From 860c06d3c4d9d2809fb6b53934a8be0ae3bc2a18 Mon Sep 17 00:00:00 2001
From: Spiegel <spiegel.im.spiegel@gmail.com>
Date: Sat, 4 Feb 2023 16:50:07 +0900
Subject: [PATCH 1/2] Adjusted calculation error of CVSSv2 Base score (issue
 #33)

---
 v2/metric/base.go          |  4 ++--
 v2/metric/environmental.go |  2 +-
 v2/metric/metric_test.go   | 31 +++++++++++++++++++------------
 v2/metric/misc.go          |  4 ++++
 4 files changed, 26 insertions(+), 15 deletions(-)

diff --git a/v2/metric/base.go b/v2/metric/base.go
index 73008b3..4c69614 100644
--- a/v2/metric/base.go
+++ b/v2/metric/base.go
@@ -168,7 +168,7 @@ func (m *Base) Score() float64 {
 	if err := m.GetError(); err != nil {
 		return 0
 	}
-	impact := 10.41 * (1 - (1-m.C.Value())*(1-m.I.Value())*(1-m.A.Value()))
+	impact := roundTo4Decimal(10.41 * (1 - (1-m.C.Value())*(1-m.I.Value())*(1-m.A.Value())))
 	return m.score(impact)
 }
 
@@ -176,7 +176,7 @@ func (m *Base) score(impact float64) float64 {
 	if err := m.GetError(); err != nil {
 		return 0
 	}
-	exploitability := 20 * m.AV.Value() * m.AC.Value() * m.Au.Value()
+	exploitability := roundTo4Decimal(20 * m.AV.Value() * m.AC.Value() * m.Au.Value())
 	fimpact := 1.176
 	if impact == 0 {
 		fimpact = 0
diff --git a/v2/metric/environmental.go b/v2/metric/environmental.go
index 8ab0553..43f4447 100644
--- a/v2/metric/environmental.go
+++ b/v2/metric/environmental.go
@@ -183,7 +183,7 @@ func (m *Environmental) Score() float64 {
 	if m.IsEmpty() {
 		baseScore = m.Base.Score()
 	} else {
-		adjustedImpact := math.Min(10.0, roundTo1Decimal(10.41*(1-(1-m.C.Value()*m.CR.Value())*(1-m.I.Value()*m.IR.Value())*(1-m.A.Value()*m.AR.Value()))))
+		adjustedImpact := math.Min(10.0, roundTo4Decimal(10.41*(1-(1-m.C.Value()*m.CR.Value())*(1-m.I.Value()*m.IR.Value())*(1-m.A.Value()*m.AR.Value()))))
 		baseScore = m.Base.score(adjustedImpact)
 	}
 	var adjustedTemporal float64
diff --git a/v2/metric/metric_test.go b/v2/metric/metric_test.go
index 5a98d81..119d12f 100644
--- a/v2/metric/metric_test.go
+++ b/v2/metric/metric_test.go
@@ -241,19 +241,26 @@ func TestEnvEnvironmentalScore(t *testing.T) {
 			temp:   6.2,
 			env:    8.1,
 		},
+		// {
+		// 	name:   "issue-33",
+		// 	vector: "AV:A/AC:L/Au:N/C:C/I:C/A:C/CDP:H/TD:H/CR:L/IR:ND/AR:ND",
+		// 	base:   8.3,
+		// 	temp:   8.3,
+		// 	env:    9.0,
+		// },
+		// {
+		// 	name:   "issue-33b",
+		// 	vector: "AV:A/AC:L/Au:N/C:C/I:C/A:C/E:ND/RL:ND/RC:ND/CDP:H/TD:ND/CR:L/IR:ND/AR:ND",
+		// 	base:   8.3,
+		// 	temp:   8.3,
+		// 	env:    9.0,
+		// },
 		{
-			name:   "issue-33",
-			vector: "AV:A/AC:L/Au:N/C:C/I:C/A:C/CDP:H/TD:H/CR:L/IR:ND/AR:ND",
-			base:   8.3,
-			temp:   8.3,
-			env:    9.0,
-		},
-		{
-			name:   "issue-33b",
-			vector: "AV:A/AC:L/Au:N/C:C/I:C/A:C/E:ND/RL:ND/RC:ND/CDP:H/TD:ND/CR:L/IR:ND/AR:ND",
-			base:   8.3,
-			temp:   8.3,
-			env:    9.0,
+			name:   "issue-33c",
+			vector: "AV:L/AC:M/Au:S/C:N/I:N/A:P/CDP:N/TD:ND/CR:M/IR:ND/AR:ND",
+			base:   1.5,
+			temp:   1.5,
+			env:    1.5,
 		},
 	}
 	for _, tt := range tests {
diff --git a/v2/metric/misc.go b/v2/metric/misc.go
index ea60eef..05ffaaf 100644
--- a/v2/metric/misc.go
+++ b/v2/metric/misc.go
@@ -6,6 +6,10 @@ func roundTo1Decimal(input float64) float64 {
 	return math.Round(input*10) / 10
 }
 
+func roundTo4Decimal(input float64) float64 {
+	return math.Round(input*10000) / 10000
+}
+
 /* Copyright 2023 Spiegel
  *
  * Licensed under the Apache License, Version 2.0 (the "License");

