feat(parser): rework scoring to include partial match and weight

nolliv22 · nolliv22 · commit d85bc0b2409f · 2025-11-21T16:16:07.000+01:00
Previously, **all** SAST tools must have found the same CWE or location
to count it. Now, if at least two SAST tools found the same CWE or
location, it will be counted.
Weight has been added to prioritize rarer matches.
diff --git a/codesectools/sasts/all/parser.py b/codesectools/sasts/all/parser.py
@@ -142,11 +142,15 @@ def stats_by_scores(self) -> dict:
         for defect_file, defects in defect_files.items():
             defects_cwes = {d.cwe for d in defects if d.cwe.id != -1}
 
-            cwes_found_by_all_sasts = 0
+            defects_same_cwe = 0
             for cwe in defects_cwes:
                 cwes_sasts = {d.sast for d in defects if d.cwe == cwe}
                 if set(self.sast_names) == cwes_sasts:
-                    cwes_found_by_all_sasts += 1
+                    defects_same_cwe += 1
+                else:
+                    defects_same_cwe += (
+                        len(set(self.sast_names) & cwes_sasts) - 1
+                    ) / len(self.sast_names)
 
             defect_locations = {}
             for defect in defects:
@@ -171,15 +175,23 @@ def stats_by_scores(self) -> dict:
                             self.sast_names
                         ):
                             defects_same_location_same_cwe += 1
+                        else:
+                            defects_same_location_same_cwe += (
+                                len(
+                                    set(defect.sast for defect in defects_)
+                                    & set(self.sast_names)
+                                )
+                                - 1
+                            ) / len(self.sast_names)
 
             stats[defect_file] = {
                 "score": {
                     "defect_number": len(defects),
-                    "unique_cwes_number": len(defects_cwes),
-                    "cwes_found_by_all_sasts": cwes_found_by_all_sasts,
-                    "defects_same_location": defects_same_location,
-                    "defects_same_location_same_cwe": defects_same_location_same_cwe,
-                }
+                    "defects_same_cwe": defects_same_cwe * 2,
+                    "defects_same_location": defects_same_location * 4,
+                    "defects_same_location_same_cwe": defects_same_location_same_cwe
+                    * 8,
+                },
             }
 
         return stats
