Merge pull request #34 from goark/debug-and-refactoring

Fixed issue #31 and #33
goark · Feb 4, 2023 · 0f78497 · 0f78497
2 parents 059836d + 62554fe
commit 0f78497
Show file tree

Hide file tree

Showing 12 changed files with 97 additions and 52 deletions.
diff --git a/.github/workflows/vulns.yml b/.github/workflows/vulns.yml
@@ -1,8 +1,6 @@
 name: vulns
 on:
   push:
-    tags:
-      - v*
     branches:
       - master
   pull_request:
@@ -14,7 +12,7 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-go@v3
         with:
-          go-version: ^1.19
+          go-version: ^1.20
       - name: WriteGoList
         run: go list -json -m all > go.list
       - name: Nancy

diff --git a/Taskfile.yml b/Taskfile.yml
@@ -28,4 +28,4 @@ tasks:
   clean:
     desc: Initialize module and build cache, and remake go.sum file.
     cmds:
-      - go mod tidy -v -go=1.19
+      - go mod tidy -v -go=1.20
diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module github.com/goark/go-cvss
 
-go 1.19
+go 1.20
 
 require (
 	github.com/goark/errs v1.1.0

diff --git a/v2/metric/base.go b/v2/metric/base.go
@@ -2,7 +2,6 @@ package metric
 
 import (
 	"fmt"
-	"math"
 	"strings"
 
 	"github.com/goark/errs"
@@ -59,14 +58,14 @@ func (m *Base) Decode(vector string) (*Base, error) {
 		}
 	}
 	if lastErr != nil {
-		return m, lastErr
+		return nil, lastErr
 	}
 	enc, err := m.Encode()
 	if err != nil {
-		return m, errs.Wrap(err, errs.WithContext("vector", vector))
+		return nil, errs.Wrap(err, errs.WithContext("vector", vector))
 	}
 	if vector != enc {
-		return m, errs.Wrap(cvsserr.ErrMisordered, errs.WithContext("vector", vector))
+		return nil, errs.Wrap(cvsserr.ErrMisordered, errs.WithContext("vector", vector))
 	}
 	return m, nil
 }
@@ -182,7 +181,7 @@ func (m *Base) score(impact float64) float64 {
 	if impact == 0 {
 		fimpact = 0
 	}
-	return math.Round(((0.6*impact)+(0.4*exploitability)-1.5)*fimpact*10) / 10
+	return roundTo1Decimal(((0.6 * impact) + (0.4 * exploitability) - 1.5) * fimpact)
 }
 
 // GetSeverity returns severity by score of Base metrics

diff --git a/v2/metric/environmental.go b/v2/metric/environmental.go
@@ -58,14 +58,14 @@ func (m *Environmental) Decode(vector string) (*Environmental, error) {
 		}
 	}
 	if lastErr != nil {
-		return m, lastErr
+		return nil, lastErr
 	}
 	enc, err := m.Encode()
 	if err != nil {
-		return m, errs.Wrap(err, errs.WithContext("vector", vector))
+		return nil, errs.Wrap(err, errs.WithContext("vector", vector))
 	}
 	if vector != enc {
-		return m, errs.Wrap(cvsserr.ErrMisordered, errs.WithContext("vector", vector))
+		return nil, errs.Wrap(cvsserr.ErrMisordered, errs.WithContext("vector", vector))
 	}
 	return m, nil
 }
@@ -183,7 +183,7 @@ func (m *Environmental) Score() float64 {
 	if m.IsEmpty() {
 		baseScore = m.Base.Score()
 	} else {
-		adjustedImpact := math.Min(10.0, 10.41*(1-(1-m.C.Value()*m.CR.Value())*(1-m.I.Value()*m.IR.Value())*(1-m.A.Value()*m.AR.Value())))
+		adjustedImpact := math.Min(10.0, roundTo1Decimal(10.41*(1-(1-m.C.Value()*m.CR.Value())*(1-m.I.Value()*m.IR.Value())*(1-m.A.Value()*m.AR.Value()))))
 		baseScore = m.Base.score(adjustedImpact)
 	}
 	var adjustedTemporal float64
@@ -195,7 +195,7 @@ func (m *Environmental) Score() float64 {
 	if m.IsEmpty() {
 		return adjustedTemporal
 	}
-	return math.Round((adjustedTemporal+(10-adjustedTemporal)*m.CDP.Value()*m.TD.Value())*10) / 10
+	return roundTo1Decimal(adjustedTemporal + (10-adjustedTemporal)*m.CDP.Value()*m.TD.Value())
 }
 
