make pr mergeable

turingsecure · Jun 28, 2023 · feaf937 · feaf937
1 parent 088f3fd
commit feaf937
Show file tree

Hide file tree

Showing 3 changed files with 68 additions and 47 deletions.
diff --git a/.npmrc b/.npmrc
@@ -0,0 +1 @@
+registry=https://registry.npmjs.org  
diff --git a/lib/cvss.js b/lib/cvss.js
@@ -162,7 +162,7 @@ function CVSS(vector) {
    * @returns {Number} Impact sub score
    */
   function getImpactSubScore() {
-    return Number(score.getImpactSubScore(vector).toFixed(1));
+    return score.getImpactSubScore(vector);
   }
 
   /**
@@ -174,7 +174,7 @@ function CVSS(vector) {
    * @returns {Number} Exploitability sub score
    */
   function getExploitabilitySubScore() {
-    return Number(score.getExploitabilitySubScore(vector).toFixed(1));
+    return score.getExploitabilitySubScore(vector);
   }
 
   return {

diff --git a/lib/score.js b/lib/score.js
@@ -40,7 +40,11 @@ function getTemporalScore(vector) {
   const rcMetric = util.findMetricValue("RC", vectorObject);
   const reportConfidence = rcMetric ? rcMetric.numerical : 1;
 
-  return roundUp(baseScore * exploitCodeMaturity * remediationLevel * reportConfidence, 1, vector);
+  return roundUp(
+    baseScore * exploitCodeMaturity * remediationLevel * reportConfidence,
+    1,
+    vector
+  );
 }
 
 const calculateISCBase = function (vectorObject) {
@@ -58,10 +62,18 @@ const calculateISCBase = function (vectorObject) {
  */
 function getEnvironmentalScore(vector) {
   const vectorObject = util.getVectorObject(vector);
-  const scopeChanged = vectorObject.MS === "X" ? vectorObject.S === "C" : vectorObject.MS === "C";
+  const scopeChanged =
+    vectorObject.MS === "X" ? vectorObject.S === "C" : vectorObject.MS === "C";
   const modifiedISCBase = calculateISCModifiedBase(vectorObject);
-  const modifiedExploitability = calculateModifiedExploitability(vectorObject, scopeChanged);
-  const modifiedISC = calculateModifiedISC(modifiedISCBase, scopeChanged, vector);
+  const modifiedExploitability = calculateModifiedExploitability(
+    vectorObject,
+    scopeChanged
+  );
+  const modifiedISC = calculateModifiedISC(
+    modifiedISCBase,
+    scopeChanged,
+    vector
+  );
 
   if (modifiedISC <= 0) return 0;
 
@@ -75,18 +87,22 @@ function getEnvironmentalScore(vector) {
   if (!scopeChanged) {
     return roundUp(
       roundUp(Math.min(modifiedISC + modifiedExploitability, 10), 1, vector) *
-      eValue *
-      rlValue *
-      rcValue,
+        eValue *
+        rlValue *
+        rcValue,
       1,
       vector
     );
   }
   return roundUp(
-    roundUp(Math.min(1.08 * (modifiedISC + modifiedExploitability), 10), 1, vector) *
-    eValue *
-    rlValue *
-    rcValue,
+    roundUp(
+      Math.min(1.08 * (modifiedISC + modifiedExploitability), 10),
+      1,
+      vector
+    ) *
+      eValue *
+      rlValue *
+      rcValue,
     1,
     vector
   );
@@ -106,7 +122,9 @@ const calculateModifiedISC = function (iscBase, scopeChanged, vector) {
   if (util.getVersion(vector) === "3.0") {
     return 7.52 * (iscBase - 0.029) - 3.25 * Math.pow(iscBase - 0.02, 15);
   } else if (util.getVersion(vector) === "3.1") {
-    return 7.52 * (iscBase - 0.029) - 3.25 * Math.pow(iscBase * 0.9731 - 0.02, 13);
+    return (
+      7.52 * (iscBase - 0.029) - 3.25 * Math.pow(iscBase * 0.9731 - 0.02, 13)
+    );
   }
 };
 
@@ -129,15 +147,18 @@ function calculateISCModifiedBase(vectorObject) {
   const irValue = util.findMetricValue("IR", vectorObject).numerical;
   const arValue = util.findMetricValue("AR", vectorObject).numerical;
 
