feat(core): add alert-type humanizer and override-map plumbing

flowstate · flowstate · commit e31ab9bec0ec · 2026-05-29T14:01:13.000-07:00
diff --git a/socketsecurity/core/__init__.py b/socketsecurity/core/__init__.py
@@ -1,5 +1,6 @@
 import logging
 import os
+import re
 import sys
 import tarfile
 import tempfile
@@ -44,6 +45,26 @@
 version = __version__
 log = logging.getLogger("socketdev")
 
+_ALERT_TYPE_TITLE_OVERRIDES = {
+    "gptDidYouMean": "Possible typosquat attack (GPT)",
+}
+
+_HUMANIZE_BOUNDARY = re.compile(r"(?<=[a-z0-9])(?=[A-Z])|(?<=[A-Z])(?=[A-Z][a-z])")
+
+
+def _humanize_alert_type(alert_type: str) -> str:
+    """Convert a camelCase/PascalCase alert type into a Title-Cased label.
+
+    Used as a last-resort fallback when the SDK does not have metadata for an
+    alert type and there is no explicit override. Adjacent capitals are kept
+    together so acronyms like 'SQL' survive ('SQLInjection' -> 'SQL Injection').
+    """
+    if not alert_type:
+        return ""
+    parts = _HUMANIZE_BOUNDARY.split(alert_type)
+    return " ".join(part[:1].upper() + part[1:] for part in parts if part)
+
+
 class Core:
     """Main class for interacting with Socket Security API and processing scan results."""
 
diff --git a/tests/core/test_package_and_alerts.py b/tests/core/test_package_and_alerts.py
@@ -322,3 +322,27 @@ def test_get_license_text_via_purl_uses_org_scoped_endpoint(self, core, mock_sdk
         )
         assert result["npm/lodash@4.18.1"].licenseAttrib == [{"name": "MIT"}]
         assert result["npm/lodash@4.18.1"].licenseDetails == [{"license": "MIT"}]
+
+
+class TestHumanizeAlertType:
+    def test_humanizes_camel_case(self):
+        from socketsecurity.core import _humanize_alert_type
+        assert _humanize_alert_type("gptDidYouMean") == "Gpt Did You Mean"
+
+    def test_humanizes_single_word(self):
+        from socketsecurity.core import _humanize_alert_type
+        assert _humanize_alert_type("malware") == "Malware"
+
+    def test_humanizes_pascal_case(self):
+        from socketsecurity.core import _humanize_alert_type
+        assert _humanize_alert_type("UnsafeShellAccess") == "Unsafe Shell Access"
+
+    def test_empty_input_returns_empty_string(self):
+        from socketsecurity.core import _humanize_alert_type
+        assert _humanize_alert_type("") == ""
+
+    def test_handles_acronyms_conservatively(self):
+        """Adjacent capitals are kept together: SQLInjection -> 'SQL Injection'."""
+        from socketsecurity.core import _humanize_alert_type
+        assert _humanize_alert_type("SQLInjection") == "SQL Injection"
+
