Bugfix: Issue with score when CIA triad is None (#108)

csk · Conrad Stein K (csk) · web-flow · commit 20a9ccfd5e94 · 2025-05-14T12:50:28.000+02:00
* Add test of vector that must return 0.0 but is returning 6.9

* Fix issue when all metrics are N which was failing

* Build project and upload changes which somehow are being tracked

---------

Co-authored-by: Conrad Stein K (csk) &lt;conrad@cyscope.io&gt;
diff --git a/dist/index.js b/dist/index.js
@@ -1267,6 +1267,12 @@ function eq3eq6CalculateLowerMacroVector(eqLevels) {
 }
 function getScore2(vector) {
   const vectorObj = util.getVectorObject(vector);
+  const allMetrics = ["VC", "VI", "VA", "SC", "SI", "SA"];
+  const allMetricsAreN = allMetrics.every((metric) => vectorObj[metric] === "N");
+  if (allMetricsAreN) {
+    const score2 = 0;
+    return parseFloat(score2.toFixed(1));
+  }
   const metrics = {
     AV: {},
     PR: {},
diff --git a/dist_node/index.js b/dist_node/index.js
@@ -1267,6 +1267,12 @@ function eq3eq6CalculateLowerMacroVector(eqLevels) {
 }
 function getScore2(vector) {
   const vectorObj = util.getVectorObject(vector);
+  const allMetrics = ["VC", "VI", "VA", "SC", "SI", "SA"];
+  const allMetricsAreN = allMetrics.every((metric) => vectorObj[metric] === "N");
+  if (allMetricsAreN) {
+    const score2 = 0;
+    return parseFloat(score2.toFixed(1));
+  }
   const metrics = {
     AV: {},
     PR: {},
diff --git a/lib/score_4_0.ts b/lib/score_4_0.ts
@@ -100,6 +100,14 @@ function eq3eq6CalculateLowerMacroVector(eqLevels: any) {
 function getScore(vector: string) {
   const vectorObj = util.getVectorObject(vector);
 
+  // Special case: if all metrics are N, return 0.0
+  const allMetrics = ['VC', 'VI', 'VA', 'SC', 'SI', 'SA'] as const;
+  const allMetricsAreN = allMetrics.every(metric => vectorObj[metric as keyof CvssVectorObject] === 'N');
+  if (allMetricsAreN) {
+    const score = 0.0;
+    return parseFloat(score.toFixed(1));
+  }
+
   const metrics = {
     AV: {} as Metric, // EQ1
     PR: {} as Metric, // EQ1
diff --git a/test/cvss_4_0.spec.ts b/test/cvss_4_0.spec.ts
@@ -64,7 +64,8 @@ const examples = [
     score: 9.7,
     vector: "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/MSI:S/S:P"
   },
-  { score: 8.7, vector: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/V:C" }
+  { score: 8.7, vector: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/V:C" },
+  { score: 0.0, vector: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N" },
 ];
 
 describe("Score Tests", () => {
