Our Python rules didn't reliably match the use of "setuptools"; often we'll use the fact that the script is a library installer to up the suspicion level.
This does add a private rule that we copy around to a couple of files. The lack of re-use isn't great, and neither is the private rule behavior. The use of a private rule means we're unable to see or extract the strings related to it and present it to the user.
This also fixes a misfeature in report.go where we'd use the longest rule match description even if the rule had less criticality. This was being seen in the py_setuptools backdoor combo rule.
Our Python rules didn't reliably match the use of "setuptools"; often we'll use the fact that the script is a library installer to up the suspicion level.
This does add a private rule that we copy around to a couple of files. The lack of re-use isn't great, and neither is the private rule behavior. The use of a private rule means we're unable to see or extract the strings related to it and present it to the user.
This also fixes a misfeature in
report.gowhere we'd use the longest rule match description even if the rule had less criticality. This was being seen in the py_setuptools backdoor combo rule.