fix: temporary fix for heuristic dependency handling

art1f1c3R · art1f1c3R · commit da3a71aa7aa0 · 2025-08-07T13:40:38.000+10:00
diff --git a/src/macaron/slsa_analyzer/checks/detect_malicious_metadata_check.py b/src/macaron/slsa_analyzer/checks/detect_malicious_metadata_check.py
@@ -100,10 +100,14 @@ def _should_skip(
             Returns True if any result of the dependency heuristic does not match the expected result.
             Otherwise, returns False.
         """
+        mapped_h: dict[Heuristics, list[HeuristicResult]] = {}
         for heuristic, expected_result in depends_on:
-            dep_heuristic_result: HeuristicResult = results[heuristic]
-            if dep_heuristic_result is not expected_result:
-                return True
+            mapped_h.setdefault(heuristic, []).append(expected_result)
+
+            for heuristic, exp_results in mapped_h.items():
+                dep_heuristic_result = results.get(heuristic)
+                if dep_heuristic_result not in exp_results:
+                    return True
         return False
 
     def analyze_source(
