fix score calculation for framework with all controls in status irrelevant

Signed-off-by: Amir Malka <[email protected]>

Author: amirmalka

score/score.go

@@ -246,6 +246,20 @@ func (su *ScoreUtil) ControlScore(ctrlReport *reporthandling.ControlReport, _ /*
 
 }
 
+// allControlsInFrameworkIrrelevant returns true if all controls in a framework were irrelevant (0 resources were checked across all controls).
+func (su *ScoreUtil) allControlsInFrameworkIrrelevant(ctrls *reportsummary.ControlSummaries) bool {
+	for ctrlID := range *ctrls {
+		ctrl := (*ctrls)[ctrlID]
+		if ctrl.ListResourcesIDs(nil).Len() != 0 {
+			return false
+		}
+		if ctrl.GetSubStatus() != apis.SubStatusIrrelevant {
+			return false
+		}
+	}
+	return true
+}
+
 // CalculatePostureReportV2 calculates controls by framework score.
 func (su *ScoreUtil) CalculatePostureReportV2(report *v2.PostureReport) error {
 	for i := range report.SummaryDetails.Frameworks {
@@ -254,6 +268,15 @@ func (su *ScoreUtil) CalculatePostureReportV2(report *v2.PostureReport) error {
 		fwUnormalizedScore, wcsFwork := su.ControlsSummariesScore(&report.SummaryDetails.Frameworks[i].Controls, report.SummaryDetails.Frameworks[i].GetName())
 
 		if wcsFwork == 0 { // NOTE(fred): since this is a float32, perhaps we should use a tolerance here
+
+			// if all controls in framework are irrelevant, set framework score to 100
+			// except for empty frameworks (first check)
+			if len(report.SummaryDetails.Frameworks[i].Controls) > 0 && su.allControlsInFrameworkIrrelevant(&report.SummaryDetails.Frameworks[i].Controls) {
+				report.SummaryDetails.Frameworks[i].Score = 100
+				su.debugf("all controls in frameware are irrelevant - framework %s score %v", report.SummaryDetails.Frameworks[i].GetName(), report.SummaryDetails.Frameworks[i].GetScore())
+				continue
+			}
+
 			report.SummaryDetails.Frameworks[i].Score = 0
 
 			return fmt.Errorf(

score/score_test.go

@@ -360,11 +360,12 @@ func TestCalculatePostureReportV2(t *testing.T) {
 		const (
 			expectedForFramework1 = float32(62.577965)
 			expectedForFramework2 = float32(46.42857)
+			expectedForFramework3 = float32(100)
 			expectedSummary       = float32(51.280453)
 		)
 
 		t.Run("assert control scores", func(t *testing.T) {
-			require.Len(t, report.SummaryDetails.Controls, 4)
+			require.Len(t, report.SummaryDetails.Controls, 5)
 			for _, control := range report.SummaryDetails.Controls {
 				var expectedForControl float64
 
@@ -377,6 +378,8 @@ func TestCalculatePostureReportV2(t *testing.T) {
 					expectedForControl = 66.666664
 				case "control-4":
 					expectedForControl = 0 // passed
+				case "control-5":
+					expectedForControl = 0 // passed
 				}
 
 				assert.InDeltaf(t, expectedForControl, control.Score, 1e-6,
@@ -392,6 +395,9 @@ func TestCalculatePostureReportV2(t *testing.T) {
 			assert.InDeltaf(t, expectedForFramework2, report.SummaryDetails.Frameworks[1].Score, 1e-6,
 				"unexpected summarized score for framework[1]",
 			)
+			assert.InDeltaf(t, expectedForFramework3, report.SummaryDetails.Frameworks[2].Score, 1e-6,
+				"unexpected summarized score for framework[2]",
+			)
 		})
 
 		t.Run("assert final score", func(t *testing.T) {
@@ -594,6 +600,25 @@ func mockPostureReportV2(t testing.TB) (map[string]workloadinterface.IMetadata,
 						},
 					},
 				},
+				{
+					// expected score: 100%
+					Name: "mock-fw-summary-3",
+					Controls: reportsummary.ControlSummaries{
+						// 0 failed resources
+						// All resources passed (control is irrelevant)
+						// expected control score: 100%
+						"summary-1": reportsummary.ControlSummary{
+							Name:        "mock-control-5",
+							ControlID:   "control-5",
+							ResourceIDs: helpers.AllLists{},
+							ScoreFactor: 7.00,
+							StatusInfo: apis.StatusInfo{
+								InnerStatus: apis.StatusPassed,
+								SubStatus:   apis.SubStatusIrrelevant,
+							},
+						},
+					},
+				},
 			},
 		},
 		Results:   []resourcesresults.Result{},
@@ -957,13 +982,15 @@ func TestSetPostureReportComplianceScores(t *testing.T) {
 		const (
 			expectedScoreFramework1           = float32(62.577965)
 			expectedScoreFramework2           = float32(46.42857)
+			expectedScoreFramework3           = float32(100)
 			expectedComplianceScoreFramework1 = float32(66.66667)
 			expectedComplianceScoreFramework2 = float32(75)
-			expectedSummary                   = float32(70.833336)
+			expectedComplianceScoreFramework3 = float32(100)
+			expectedSummary                   = float32(76.66667)
 		)
 
 		t.Run("assert control scores", func(t *testing.T) {
-			require.Len(t, report.SummaryDetails.Controls, 4)
+			require.Len(t, report.SummaryDetails.Controls, 5)
 			for _, control := range report.SummaryDetails.Controls {
 				var expectedComplianceScore float64
 				var expectedScore float64
@@ -981,6 +1008,9 @@ func TestSetPostureReportComplianceScores(t *testing.T) {
 				case "control-4":
 					expectedComplianceScore = 100 // passed
 					expectedScore = 0
+				case "control-5":
+					expectedComplianceScore = 100 // passed
+					expectedScore = 0
 				}
 
 				assert.InDeltaf(t, expectedComplianceScore, *control.ComplianceScore, 1e-6,
@@ -1000,6 +1030,9 @@ func TestSetPostureReportComplianceScores(t *testing.T) {
 			assert.InDeltaf(t, expectedScoreFramework2, report.SummaryDetails.Frameworks[1].Score, 1e-6,
 				"unexpected summarized score for framework[1]",
 			)
+			assert.InDeltaf(t, expectedScoreFramework3, report.SummaryDetails.Frameworks[2].Score, 1e-6,
+				"unexpected summarized score for framework[2]",
+			)
 		})
 
 		t.Run("assert framework compliance scores", func(t *testing.T) {
@@ -1009,6 +1042,9 @@ func TestSetPostureReportComplianceScores(t *testing.T) {
 			assert.InDeltaf(t, expectedComplianceScoreFramework2, report.SummaryDetails.Frameworks[1].ComplianceScore, 1e-6,
 				"unexpected summarized compliance score for framework[1]",
 			)
+			assert.InDeltaf(t, expectedComplianceScoreFramework3, report.SummaryDetails.Frameworks[2].ComplianceScore, 1e-6,
+				"unexpected summarized compliance score for framework[2]",
+			)
 		})
 
 		t.Run("assert final score", func(t *testing.T) {