fix #1940 #2311
fix #1940 #2311
Conversation
| findings['app_name'] = data.get('app_name', '') | ||
| findings['file_name'] = data.get('file_name', '') | ||
| findings['hash'] = data['md5'] | ||
|
|
||
|
|
||
| def get_secure_score(high, warn, sec): | ||
| loss_score = high * 10 + warn * 5 - sec * 2 | ||
| normalize_reverse = 2 / (1 + pow(math.e, loss_score / 30)) |
There was a problem hiding this comment.
I did a round of testing. I found that most apps with more than 4 high findings get a score of 0, which makes appscore comparison difficult. I was able to get around this by changing 30 to 70. What are your thoughts on that?
There was a problem hiding this comment.
can i have a look at your test code? I tried value of (high, warn, sec) with (11, 7, 0) and get score 1, with (12, 9, 1) and get score 0, with (5, 21, 0) and get score 1.
But it is indeed difficult to achieve high scores with the current setting,If you want most apps to generate higher scores,you can change 30 to a higher value
----- here is my test code
import math
def get_secure_score(high, warn, sec):
loss_score = high * 10 + warn * 5 - sec * 2
normalize_reverse = 2 / (1 + pow(math.e, loss_score / 30))
return int(min(normalize_reverse, 1) * 100)
def print_score(high, warn, sec):
print('%5d | %4d %4d %3d' % (get_secure_score(high, warn, sec), high, warn, sec))
print("score | high warn sec")
print_score(4, 2, 0)
print_score(5, 3, 1)
print_score(5, 21, 0)
print_score(7, 4, 0)
print_score(8, 5, 1)
print_score(10, 6, 1)
print_score(11, 7, 0)
print_score(12, 9, 1)
----- output
score | high warn sec
31 | 4 2 0
21 | 5 3 1
1 | 5 21 0
9 | 7 4 0
6 | 8 5 1
2 | 10 6 1
1 | 11 7 0
0 | 12 9 1
There was a problem hiding this comment.
Let me test this with some real apps and get back.
Describe the Pull Request
Checklist for PR
tox -e lint,testStaticAnalyzer/tests.py)Additional Comments (if any)