refractor and some feature, category added

Author: viveksahu26

pkg/scorer/v2/engine.go

@@ -18,6 +18,7 @@ import (
 	"context"
 	"fmt"
 	"os"
+	"strings"
 
 	"github.com/interlynk-io/sbomqs/pkg/logger"
 	"github.com/interlynk-io/sbomqs/pkg/sbom"
@@ -94,13 +95,13 @@ func ScoreSBOM(ctx context.Context, config Config, paths []string) ([]Result, er
 				return nil, fmt.Errorf("get signature for %q: %w", path, err)
 			}
 
-			res, err := SBOMEvaluation(ctx, file, signature, config, path)
+			result, err := SBOMEvaluation(ctx, file, signature, config, path)
 			if err != nil {
 				log.Warnf("failed to process SBOM %s: %v", path, err)
 				return nil, fmt.Errorf("process SBOM %q: %w", path, err)
 			}
 
-			results = append(results, res)
+			results = append(results, result)
 			anyProcessed = true
 		}
 	}
@@ -155,3 +156,233 @@ func processURLInput(ctx context.Context, url string, config Config) (*os.File,
 
 	return tmpFile, sig, nil
 }
+
+func SBOMEvaluation(ctx context.Context, file *os.File, sig sbom.Signature, config Config, path string) (Result, error) {
+	// Parse the SBOM
+	doc, err := sbom.NewSBOMDocument(ctx, file, sig)
+	if err != nil {
+		return Result{}, fmt.Errorf("parse error: %w", err)
+	}
+
+	// Extract metadata for the final report
+	meta := extractMeta(doc, path)
+
+	// Select categories to score
+	categoriesToScore, err := selectCategoriesToScore(config)
+	if err != nil {
+		return Result{}, err
+	}
+
+	// Score doc against (categories + their features)
+	categoriesResults := ScoreAgainstCategories(doc, categoriesToScore)
+
+	// Now update score category weights
+	var categoryWeight float64
+	var sumOfScoreWithCategoryWeightage float64
+
+	for _, catResult := range categoriesResults {
+		categoryWeight += catResult.Weight
+		sumOfScoreWithCategoryWeightage += catResult.Score * catResult.Weight
+	}
+
+	overallScore := 0.0
+	if categoryWeight > 0 {
+		overallScore = sumOfScoreWithCategoryWeightage / categoryWeight
+	}
+
+	return Result{
+		Filename:       path,
+		NumComponents:  meta.NumComponents,
+		CreationTime:   meta.CreationTime,
+		InterlynkScore: overallScore,
+		Grade:          toGrade(overallScore),
+		Spec:           meta.Spec,
+		SpecVersion:    meta.SpecVersion,
+		FileFormat:     meta.FileFormat,
+		Categories:     categoriesResults,
+	}, nil
+}
+
+// Best-effort meta extraction (unchanged)
+func extractMeta(doc sbom.Document, fileName string) interlynkMeta {
+	return interlynkMeta{
+		Filename:      fileName,
+		NumComponents: len(doc.Components()),
+		CreationTime:  doc.Spec().GetCreationTimestamp(),
+		Spec:          doc.Spec().GetName(),
+		SpecVersion:   doc.Spec().GetVersion(),
+		FileFormat:    doc.Spec().FileFormat(),
+	}
+}
+
+// selectCategoriesToScore returns the exact list of categories we’ll score.
+func selectCategoriesToScore(cfg Config) ([]CategorySpec, error) {
+	cats := baseCategories() // Identification, Provenance (with their feature specs)
+
+	// filters (by category name and/or feature key).
+	cats = filterCategories(cats, cfg)
+
+	if len(cats) == 0 {
+		return nil, fmt.Errorf("no categories to score after applying filters (check config)")
+	}
+
+	// Also prune categories that lost all features due to feature-level filters.
+	pruned := make([]CategorySpec, 0, len(cats))
+	for _, c := range cats {
+		if len(c.Features) > 0 {
+			pruned = append(pruned, c)
+		}
+	}
+	if len(pruned) == 0 {
+		return nil, fmt.Errorf("no features to score after applying filters (check config)")
+	}
+	return pruned, nil
+}
+
+func baseCategories() []CategorySpec {
+	return []CategorySpec{
+		Identification,
+		Provenance,
+		Integrity,
+		Completeness,
+		// LicensingAndCompliance
+		// VulnerabilityAndTraceability
+		// Structural
+		// Component Quality
+	}
+}
+
+// Grade mapping per spec (A: 9–10, B: 8–8.9, C: 7–7.9, D: 5–6.9, F: <5)
