Merge pull request #73 from turingsecure/72-wrong-calculations

72 wrong calculations

Author: Fubinator

README.md

@@ -1,6 +1,6 @@
 <h1 align="center">cvss.js by <a href="https://turingpoint.eu" target="_blank">turingpoint.</a></h1>
 <p>
-  <img alt="Version" src="https://img.shields.io/badge/version-1.4.4-blue.svg?cacheSeconds=2592000" />
+  <img alt="Version" src="https://img.shields.io/badge/version-1.4.5-blue.svg?cacheSeconds=2592000" />
   <a href="#" target="_blank">
     <img alt="License: MIT" src="https://img.shields.io/badge/License-MIT-yellow.svg" />
   </a>

dist/production.min.js

@@ -61,7 +61,7 @@ function getEnvironmentalScore(vector) {
   const scopeChanged = vectorObject.MS === "X" ? vectorObject.S === "C" : vectorObject.MS === "C";
   const modifiedISCBase = calculateISCModifiedBase(vectorObject);
   const modifiedExploitability = calculateModifiedExploitability(vectorObject, scopeChanged);
-  const modifiedISC = calculateISC(modifiedISCBase, scopeChanged, vector);
+  const modifiedISC = calculateModifiedISC(modifiedISCBase, scopeChanged, vector);
 
   if (modifiedISC <= 0) return 0;
 
@@ -93,6 +93,15 @@ function getEnvironmentalScore(vector) {
 }
 
 const calculateISC = function (iscBase, scopeChanged, vector) {
+  if (!scopeChanged) return 6.42 * iscBase;
+  if (util.getVersion(vector) === "3.0") {
+    return 7.52 * (iscBase - 0.029) - 3.25 * Math.pow(iscBase - 0.02, 15);
+  } else if (util.getVersion(vector) === "3.1") {
+    return 7.52 * (iscBase - 0.029) - 3.25 * Math.pow(iscBase - 0.02, 15);
+  }
+};
+
+const calculateModifiedISC = function (iscBase, scopeChanged, vector) {
   if (!scopeChanged) return 6.42 * iscBase;
   if (util.getVersion(vector) === "3.0") {
     return 7.52 * (iscBase - 0.029) - 3.25 * Math.pow(iscBase - 0.02, 15);

lib/score.js

@@ -35,20 +35,19 @@ function roundUpApprox(num, precision) {
 
 /**
  * @param {Number} num The number to round
- * 
+ *
  * @returns The rounded number
  */
-function roundUpExact(num){
-  const input = Math.round(num * 100000);
-  if (input % 10000 === 0) {
-    return input / 100000;
-  }
-  else {
-    return (Math.floor(input / 10000) +1) / 10; 
+function roundUpExact(num) {
+  const int_input = Math.round(num * 100000);
+
+  if (int_input % 10000 === 0) {
+    return int_input / 100000;
+  } else {
+    return (Math.floor(int_input / 10000) + 1) / 10;
   }
 }
 
-
 /**
  * Retrieves an object of vector's metrics
  *
@@ -67,7 +66,6 @@ function getVectorObject(vector) {
   return vectorObject;
 }
 
-
 /**
  * Returns a vector without undefined values
  *
@@ -248,18 +246,16 @@ function parseVectorObjectToString(obj) {
 
 /**
  * Retrives the version from the vector string
- * 
- * @return {String} returns the version number 
+ *
+ * @return {String} returns the version number
  */
-function getVersion(vector){
+function getVersion(vector) {
   const version = vector.split("/");
   if (version[0] === "CVSS:3.0") {
     return "3.0";
-  }
-  else if (version[0] === "CVSS:3.1") {
+  } else if (version[0] === "CVSS:3.1") {
     return "3.1";
-  }
-  else {
+  } else {
     return "Error";
   }
 }

lib/util.js

@@ -1,6 +1,6 @@
 {
   "name": "@turingpointde/cvss.js",
-  "version": "1.4.4",
+  "version": "1.4.5",
   "description": "A tiny library to work with cvss vectors",
   "scripts": {
     "build": "webpack",

package.json

@@ -16,6 +16,12 @@ describe("Score Tests", () => {
     const vector4 = CVSS("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N");
     expect(vector4.getScore()).toBe(8.2);
 
+    const vector6 = CVSS("CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
+
+    expect(vector6.getScore()).toBe(9.6);
+    expect(vector6.getTemporalScore()).toBe(9.6);
+    expect(vector6.getEnvironmentalScore()).toBe(9.7);
+
     const vector5 = CVSS({
       A: "N",
       AC: "L",