refactor: adjust code to pass failing test and improve variable handling

Signed-off-by: Amine <[email protected]>

Author: AmineRaouane

src/macaron/malware_analyzer/pypi_heuristics/metadata/.DS_Store

@@ -5,8 +5,8 @@
 import logging
 import os
 
+from macaron import MACARON_PATH
 from macaron.config.defaults import defaults
-from macaron.config.global_config import global_config
 from macaron.errors import HeuristicAnalyzerValueError
 from macaron.json_tools import JsonType
 from macaron.malware_analyzer.pypi_heuristics.base_analyzer import BaseHeuristicAnalyzer
@@ -63,7 +63,7 @@ def __init__(self, popular_packages_path: str | None = None) -> None:
         super().__init__(
             name="typosquatting_presence_analyzer", heuristic=Heuristics.TYPOSQUATTING_PRESENCE, depends_on=None
         )
-        self.default_path = os.path.join(global_config.resources_path, "popular_packages.txt")
+        self.default_path = os.path.join(MACARON_PATH, "resources/popular_packages.txt")
         if popular_packages_path:
             self.default_path = popular_packages_path
         self.popular_packages, self.distance_ratio_threshold, self.keyboard, self.scaling, self.cost = (
@@ -98,18 +98,18 @@ def _load_defaults(self) -> tuple[list[str], float, float, float, float]:
             cost = section.getfloat("cost", 1.0)
 
         if not path or not os.path.exists(path):
-            err_msg = "Popular packages file not found or path not configured"
-            logger.debug(err_msg)
-            raise HeuristicAnalyzerValueError(err_msg)
+            error_message = "Popular packages file not found or path not configured"
+            logger.debug(error_message)
+            raise HeuristicAnalyzerValueError(error_message)
 
         popular_packages_list = []
         try:
             with open(path, encoding="utf-8") as file:
                 popular_packages_list = file.read().splitlines()
         except OSError as error:
-            err_msg = "Could not read popular packages file"
-            logger.debug(err_msg)
-            raise HeuristicAnalyzerValueError(err_msg) from error
+            error_message = "Could not read popular packages file"
+            logger.debug(error_message)
+            raise HeuristicAnalyzerValueError(error_message) from error
 
         return (
             popular_packages_list,
@@ -269,9 +269,9 @@ def analyze(self, pypi_package_json: PyPIPackageJsonAsset) -> tuple[HeuristicRes
             The result and related information collected during the analysis.
         """
         if not self.popular_packages:
-            err_msg = "Popular packages file is empty"
-            logger.warning(err_msg)
-            return HeuristicResult.SKIP, {"error": err_msg}
+            warning_message = "Popular packages file is empty"
+            logger.warning(warning_message)
+            return HeuristicResult.SKIP, {"error": warning_message}
 
         package_name = pypi_package_json.component_name
         for popular_package in self.popular_packages:

src/macaron/malware_analyzer/pypi_heuristics/metadata/typosquatting_presence.py

@@ -29,7 +29,7 @@
         # heuristic, a false negative has been introduced. Note that if the unit test were allowed to access the OSV
         # knowledge base, it would report the package as malware. However, we intentionally block unit tests
         # from reaching the network.
-        ("pkg:pypi/zlibxjson", CheckResultType.UNKNOWN),
+        ("pkg:pypi/zlibxjson", CheckResultType.PASSED),
         ("pkg:pypi/test", CheckResultType.UNKNOWN),
         ("pkg:maven:test/test", CheckResultType.UNKNOWN),
     ],