✨ internal: add blast radius computation (#1191)

Signed-off-by: Dominik Richter <[email protected]>

policy/cnspec_policy.proto

@@ -601,16 +601,28 @@ message ScoreDistribution {
 }
 
 message ScoreStats {
+  // Assets in the top groups of stats. For the total number of assets in the
+  // stats just add up all the categories.
   uint32 assets = 1;
+  // Critical findings
   uint32 critical = 3;
+  // High risk findings
   uint32 high = 4;
+  // Medium risk findings
   uint32 medium = 5;
+  // Low risks findings
   uint32 low = 6;
+  // Passing observations
   uint32 pass = 7;
+  // Unknown results
   uint32 unknown = 8;
+  // Error results
   uint32 error = 9;
+  // First time a failure was detected
   int64 first_failure_time = 10;
+  // Oldest scan in the set of assets observed
   int64 oldest_scan_time = 11;
+  // Newest scan in the set of assets observed
   int64 newest_scan_time = 12;
 }
 

policy/score_stats.go

@@ -0,0 +1,39 @@
+// Copyright (c) Mondoo, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package policy
+
+type BlastRadiusIndicator string
+
+const (
+	BlastRadius_Small  BlastRadiusIndicator = "s"
+	BlastRadius_Medium BlastRadiusIndicator = "m"
+	BlastRadius_Large  BlastRadiusIndicator = "l"
+)
+
+// BlastRadiusConfig for custom blast radius indicators
+type BlastRadiusConfig struct {
+	SmallPct          float32
+	MediumPct         float32
+	CategoryThreshold float32
+}
+
+// DefaultBlastRadiusConfig
+var DefaultBlastRadiusConfig = BlastRadiusConfig{
+	SmallPct:          0.05,
+	MediumPct:         0.20,
+	CategoryThreshold: 20,
+}
+
+// BlastRadius retrieves the blast radius indicator and assets in this category.
+// It requires a weight as input
+func (b *BlastRadiusConfig) Indicator(totalWeight float32, weight float32) BlastRadiusIndicator {
+	rel := weight / totalWeight
+	if rel < b.SmallPct {
+		return BlastRadius_Small
+	}
+	if rel < b.MediumPct {
+		return BlastRadius_Medium
+	}
+	return BlastRadius_Large
+}