From b3736925772108bc07caff8bacb5700a7d83ba23 Mon Sep 17 00:00:00 2001
From: vinland100 <wuyanbo5210@qq.com>
Date: Mon, 12 Jan 2026 14:04:12 +0800
Subject: [PATCH] Fix capitalization issues and handle cases where the answer
 is "none".

---
 backend/app/api/v1/endpoints/agent_tasks.py   | 19 ++++++++++++++++---
 .../app/services/agent/agents/orchestrator.py |  5 +++++
 2 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/backend/app/api/v1/endpoints/agent_tasks.py b/backend/app/api/v1/endpoints/agent_tasks.py
index 5fbf5d3..d56ddc0 100644
--- a/backend/app/api/v1/endpoints/agent_tasks.py
+++ b/backend/app/api/v1/endpoints/agent_tasks.py
@@ -1352,7 +1352,17 @@ async def _save_findings(
 
 
 def _calculate_security_score(findings: List[Dict]) -> float:
-    """计算安全评分"""
+    """计算安全评分
+    
+    评分逻辑：从 100 分开始，根据漏洞严重程度扣分
+    - Critical: -25分
+    - High: -15分
+    - Medium: -8分
+    - Low: -3分
+    - Info: -1分
+    
+    🔥 FIX: 确保 severity 转换为小写后再匹配 deductions 字典
+    """
     if not findings:
         return 100.0
 
@@ -1368,8 +1378,11 @@ def _calculate_security_score(findings: List[Dict]) -> float:
     total_deduction = 0
     for f in findings:
         if isinstance(f, dict):
-            sev = f.get("severity", "low")
-            total_deduction += deductions.get(sev, 3)
+            # 🔥 FIX: 将 severity 转换为小写，确保能正确匹配 deductions 字典
+            raw_sev = f.get("severity") or f.get("risk") or "low"
+            sev = str(raw_sev).lower().strip()
+            deduction = deductions.get(sev, 3)  # 默认使用 low 的扣分
+            total_deduction += deduction
 
     score = max(0, 100 - total_deduction)
     return float(score)
diff --git a/backend/app/services/agent/agents/orchestrator.py b/backend/app/services/agent/agents/orchestrator.py
index 1e3c8c1..02677db 100644
--- a/backend/app/services/agent/agents/orchestrator.py
+++ b/backend/app/services/agent/agents/orchestrator.py
@@ -912,6 +912,11 @@ Action Input: {{"参数": "值"}}
                     for new_f in valid_findings:
                         # Normalize the finding first
                         normalized_new = self._normalize_finding(new_f)
+                        
+                        # 🔥 FIX: Skip if normalization returned None (e.g., file path validation failed)
+                        if normalized_new is None:
+                            logger.debug(f"[Orchestrator] Skipping invalid finding: {new_f.get('title', 'N/A')[:50]}")
+                            continue
 
                         # Create fingerprint for deduplication (file + description similarity)
                         new_file = normalized_new.get("file_path", "").lower().strip()