# scoring_engine.py def compute_final_score( *, header_score: int, body_score: int, url_score: int, attachment_score: int, behavior_score: int, behavior_attack: str, header_findings: list, body_findings: list, url_findings: list, attachment_findings: list, auth_results: dict, ): reasoning = [] # ------------------------- # NORMALIZE INPUTS (🔥 FIX) # ------------------------- attack = (behavior_attack or "").strip().lower() # ------------------------- # 🔥 HARD BEHAVIOR OVERRIDE # ------------------------- if attack == "sextortion": reasoning.append("Sextortion behavior detected → authoritative override") reasoning.append("Behavioral confidence supersedes heuristics") return 90, "🚨 Malicious", reasoning # ------------------------- # BASE WEIGHTED SCORE # ------------------------- final_score = ( header_score * 0.20 + body_score * 0.25 + behavior_score * 0.30 + url_score * 0.15 + attachment_score * 0.10 ) reasoning.append(f"Header contribution: {header_score * 0.20:.1f}") reasoning.append(f"Body contribution: {body_score * 0.25:.1f}") reasoning.append(f"Behavior contribution: {behavior_score * 0.30:.1f}") reasoning.append(f"URL contribution: {url_score * 0.15:.1f}") reasoning.append(f"Attachment contribution: {attachment_score * 0.10:.1f}") # ------------------------- # AUTHENTICATION BOOST # ------------------------- if auth_results.get("dmarc") == "fail": final_score += 10 reasoning.append("DMARC failed → +10") if auth_results.get("spf") == "fail": final_score += 5 reasoning.append("SPF failed → +5") final_score = min(int(final_score), 100) # ------------------------- # VERDICT # ------------------------- if final_score >= 70: verdict = "🚨 Malicious" elif final_score >= 40: verdict = "⚠️ Suspicious" else: verdict = "✅ Safe" return final_score, verdict, reasoning