CySecGuardians / scoring_engine.py
princemaxp's picture
Update scoring_engine.py
07d9eff verified
# scoring_engine.py
def compute_final_score(
*,
header_score: int,
body_score: int,
url_score: int,
attachment_score: int,
behavior_score: int,
behavior_attack: str,
header_findings: list,
body_findings: list,
url_findings: list,
attachment_findings: list,
auth_results: dict,
):
reasoning = []
# -------------------------
# NORMALIZE INPUTS (πŸ”₯ FIX)
# -------------------------
attack = (behavior_attack or "").strip().lower()
# -------------------------
# πŸ”₯ HARD BEHAVIOR OVERRIDE
# -------------------------
if attack == "sextortion":
reasoning.append("Sextortion behavior detected β†’ authoritative override")
reasoning.append("Behavioral confidence supersedes heuristics")
return 90, "🚨 Malicious", reasoning
# -------------------------
# BASE WEIGHTED SCORE
# -------------------------
final_score = (
header_score * 0.20 +
body_score * 0.25 +
behavior_score * 0.30 +
url_score * 0.15 +
attachment_score * 0.10
)
reasoning.append(f"Header contribution: {header_score * 0.20:.1f}")
reasoning.append(f"Body contribution: {body_score * 0.25:.1f}")
reasoning.append(f"Behavior contribution: {behavior_score * 0.30:.1f}")
reasoning.append(f"URL contribution: {url_score * 0.15:.1f}")
reasoning.append(f"Attachment contribution: {attachment_score * 0.10:.1f}")
# -------------------------
# AUTHENTICATION BOOST
# -------------------------
if auth_results.get("dmarc") == "fail":
final_score += 10
reasoning.append("DMARC failed β†’ +10")
if auth_results.get("spf") == "fail":
final_score += 5
reasoning.append("SPF failed β†’ +5")
final_score = min(int(final_score), 100)
# -------------------------
# VERDICT
# -------------------------
if final_score >= 70:
verdict = "🚨 Malicious"
elif final_score >= 40:
verdict = "⚠️ Suspicious"
else:
verdict = "βœ… Safe"
return final_score, verdict, reasoning