From ee5badca8a55ef91bb61321fd978bc463a8e2f14 Mon Sep 17 00:00:00 2001
From: Spiegel <spiegel.im.spiegel@gmail.com>
Date: Sat, 4 Feb 2023 16:54:01 +0900
Subject: [PATCH 2/2] Adjusted calculation error of CVSSv2 Base score (issue
 #33)

---
 v2/metric/base.go          |  4 ++--
 v2/metric/environmental.go |  2 +-
 v2/metric/metric_test.go   | 28 ++++++++++++++--------------
 v2/metric/misc.go          |  4 ++--
 4 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/v2/metric/base.go b/v2/metric/base.go
index 4c69614..871e6c1 100644
--- a/v2/metric/base.go
+++ b/v2/metric/base.go
@@ -168,7 +168,7 @@ func (m *Base) Score() float64 {
 	if err := m.GetError(); err != nil {
 		return 0
 	}
-	impact := roundTo4Decimal(10.41 * (1 - (1-m.C.Value())*(1-m.I.Value())*(1-m.A.Value())))
+	impact := roundTo2Decimal(10.41 * (1 - (1-m.C.Value())*(1-m.I.Value())*(1-m.A.Value())))
 	return m.score(impact)
 }
 
@@ -176,7 +176,7 @@ func (m *Base) score(impact float64) float64 {
 	if err := m.GetError(); err != nil {
 		return 0
 	}
-	exploitability := roundTo4Decimal(20 * m.AV.Value() * m.AC.Value() * m.Au.Value())
+	exploitability := roundTo2Decimal(20 * m.AV.Value() * m.AC.Value() * m.Au.Value())
 	fimpact := 1.176
 	if impact == 0 {
 		fimpact = 0
diff --git a/v2/metric/environmental.go b/v2/metric/environmental.go
index 43f4447..ed3a282 100644
--- a/v2/metric/environmental.go
+++ b/v2/metric/environmental.go
@@ -183,7 +183,7 @@ func (m *Environmental) Score() float64 {
 	if m.IsEmpty() {
 		baseScore = m.Base.Score()
 	} else {
-		adjustedImpact := math.Min(10.0, roundTo4Decimal(10.41*(1-(1-m.C.Value()*m.CR.Value())*(1-m.I.Value()*m.IR.Value())*(1-m.A.Value()*m.AR.Value()))))
+		adjustedImpact := math.Min(10.0, roundTo2Decimal(10.41*(1-(1-m.C.Value()*m.CR.Value())*(1-m.I.Value()*m.IR.Value())*(1-m.A.Value()*m.AR.Value()))))
 		baseScore = m.Base.score(adjustedImpact)
 	}
 	var adjustedTemporal float64
diff --git a/v2/metric/metric_test.go b/v2/metric/metric_test.go
index 119d12f..ffbe418 100644
--- a/v2/metric/metric_test.go
+++ b/v2/metric/metric_test.go
@@ -241,20 +241,20 @@ func TestEnvEnvironmentalScore(t *testing.T) {
 			temp:   6.2,
 			env:    8.1,
 		},
-		// {
-		// 	name:   "issue-33",
-		// 	vector: "AV:A/AC:L/Au:N/C:C/I:C/A:C/CDP:H/TD:H/CR:L/IR:ND/AR:ND",
-		// 	base:   8.3,
-		// 	temp:   8.3,
-		// 	env:    9.0,
-		// },
-		// {
-		// 	name:   "issue-33b",
-		// 	vector: "AV:A/AC:L/Au:N/C:C/I:C/A:C/E:ND/RL:ND/RC:ND/CDP:H/TD:ND/CR:L/IR:ND/AR:ND",
-		// 	base:   8.3,
-		// 	temp:   8.3,
-		// 	env:    9.0,
-		// },
+		{
+			name:   "issue-33",
+			vector: "AV:A/AC:L/Au:N/C:C/I:C/A:C/CDP:H/TD:H/CR:L/IR:ND/AR:ND",
+			base:   8.3,
+			temp:   8.3,
+			env:    9.0,
+		},
+		{
+			name:   "issue-33b",
+			vector: "AV:A/AC:L/Au:N/C:C/I:C/A:C/E:ND/RL:ND/RC:ND/CDP:H/TD:ND/CR:L/IR:ND/AR:ND",
+			base:   8.3,
+			temp:   8.3,
+			env:    9.0,
+		},
 		{
 			name:   "issue-33c",
 			vector: "AV:L/AC:M/Au:S/C:N/I:N/A:P/CDP:N/TD:ND/CR:M/IR:ND/AR:ND",
diff --git a/v2/metric/misc.go b/v2/metric/misc.go
index 05ffaaf..9928dc1 100644
--- a/v2/metric/misc.go
+++ b/v2/metric/misc.go
@@ -6,8 +6,8 @@ func roundTo1Decimal(input float64) float64 {
 	return math.Round(input*10) / 10
 }
 
-func roundTo4Decimal(input float64) float64 {
-	return math.Round(input*10000) / 10000
+func roundTo2Decimal(input float64) float64 {
+	return math.Round(input*100) / 100
 }
 
 /* Copyright 2023 Spiegel