Improve PyPI malware detector to reduce false positives

oracle / macaron

Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks or check conformance to frameworks, such as SLSA.

https://oracle.github.io/macaron/

Universal Permissive License v1.0

129 stars 20 forks source link

Improve PyPI malware detector to reduce false positives #801

Open Yao-Wen-Chang opened 1 month ago

Yao-Wen-Chang commented 1 month ago

Currently, the PyPI malware detector using seven heuristics generates a high number of false positives. To enhance the accuracy of our detection, I suggest extending the check to further confirm malicious behavior within the entire source code and highlight suspicious code blocks.

behnazh-w commented 1 month ago

This PR removes the heuristics that introduce too many FPs: https://github.com/oracle/macaron/pull/797

We should definitely improve and expand on the source-code analysis though.