Spaces:

princemaxp
/

CySecGuardians

Sleeping

App Files Files Community

princemaxp commited on Jan 8

Commit

06e04c9

verified ·

1 Parent(s): b4bbffc

Create scoring_engine.py

Browse files

Files changed (1) hide show

scoring_engine.py +115 -0

scoring_engine.py ADDED Viewed

	@@ -0,0 +1,115 @@

+# scoring_engine.py
+def compute_final_score(
+    header_score,
+    body_score,
+    url_score,
+    attachment_score,
+    header_findings,
+    body_findings,
+    url_findings,
+    attachment_findings,
+    auth_results
+):
+    """
+    Returns:
+        final_score (0–100),
+        verdict (string),
+        reasoning (list of strings)
+    """
+    reasoning = []
+    score = 0
+    hf = " ".join(header_findings).lower()
+    bf = " ".join(body_findings).lower()
+    uf = " ".join(url_findings).lower()
+    af = " ".join(attachment_findings).lower()
+    auth = str(auth_results).lower()
+    # =========================
+    # 🚨 CRITICAL CORRELATIONS
+    # =========================
+    # 1️⃣ Malware attachment
+    if attachment_score >= 40:
+        score = max(score, 90)
+        reasoning.append("High-risk attachment detected")
+    # 2️⃣ Brand spoof + auth failure
+    if "brand" in hf and ("spf fail" in auth or "dkim fail" in auth):
+        score = max(score, 85)
+        reasoning.append("Brand spoofing combined with authentication failure")
+    # 3️⃣ URL phishing + credential language
+    if url_score >= 30 and any(k in bf for k in ["password", "login", "verify"]):
+        score = max(score, 80)
+        reasoning.append("Credential harvesting attempt detected")
+    # 4️⃣ BEC pattern
+    if (
+        "reply-to domain mismatch" in hf
+        and url_score == 0
+        and attachment_score == 0
+    ):
+        score = max(score, 75)
+        reasoning.append("Business Email Compromise pattern detected")
+    # =========================
+    # ⚠️ MEDIUM RISK CORRELATIONS
+    # =========================
+    # 5️⃣ New domain + urgency
+    if "very new" in hf and "urgent" in bf:
+        score = max(score, 65)
+        reasoning.append("New sender domain combined with urgency")
+    # 6️⃣ Auth soft fail + suspicious wording
+    if any(x in auth for x in ["softfail", "neutral"]) and body_score >= 30:
+        score = max(score, 60)
+        reasoning.append("Authentication weakness combined with suspicious content")
+    # =========================
+    # 🟢 LOW RISK / BENIGN
+    # =========================
+    if (
+        score == 0
+        and header_score < 10
+        and body_score < 20
+        and url_score == 0
+        and attachment_score == 0
+    ):
+        score = 5
+        reasoning.append("No meaningful threat signals detected")
+    # =========================
+    # 🎚 FALLBACK SCORE
+    # =========================
+    if score == 0:
+        score = min(
+            int(
+                header_score * 0.8
+                + body_score * 0.9
+                + url_score * 1.1
+                + attachment_score * 1.2
+            ),
+            100,
+        )
+        reasoning.append("Score derived from weighted indicators")
+    # =========================
+    # 🧾 VERDICT
+    # =========================
+    if score >= 80:
+        verdict = "🚨 Malicious"
+    elif score >= 60:
+        verdict = "⚠️ Suspicious"
+    elif score >= 30:
+        verdict = "📩 Spam"
+    else:
+        verdict = "✅ Safe"
+    return score, verdict, reasoning