fix: missing tests, comments on class reflect actual functionality

art1f1c3R · art1f1c3R · commit dd2dd170fd84 · 2025-01-09T17:19:58.000+10:00
diff --git a/src/macaron/malware_analyzer/pypi_heuristics/metadata/anomalistic_version.py b/src/macaron/malware_analyzer/pypi_heuristics/metadata/anomalistic_version.py
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2024 - 2025, Oracle and/or its affiliates. All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/.
 
 """The heuristic analyzer to check for an anomalistic package version."""
@@ -27,11 +27,32 @@ class AnomalisticVersionAnalyzer(BaseHeuristicAnalyzer):
     If the version does not adhere to PyPI standards (PEP 440, as per the 'packaging' module), this heuristic
     cannot analyze it.
 
-    Calendar versioning is detected as version numbers with the major value as the year (either yyyy or yy),
-    the minor as the month, and the micro as the day (+/- 2 days), with no further values.
+    Calendar versioning is detected as version numbers with the year, month and day present in the following combinations:
+    (using the example 11th October 2016)
+    - YYYY.MM.DD, e.g. 2016.10.11
+    - YYYY.DD.MM, e.g. 2016.11.10
+    - YY.DD.MM, e.g. 16.11.10
+    - YY.MM.DD, e.g. 16.10.11
+    - MM.DD.YYYY, e.g. 10.11.2016
+    - DD.MM.YYYY, e.g. 11.10.2016
+    - DD.MM.YY, e.g. 11.10.16
+    - MM.DD.YY, e.g. 10.11.16
+    - YYYYMMDD, e.g. 20161011
+    - YYYYDDMM, e.g. 20161110
+    - YYDDMM, e.g. 161110
+    - YYMMDD, e.g. 161011
+    - MMDDYYYY, e.g. 10112016
+    - DDMMYYYY, e.g. 11102016
+    - DDMMYY, e.g. 111016
+    - MMDDYY, e.g. 101116
+    This may be followed by further versioning (e.g. 2016.10.11.5.6.2). This type of versioning is detected based on the
+    date of the upload time for the release within a threshold of a number of days (in the defaults file).
 
     Calendar-semantic versioning is detected as version numbers with the major value as the year (either yyyy or yy),
-    and any other series of numbers following it.
+    and any other series of numbers following it:
+    - 2016.7.1 woud be version 7.1 of 2016
+    - 16.1.4 would be version 1.4 of 2016
+    This type of versioning is detected based on the exact year of the upload time for the release.
 
     All other versionings are detected as semantic versioning.
     """
diff --git a/tests/malware_analyzer/pypi/test_anomalistic_version.py b/tests/malware_analyzer/pypi/test_anomalistic_version.py
@@ -141,6 +141,58 @@ def test_analyze_no_time(pypi_package_json: MagicMock) -> None:
         pytest.param(
             "16.10.16", "2016-10-13", HeuristicResult.PASS, Versioning.CALENDAR.value, id="test_calendar_MM.DD.YY_pass"
         ),
+        pytest.param(
+            "20161011.0",
+            "2016-10-13",
+            HeuristicResult.PASS,
+            Versioning.CALENDAR.value,
+            id="test_calendar_YYYYMMDD_pass",
+        ),
+        pytest.param(
+            "20161210.6.1",
+            "2016-10-13",
+            HeuristicResult.PASS,
+            Versioning.CALENDAR.value,
+            id="test_calendar_YYYYDDMM_pass",
+        ),
+        pytest.param(
+            "161013.9.0.5",
+            "2016-10-13",
+            HeuristicResult.PASS,
+            Versioning.CALENDAR.value,
+            id="test_calendar_YYDDMM_pass",
+        ),
+        pytest.param(
+            "161410.2.5.7",
+            "2016-10-13",
+            HeuristicResult.PASS,
+            Versioning.CALENDAR.value,
+            id="test_calendar_YYMMDD_pass",
+        ),
+        pytest.param(
+            "10102016.0",
+            "2016-10-13",
+            HeuristicResult.PASS,
+            Versioning.CALENDAR.value,
+            id="test_calendar_MMDDYYYY_pass",
+        ),
+        pytest.param(
+            "09102016",
+            "2016-10-13",
+            HeuristicResult.PASS,
+            Versioning.CALENDAR.value,
+            id="test_calendar_DDMMYYYY_pass",
+        ),
+        pytest.param(
+            "101516.5.7", "2016-10-13", HeuristicResult.PASS, Versioning.CALENDAR.value, id="test_calendar_DDMMYY_pass"
+        ),
+        pytest.param(
+            "161016.0.0.0.0",
+            "2016-10-13",
+            HeuristicResult.PASS,
+            Versioning.CALENDAR.value,
+            id="test_calendar_MMDDYY_pass",
+        ),
         pytest.param(
             "2!16.10.17.2.5.3",
             "2016-10-13",
