Skip to content

Refactor score method and add round_up function #56

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Refactor score method and add round_up function #56

wants to merge 1 commit into from

Conversation

@taladrane
Copy link

@taladrane taladrane commented Oct 14, 2025

Proposed changes

Refactor score method to return float and add rounding functionality to align with https://www.first.org/cvss/v3-1/specification-document#Appendix-A---Floating-Point-Rounding .

Problem

The CVSS 3.1 implementation was missing the required roundup function specified in the CVSS 3.1 specification (Appendix A), causing certain vectors to produce incorrect scores.

Most notably, the vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H was returning a score of 10.0 instead of the correct 9.9.

Root Cause

The CVSS 3.1 specification requires a specific rounding function that rounds up to 1 decimal place using integer arithmetic to avoid floating-point precision issues. The current implementation was returning raw calculated values without applying this mandatory rounding step.

Solution

Implemented the round_up function following the CVSS 3.1 specification Appendix A:

  • Multiplies input by 100,000 and rounds to nearest integer
  • Uses integer arithmetic to avoid floating-point errors
  • Rounds up to the next 0.1 unless already at a 0.1 boundary

Types of changes

What types of changes does your code introduce to CvssSuite?
Put an x in the boxes that apply

  • Bugfix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist

Put an x in the boxes that apply. You can also fill these out after creating the PR.

  • Unit tests pass locally with my changes
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)

@taladrane
Refactor score method and add round_up function
215dd6d 
Refactor score method to return float and add rounding functionality.
@0llirocks
Copy link
Owner

0llirocks commented Oct 16, 2025

@taladrane thank you for your PR. The method you are adding already exists as a helper here. And that helper method is also called with each score for cvss31. Maybe you can find out the exact location where the helper is missing. Adding it only for base might fix your issue, but what about the other scores? Are they also affected and why does the helper does not work in cvss31.rb? I will take a closer look once I find time.

Best regards
Olli

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@taladrane @0llirocks