chore: implement method to validate suspicious packages for malicious…#851
Conversation
f2a0694 to
f2998f5
Compare
|
Hi @behnazh-w @tromai, The latest update to the PR introduces additional suspicious patterns based on the review of over 30 malware data. The analyzer can now identify malicious code sections and store them in a dictionary. However, there is still a need to address the high false positive rate. To improve accuracy, the malware analyzer should implement two key enhancements:
Implementing these methods is expected to reduce false positives. Currently, the malware validator uses AST analysis, which activates only when the heuristic analysis detects suspicious behavior in the package. Please let me know if you have any concerns, and feel free to share any ideas for the validator! Thanks |
f2998f5 to
a494c61
Compare
a494c61 to
7c02c46
Compare
art1f1c3R
left a comment
There was a problem hiding this comment.
Passes all unit tests and integration tests and does not seem to alter the default Macaron functionality.
|
Thanks, @Yao-Wen-Chang! We'll merge this PR and make further improvements in the upcoming PRs. |
This PR refers to issue #810.
This PR implements the validator to confirm malware on PyPI. We analyze the data flow by walking through the AST and finding out the actual value of the variable.
For example:
The new method should be able to detect the
https://malicious.com. Furthermore, we will analyze the historical malware data to define the suspicious pattern as a .yaml.The suspicious_setup heuristic will be removed since it overlaps with our new method.
Following are the tasks for implementing this method: