Summary of What Needs to be Done:
backend/secuscan/risk_scoring.py contains pure helper functions for computing risk scores from scan findings. Functions include _severity_score (maps severity string to numeric), _recency_score (computes time-decay factor), _confidence_score (normalizes confidence), _clamp (bounds a value), compute_risk_score (top-level scorer), and compute_risk_factors (returns detailed factor breakdown). These have no unit test coverage.
Changes that Need to be Made:
- Add testing/backend/unit/test_risk_scoring.py
- Import and test the real production functions from backend.secuscan.risk_scoring
- Test _severity_score: known severities (critical, high, medium, low, info), unknown severity defaults
- Test _recency_score: recent vs old findings, None discovered_at
- Test _confidence_score: valid 0-1 range, None, out-of-range values
- Test _clamp: value below lo, above hi, within range
- Test compute_risk_score: various combinations of severity/confidence/recency
- Test compute_risk_factors: returns expected keys in the factor dict
Impact that it would Provide:
- Documents the risk scoring formula and expected behavior
- Prevents silent scoring changes during refactors
- Enables data-driven tuning of the scoring weights
Note: This task is being handled by tmdeveloper007 — please assign to that account when picking it up.
Summary of What Needs to be Done:
backend/secuscan/risk_scoring.py contains pure helper functions for computing risk scores from scan findings. Functions include _severity_score (maps severity string to numeric), _recency_score (computes time-decay factor), _confidence_score (normalizes confidence), _clamp (bounds a value), compute_risk_score (top-level scorer), and compute_risk_factors (returns detailed factor breakdown). These have no unit test coverage.
Changes that Need to be Made:
Impact that it would Provide:
Note: This task is being handled by tmdeveloper007 — please assign to that account when picking it up.