 // Severity returns severity by score of Environmental metrics

diff --git a/v2/metric/metric_test.go b/v2/metric/metric_test.go
@@ -241,6 +241,20 @@ func TestEnvEnvironmentalScore(t *testing.T) {
 			temp:   6.2,
 			env:    8.1,
 		},
+		{
+			name:   "issue-33",
+			vector: "AV:A/AC:L/Au:N/C:C/I:C/A:C/CDP:H/TD:H/CR:L/IR:ND/AR:ND",
+			base:   8.3,
+			temp:   8.3,
+			env:    9.0,
+		},
+		{
+			name:   "issue-33b",
+			vector: "AV:A/AC:L/Au:N/C:C/I:C/A:C/E:ND/RL:ND/RC:ND/CDP:H/TD:ND/CR:L/IR:ND/AR:ND",
+			base:   8.3,
+			temp:   8.3,
+			env:    9.0,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -255,10 +269,10 @@ func TestEnvEnvironmentalScore(t *testing.T) {
 					t.Errorf("Metrics.TemporalScore() = %v, want %v", got, tt.env)
 				}
 				if got := m.Score(); got != tt.env {
-					t.Errorf("Metrics.EnvironmentalScore() = %v, want %v", got, tt.temp)
+					t.Errorf("Metrics.EnvironmentalScore() = %v, want %v", got, tt.env)
 				}
 				if got := m.String(); tt.vector != got {
-					t.Errorf("Metrics.String() = %v, want %v", got, tt.temp)
+					t.Errorf("Metrics.String() = %v, want %v", got, tt.vector)
 				}
 			}
 

diff --git a/v2/metric/misc.go b/v2/metric/misc.go
@@ -0,0 +1,22 @@
+package metric
+
+import "math"
+
+func roundTo1Decimal(input float64) float64 {
+	return math.Round(input*10) / 10
+}
+
+/* Copyright 2023 Spiegel
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * 	http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
diff --git a/v2/metric/temporal.go b/v2/metric/temporal.go
@@ -2,7 +2,6 @@ package metric
 
 import (
 	"fmt"
-	"math"
 	"strings"
 
 	"github.com/goark/errs"
@@ -52,14 +51,14 @@ func (m *Temporal) Decode(vector string) (*Temporal, error) {
 		}
 	}
 	if lastErr != nil {
-		return m, lastErr
+		return nil, lastErr
 	}
 	enc, err := m.Encode()
 	if err != nil {
-		return m, errs.Wrap(err, errs.WithContext("vector", vector))
+		return nil, errs.Wrap(err, errs.WithContext("vector", vector))
 	}
 	if vector != enc {
-		return m, errs.Wrap(cvsserr.ErrMisordered, errs.WithContext("vector", vector))
+		return nil, errs.Wrap(cvsserr.ErrMisordered, errs.WithContext("vector", vector))
 	}
 	return m, nil
 }
@@ -165,7 +164,7 @@ func (m *Temporal) Score() float64 {
 }
 
 func (m *Temporal) score(baseScore float64) float64 {
-	return math.Round(baseScore*m.E.Value()*m.RL.Value()*m.RC.Value()*10) / 10
+	return roundTo1Decimal(baseScore * m.E.Value() * m.RL.Value() * m.RC.Value())
 }
 
 // GetSeverity returns severity by score of Base metrics

diff --git a/v3/metric/base.go b/v3/metric/base.go
@@ -58,10 +58,10 @@ func (bm *Base) Decode(vector string) (*Base, error) {
 	//CVSS version
 	ver, err := GetVersion(values[0])
 	if err != nil {
-		return bm, errs.Wrap(err, errs.WithContext("vector", vector))
+		return nil, errs.Wrap(err, errs.WithContext("vector", vector))
 	}
 	if ver == VUnknown {
-		return bm, errs.Wrap(cvsserr.ErrNotSupportVer, errs.WithContext("vector", vector))
+		return nil, errs.Wrap(cvsserr.ErrNotSupportVer, errs.WithContext("vector", vector))
 	}
 	bm.Ver = ver
 	//parse vector
@@ -75,9 +75,12 @@ func (bm *Base) Decode(vector string) (*Base, error) {
 		}
 	}
 	if lastErr != nil {
-		return bm, lastErr
+		return nil, lastErr
 	}
-	return bm, bm.GetError()
+	if err := bm.GetError(); err != nil {
+		return nil, err
+	}
+	return bm, nil
 }
 func (bm *Base) decodeOne(str string) error {
 	m := strings.Split(str, ":")

