test(python): verify detection inside custom functions (part of #9)

[sachin9058]

Adds a regression test to verify that cryptographic operations inside user-defined
functions are correctly detected during standard AST traversal.

Motivation

While investigating issue #9, this PR validates that detection inside same-file
wrapper functions is already supported by the current visitor-based analysis.

This helps clarify that the remaining gaps in #9 are primarily related to
cross-file resolution and linking, rather than intra-file traversal.

Changes

• Rename test to PycaMacDetectionInCustomFunctionTest for clarity
• Add negative test case to ensure non-cryptographic functions do not trigger findings
• Improve assertions and documentation for better readability and maintainability

Scope

• No changes to detection logic
• Improves test coverage and documents existing behavior

Example Covered

def custom_sign(key, data):
    algorithm = hashes.SHA256()
    hmac_obj = hmac.HMAC(key, algorithm)  # detected
    hmac_obj.update(data)
    return hmac_obj.finalize()

[sachin9058]

@n1ckl0sk0rtge

I investigated detection inside custom functions and found that intra-file traversal
is already handled by the current visitor pattern.

This PR adds a regression test to validate that behavior.

It seems the remaining challenges in #9 are primarily related to cross-file
resolution and linking of function calls.

[sachin9058]

@n1ckl0sk0rtge
I initially looked into implementing function-level resolution for this issue,
but during investigation I found that intra-file detection is already handled
by the current visitor-based traversal.

This PR adds a regression test to validate that behavior.

Given this, it seems the remaining challenges in #9 are primarily related to
cross-file resolution and linking of function calls, which is a broader
architectural concern.

I preferred to scope this contribution to validating existing behavior first
rather than introducing larger changes without full context.

[Copilot]

Pull request overview

This PR adds a regression test in the Python rule test suite to confirm that the existing visitor-based analysis correctly detects MAC/HMAC operations that occur inside same-file, user-defined wrapper functions (clarifying that remaining gaps in #9 are primarily about cross-file linking/resolution rather than intra-file traversal).

Changes:

• Adds a new JUnit test (PycaMacDetectionInCustomFunctionTest) that verifies detection output for an HMAC-SHA256 created inside a custom Python function.
• Adds a companion Python test file containing both a positive case (HMAC inside custom_sign) and a negative case (non_crypto_function) to ensure no extra findings are produced.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
python/src/test/java/com/ibm/plugin/rules/detection/mac/PycaMacDetectionInCustomFunctionTest.java	New unit test asserting the detected MAC context and translated node structure for HMAC-SHA256 when instantiated inside a custom function.
python/src/test/files/rules/detection/mac/PycaMacDetectionInCustomFunctionTestFile.py	New Python sample file providing the custom-function HMAC usage (expected finding) plus a non-crypto function (expected no finding).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.