:
+            if version.epoch > self.epoch_threshold:
                 return HeuristicResult.FAIL, detail_info
-            if version.minor > self.MAJOR_THRESHOLD:
+            if version.minor > self.major_threshold:
                 return HeuristicResult.FAIL, detail_info
 
             return HeuristicResult.PASS, detail_info
 
         # semantic versioning
         detail_info = {self.DETAIL_INFO_KEY: Versioning.SEMANTIC.value}
 
-        if version.epoch > self.EPOCH_THRESHOLD:
-            return HeuristicResult.FAIL, detail_info
-        if version.major > self.MAJOR_THRESHOLD:
+        if version.epoch > self.epoch_threshold:
             return HeuristicResult.FAIL, detail_info
-        if version.minor > self.MINOR_THRESHOLD:
+        if version.major > self.major_threshold:
             return HeuristicResult.FAIL, detail_info
 
         return HeuristicResult.PASS, detail_info