+func toGrade(v float64) string {
+	switch {
+	case v >= 9.0:
+		return "A"
+	case v >= 8.0:
+		return "B"
+	case v >= 7.0:
+		return "C"
+	case v >= 5.0:
+		return "D"
+	default:
+		return "F"
+	}
+}
+
+// Rules (simple and explicit):
+// - If no filters are provided, return the input as-is.
+// - If Categories are provided: keep only those categories (by name).
+// - If Features are provided: within the kept categories, keep only those features (by key).
+// - If both are provided: intersection semantics (category must match, and only listed features remain).
+// - Categories that end up with zero features after filtering are dropped.
+// - Order is preserved.
+func filterCategories(cats []CategorySpec, cfg Config) []CategorySpec {
+	if len(cfg.Categories) == 0 && len(cfg.Features) == 0 {
+		return cats
+	}
+
+	// Normalize filters once (trim + lowercase) and put them in sets for O(1) lookups.
+	toSet := func(ss []string) map[string]struct{} {
+		if len(ss) == 0 {
+			return nil
+		}
+		m := make(map[string]struct{}, len(ss))
+		for _, s := range ss {
+			k := strings.ToLower(strings.TrimSpace(s))
+			if k != "" {
+				m[k] = struct{}{}
+			}
+		}
+		return m
+	}
+	catAllow := toSet(cfg.Categories)
+	featAllow := toSet(cfg.Features)
+
+	wantCats := len(catAllow) > 0
+	wantFeats := len(featAllow) > 0
+
+	out := make([]CategorySpec, 0, len(cats))
+
+	for _, cat := range cats {
+		// Category filter (if any)
+		if wantCats {
+			if _, ok := catAllow[strings.ToLower(cat.Name)]; !ok {
+				continue
+			}
+		}
+
+		// If no feature filter, keep category as-is.
+		if !wantFeats {
+			out = append(out, cat)
+			continue
+		}
+
+		// Otherwise, keep only requested features inside this category.
+		filtered := make([]FeatureSpec, 0, len(cat.Features))
+		for _, feat := range cat.Features {
+			if _, ok := featAllow[strings.ToLower(feat.Key)]; ok {
+				filtered = append(filtered, feat)
+			}
+		}
+		// Drop category if nothing remains after feature filtering.
+		if len(filtered) == 0 {
+			continue
+		}
+
+		// Append a copy of the category with its filtered feature list.
+		cat.Features = filtered
+		out = append(out, cat)
+	}
+
+	return out
+}
+
+func EvaluateFeature(doc sbom.Document, feature FeatureSpec) FeatureResult {
+	featureResult := feature.Evaluate(doc)
+
+	return FeatureResult{
+		Key:     feature.Key,
+		Weight:  feature.Weight,
+		Score:   featureResult.Score,
+		Desc:    featureResult.Desc,
+		Ignored: featureResult.Ignore,
+	}
+}
+
+// ScoreAgainstCategories checks SBOM against all defined categories
+func ScoreAgainstCategories(doc sbom.Document, categories []CategorySpec) []CategoryResult {
+	categoryResults := make([]CategoryResult, 0, len(categories))
+	for _, cs := range categories {
+		categoryResults = append(categoryResults, EvaluateCategory(doc, cs))
+	}
+	return categoryResults
+}
+
+// Evaluate a category (feature-weighted average, ignoring N/A).
+func EvaluateCategory(doc sbom.Document, category CategorySpec) CategoryResult {
+	categoryWiseResult := CategoryResult{
+		Name:   category.Name,
+		Weight: category.Weight,
+	}
+
+	var featureWeight float64             // feature weights actually used
+	var scoreWithFeatureWeightage float64 // feature-weighted score sum
+
+	for _, feature := range category.Features {
+		featureResult := EvaluateFeature(doc, feature)
+		categoryWiseResult.Features = append(categoryWiseResult.Features, featureResult)
+
+		if featureResult.Ignored {
+			continue
+		}
+
+		featureWeight += featureResult.Weight
+		scoreWithFeatureWeightage += featureResult.Score * featureResult.Weight
+	}
+
+	if featureWeight > 0 {
+		categoryWiseResult.Score = scoreWithFeatureWeightage / featureWeight
+	} else {
+		categoryWiseResult.Score = 0
+	}
+	return categoryWiseResult
+}