-  if (!mcValue || mcValue.abbr === "X") mcValue = util.findMetricValue("C", vectorObject);
-  if (!miValue || miValue.abbr === "X") miValue = util.findMetricValue("I", vectorObject);
-  if (!maValue || maValue.abbr === "X") maValue = util.findMetricValue("A", vectorObject);
+  if (!mcValue || mcValue.abbr === "X")
+    mcValue = util.findMetricValue("C", vectorObject);
+  if (!miValue || miValue.abbr === "X")
+    miValue = util.findMetricValue("I", vectorObject);
+  if (!maValue || maValue.abbr === "X")
+    maValue = util.findMetricValue("A", vectorObject);
 
   return Math.min(
     1 -
-    (1 - mcValue.numerical * crValue) *
-    (1 - miValue.numerical * irValue) *
-    (1 - maValue.numerical * arValue),
+      (1 - mcValue.numerical * crValue) *
+        (1 - miValue.numerical * irValue) *
+        (1 - maValue.numerical * arValue),
     0.915
   );
 }
@@ -148,14 +169,26 @@ const calculateModifiedExploitability = function (vectorObject, scopeChanged) {
   let mprMetrics = util.findMetricValue("MPR", vectorObject);
   let muiValue = util.findMetricValue("MUI", vectorObject);
 
-  if (!mavValue || mavValue.abbr === "X") mavValue = util.findMetricValue("AV", vectorObject);
-  if (!macValue || macValue.abbr === "X") macValue = util.findMetricValue("AC", vectorObject);
-  if (!mprMetrics || mprMetrics.abbr === "X") mprMetrics = util.findMetricValue("PR", vectorObject);
-  if (!muiValue || muiValue.abbr === "X") muiValue = util.findMetricValue("UI", vectorObject);
-
-  const mprValue = scopeChanged ? mprMetrics.numerical.changed : mprMetrics.numerical.unchanged;
-
-  return 8.22 * mavValue.numerical * macValue.numerical * mprValue * muiValue.numerical;
+  if (!mavValue || mavValue.abbr === "X")
+    mavValue = util.findMetricValue("AV", vectorObject);
+  if (!macValue || macValue.abbr === "X")
+    macValue = util.findMetricValue("AC", vectorObject);
+  if (!mprMetrics || mprMetrics.abbr === "X")
+    mprMetrics = util.findMetricValue("PR", vectorObject);
+  if (!muiValue || muiValue.abbr === "X")
+    muiValue = util.findMetricValue("UI", vectorObject);
+
+  const mprValue = scopeChanged
+    ? mprMetrics.numerical.changed
+    : mprMetrics.numerical.unchanged;
+
+  return (
+    8.22 *
+    mavValue.numerical *
+    macValue.numerical *
+    mprValue *
+    muiValue.numerical
+  );
 };
 
 /**
@@ -188,21 +221,11 @@ function roundUp(num, precision, vector) {
  */
 function getImpactSubScore(vector) {
   const vectorObject = util.getVectorObject(vector);
-  const C = util.findMetricValue("C", vectorObject).numerical;
-  const I = util.findMetricValue("I", vectorObject).numerical;
-  const A = util.findMetricValue("A", vectorObject).numerical;
-  const {S} = vectorObject;
-
-  // Calculate the ISCBase using the formula from the CVSS v3.0 Specification Document
-  const ISCBase = 1 - (1 - C) * (1 - I) * (1 - A);
-
-  // Check if the ISCBase equal 0
-  if (ISCBase === 0) return ISCBase;
+  const { S } = vectorObject;
 
-  // Check if the scope is changed
-  if (S === "C") return calculateISC(ISCBase, true, vector);
+  const ISCBase = calculateISCBase(vectorObject);
 
-  return calculateISC(ISCBase, false, vector);
+  return Number(calculateISC(ISCBase, S === "C", vector).toFixed(1));
 }
 
 /**
@@ -215,18 +238,15 @@ function getImpactSubScore(vector) {
  */
 function getExploitabilitySubScore(vector) {
   const vectorObject = util.getVectorObject(vector);
-  const {S} = vectorObject;
-
-  // check if scope unchanged
-  if (S === "U") return calculateExploitability(vectorObject, false);
+  const { S } = vectorObject;
 
-  return calculateExploitability(vectorObject, true);
+  return Number(calculateExploitability(vectorObject, S === "C").toFixed(1));
 }
 
 module.exports = {
   getScore,
   getTemporalScore,
   getEnvironmentalScore,
   getImpactSubScore,
-  getExploitabilitySubScore
+  getExploitabilitySubScore,
 };