From 5bc6072dd22038f8f0c3cf6cc8ed758293725a8f Mon Sep 17 00:00:00 2001
From: Paul Duncan <pabs@pablotron.org>
Date: Mon, 7 Feb 2022 10:43:06 -0500
Subject: cvss/v2scores.go: remove unneeded rounding so env scores are
 consistent w/ nvd cvss v2 calculator

---
 cvss/v2scores.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'cvss/v2scores.go')

diff --git a/cvss/v2scores.go b/cvss/v2scores.go
index 3dec4a3..03bbc24 100644
--- a/cvss/v2scores.go
+++ b/cvss/v2scores.go
@@ -57,6 +57,7 @@ func newV2Scores(v v2Vector) (v2Scores, error) {
   auth := 0.0
 
   // temporal score values
+  // (FIXME: should these be set to 1.0?)
   exploitability := 0.0
   remediationLevel := 0.0
   reportConfidence := 0.0
@@ -250,7 +251,7 @@ func newV2Scores(v v2Vector) (v2Scores, error) {
     // calculate environmental base score using adjusted impact
     baseExpl := 20 * accessVector * accessComplexity * auth
     envBaseScore := ((0.6 * adjImpact + 0.4 * baseExpl) - 1.5) * fImpact
-    envBaseScore = math.Round(10.0 * envBaseScore) / 10.0
+    envBaseScore = (10.0 * envBaseScore) / 10.0
 
     // calculate adjusted temporal score
     adjTempScore := envBaseScore * exploitability * remediationLevel * reportConfidence
-- 
cgit v1.2.3