diff --git a/v3/metric/base_test.go b/v3/metric/base_test.go
@@ -73,12 +73,13 @@ func TestDecodeEncode(t *testing.T) {
 			v, err := m.Encode()
 			if err != nil {
 				t.Errorf("Encode() = \"%+v\", want <nil>.", err)
-			}
-			if v != tc.vector {
-				t.Errorf("Encode() = \"%v\", want \"%v\".", v, tc.vector)
-			}
-			if m.String() != tc.vector {
-				t.Errorf("String() = \"%v\", want \"%v\".", m.String(), tc.vector)
+			} else {
+				if v != tc.vector {
+					t.Errorf("Encode() = \"%v\", want \"%v\".", v, tc.vector)
+				}
+				if m.String() != tc.vector {
+					t.Errorf("String() = \"%v\", want \"%v\".", m.String(), tc.vector)
+				}
 			}
 		}
 	}
@@ -90,7 +91,6 @@ func TestScore(t *testing.T) {
 		score    float64
 		severity Severity
 	}{
-		{vector: "CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N", score: 0.0, severity: SeverityNone}, //error
 		//CVSSv3.0
 		{vector: "CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N", score: 0.0, severity: SeverityNone},     //Zero metrics
 		{vector: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", score: 7.5, severity: SeverityHigh},     //CVE-2015-8252
@@ -140,17 +140,21 @@ func TestScore(t *testing.T) {
 	}
 
 	for _, tc := range testCases {
-		m, _ := NewBase().Decode(tc.vector)
-		score := m.Score()
-		if got := m.String(); got != tc.vector {
-			t.Errorf("String() = %v, want %v.", got, tc.vector)
-		}
-		if score != tc.score {
-			t.Errorf("Score(%s) = %v, want %v.", tc.vector, score, tc.score)
-		}
-		severity := m.Severity()
-		if severity.String() != tc.severity.String() {
-			t.Errorf("Score(%s) = %v, want %v.", tc.vector, severity, tc.severity)
+		m, err := NewBase().Decode(tc.vector)
+		if err != nil {
+			t.Errorf("Decode(%v) is %v, want <nil>.", tc.vector, err)
+		} else {
+			score := m.Score()
+			if got := m.String(); got != tc.vector {
+				t.Errorf("String() = %v, want %v.", got, tc.vector)
+			}
+			if score != tc.score {
+				t.Errorf("Score(%s) = %v, want %v.", tc.vector, score, tc.score)
+			}
+			severity := m.Severity()
+			if severity.String() != tc.severity.String() {
+				t.Errorf("Score(%s) = %v, want %v.", tc.vector, severity, tc.severity)
+			}
 		}
 	}
 }

diff --git a/v3/metric/environmental.go b/v3/metric/environmental.go
@@ -67,10 +67,10 @@ func (em *Environmental) Decode(vector string) (*Environmental, error) {
 	//CVSS version
 	ver, err := GetVersion(values[0])
 	if err != nil {
-		return em, errs.Wrap(err, errs.WithContext("vector", vector))
+		return nil, errs.Wrap(err, errs.WithContext("vector", vector))
 	}
 	if ver == VUnknown {
-		return em, errs.Wrap(cvsserr.ErrNotSupportVer, errs.WithContext("vector", vector))
+		return nil, errs.Wrap(cvsserr.ErrNotSupportVer, errs.WithContext("vector", vector))
 	}
 	em.Ver = ver
 	//parse vector
@@ -84,9 +84,12 @@ func (em *Environmental) Decode(vector string) (*Environmental, error) {
 		}
 	}
 	if lastErr != nil {
-		return em, lastErr
+		return nil, lastErr
 	}
-	return em, em.GetError()
+	if err := em.GetError(); err != nil {
+		return nil, err
+	}
+	return em, nil
 }
 func (em *Environmental) decodeOne(str string) error {
 	if err := em.Temporal.decodeOne(str); err != nil {

diff --git a/v3/metric/temporal.go b/v3/metric/temporal.go
@@ -42,10 +42,10 @@ func (tm *Temporal) Decode(vector string) (*Temporal, error) {
 	//CVSS version
 	ver, err := GetVersion(values[0])
 	if err != nil {
-		return tm, errs.Wrap(err, errs.WithContext("vector", vector))
+		return nil, errs.Wrap(err, errs.WithContext("vector", vector))
 	}
 	if ver == VUnknown {
-		return tm, errs.Wrap(cvsserr.ErrNotSupportVer, errs.WithContext("vector", vector))
+		return nil, errs.Wrap(cvsserr.ErrNotSupportVer, errs.WithContext("vector", vector))
 	}
 	tm.Ver = ver
 	//parse vector
@@ -59,9 +59,12 @@ func (tm *Temporal) Decode(vector string) (*Temporal, error) {
 		}
 	}
 	if lastErr != nil {
-		return tm, lastErr
+		return nil, lastErr
 	}
-	return tm, tm.GetError()
+	if err := tm.GetError(); err != nil {
+		return nil, err
+	}
+	return tm, nil
 }
 func (tm *Temporal) decodeOne(str string) error {
 	if err := tm.Base.decodeOne(str); err != nil {