Merge pull request #69 from turingsecure/68-environmental-score-fix

68 environmental score fix

Author: Fubinator

README.md

@@ -1,6 +1,6 @@
 <h1 align="center">cvss.js by <a href="https://turingpoint.eu" target="_blank">turingpoint.</a></h1>
 <p>
-  <img alt="Version" src="https://img.shields.io/badge/version-1.4.2-blue.svg?cacheSeconds=2592000" />
+  <img alt="Version" src="https://img.shields.io/badge/version-1.4.3-blue.svg?cacheSeconds=2592000" />
   <a href="#" target="_blank">
     <img alt="License: MIT" src="https://img.shields.io/badge/License-MIT-yellow.svg" />
   </a>

lib/score.js

@@ -58,7 +58,7 @@ const calculateISCBase = function (vectorObject) {
  */
 function getEnvironmentalScore(vector) {
   const vectorObject = util.getVectorObject(vector);
-  const scopeChanged = vectorObject.MS === "C";
+  const scopeChanged = vectorObject.MS === "X" ? vectorObject.S === "C" : vectorObject.MS === "C";
   const modifiedISCBase = calculateISCModifiedBase(vectorObject);
   const modifiedExploitability = calculateModifiedExploitability(vectorObject, scopeChanged);
   const modifiedISC = calculateISC(modifiedISCBase, scopeChanged, vector);
@@ -94,10 +94,9 @@ function getEnvironmentalScore(vector) {
 
 const calculateISC = function (iscBase, scopeChanged, vector) {
   if (!scopeChanged) return 6.42 * iscBase;
-  if (util.getVersion(vector) === "3.0"){
+  if (util.getVersion(vector) === "3.0") {
     return 7.52 * (iscBase - 0.029) - 3.25 * Math.pow(iscBase - 0.02, 15);
-  }
-  else if (util.getVersion(vector) === "3.1"){
+  } else if (util.getVersion(vector) === "3.1") {
     return 7.52 * (iscBase - 0.029) - 3.25 * Math.pow(iscBase * 0.9731 - 0.02, 13);
   }
 };
@@ -142,8 +141,7 @@ const calculateModifiedExploitability = function (vectorObject, scopeChanged) {
 
   if (!mavValue || mavValue.abbr === "X") mavValue = util.findMetricValue("AV", vectorObject);
   if (!macValue || macValue.abbr === "X") macValue = util.findMetricValue("AC", vectorObject);
-  if (!mprMetrics || mprMetrics.abbr === "X")
-    mprMetrics = util.findMetricValue("PR", vectorObject);
+  if (!mprMetrics || mprMetrics.abbr === "X") mprMetrics = util.findMetricValue("PR", vectorObject);
   if (!muiValue || muiValue.abbr === "X") muiValue = util.findMetricValue("UI", vectorObject);
 
   const mprValue = scopeChanged ? mprMetrics.numerical.changed : mprMetrics.numerical.unchanged;
@@ -153,18 +151,17 @@ const calculateModifiedExploitability = function (vectorObject, scopeChanged) {
 
 /**
  * Chooses the correct way to round numbers depending on the CVSS version number
- * 
+ *
  * @param {Number} num The number to round
  * @param {Number} precision The number of decimal places to preserve (only affects CVSS 3.0)
  * @param {String} vector The vector currently being parsed
- * 
+ *
  * @returns {num} The rounded number
  */
 function roundUp(num, precision, vector) {
-  if (util.getVersion(vector) === "3.0"){
+  if (util.getVersion(vector) === "3.0") {
     return util.roundUpApprox(num, precision);
-  }
-  else if (util.getVersion(vector) === "3.1") {
+  } else if (util.getVersion(vector) === "3.1") {
     return util.roundUpExact(num);
   }
 }
@@ -173,4 +170,4 @@ module.exports = {
   getScore,
   getTemporalScore,
   getEnvironmentalScore
-};
+};

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@turingpointde/cvss.js",
-  "version": "1.4.2",
+  "version": "1.4.3",
   "description": "A tiny library to work with cvss vectors",
   "scripts": {
     "build": "webpack",

test/cvss.spec.js

@@ -111,11 +111,16 @@ describe("Environmental score tests", () => {
       "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L/CR:H/IR:H/MS:C/MC:H/MI:H/MA:H"
     );
     expect(vector6.getEnvironmentalScore()).toBe(8.0);
-    
+
     const vector7 = CVSS(
       "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L/CR:H/IR:H/MS:C/MC:H/MI:H/MA:H"
     );
     expect(vector7.getEnvironmentalScore()).toBe(8.1);
+
+    const vector8 = CVSS(
+      "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X"
+    );
+    expect(vector8.getEnvironmentalScore()).toBe(6.5);
   });
 
   it("Should return base score when all environmental metrics are not defined", () => {
@@ -169,15 +174,16 @@ describe("Rating Tests", () => {
   });
 
   it("Should be able to discern individual ratings (base, temp, env) even if these don't match", () => {
-    const vector = CVSS("CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:U/CR:H/IR:H/AR:H/MAV:N/MAC:L/MPR:N/MUI:N/MS:U/MC:H/MI:H/MA:H");
+    const vector = CVSS(
+      "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:U/CR:H/IR:H/AR:H/MAV:N/MAC:L/MPR:N/MUI:N/MS:U/MC:H/MI:H/MA:H"
+    );
     expect(vector.getScore()).toBe(4.3);
     expect(vector.getRating()).toBe("Medium");
     expect(vector.getTemporalScore()).toBe(3.5);
     expect(vector.getTemporalRating()).toBe("Low");
     expect(vector.getEnvironmentalScore()).toBe(7.8);
     expect(vector.getEnvironmentalRating()).toBe("High");
   });
-
 });
 
 describe("Vector Object Tests", () => {
@@ -509,13 +515,20 @@ describe("Create vector from object", () => {
 
 describe("Clean Vector String Test", () => {
   it("Should return the clean vector as string", () => {
-    expect(CVSS("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:P/RL:W/RC:X/CR:X/IR:X/AR:M/MAV:A/MAC:X/MPR:X/MUI:N/MS:X/MC:X/MI:X/MA:X").getCleanVectorString())
-      .toBe("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:P/RL:W/AR:M/MAV:A/MUI:N");
-
-    expect(CVSS("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N/E:X/RL:X/RC:X").getCleanVectorString())
-      .toBe("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N");
-
-    expect(CVSS("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X").getCleanVectorString())
-      .toBe("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N");
+    expect(
+      CVSS(
+        "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:P/RL:W/RC:X/CR:X/IR:X/AR:M/MAV:A/MAC:X/MPR:X/MUI:N/MS:X/MC:X/MI:X/MA:X"
+      ).getCleanVectorString()
+    ).toBe("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:P/RL:W/AR:M/MAV:A/MUI:N");
+
+    expect(
+      CVSS("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N/E:X/RL:X/RC:X").getCleanVectorString()
+    ).toBe("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N");
+
+    expect(
+      CVSS(
+        "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X"
+      ).getCleanVectorString()
+    ).toBe("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N");
   });
-});
+});