fix MobSF#1940

john.guo · john.guo · commit 7e5f42c633cc · 2023-12-19T23:05:16.000+08:00
diff --git a/mobsf/StaticAnalyzer/views/common/appsec.py b/mobsf/StaticAnalyzer/views/common/appsec.py
@@ -5,6 +5,7 @@
 AppSec Dashboard
 """
 import logging
+import math
 
 from django.shortcuts import render
 
@@ -179,19 +180,18 @@ def common_fields(findings, data):
     high = len(findings.get('high'))
     warn = len(findings.get('warning'))
     sec = len(findings.get('secure'))
-    total = high + warn + sec
-    score = 0
-    if total > 0:
-        score = int(100 - (
-            ((high * 1) + (warn * .5) - (sec * .2)) / total) * 100)
-    if score > 100:
-        score = 100
-    findings['security_score'] = score
+    findings['security_score'] = get_secure_score(high, warn, sec)
     findings['app_name'] = data.get('app_name', '')
     findings['file_name'] = data.get('file_name', '')
     findings['hash'] = data['md5']
 
 
+def get_secure_score(high, warn, sec):
+    loss_score = high * 10 + warn * 5  - sec * 2
+    normalize_reverse = 2 / (1 + pow(math.e, loss_score / 30))
+    return int(min(normalize_reverse, 1) * 100)
+
+
 def get_android_dashboard(context, from_ctx=False):
     """Get Android AppSec Dashboard."""
     findings = {
