Unexpected severity result using CVSSv4

[falcochu]

Thanks for the tool and adding support for CVSSv4.

Just doing some testing and got an unexpected result. Using the CVSSv4 update it was able to calculate the base score for the vector "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" as 6.9 correctly but not the correct severity.

Please see code snippet below and in the screenshot.

Actual Results:

>>> from cvss import CVSS4
>>> vector = 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L'
>>> c = CVSS4(vector)
>>> print(c.as_json()['baseScore'])
6.9
>>> print(c.as_json()['baseSeverity'])
None
>>> print(c.severity)
High
>>> 

Screenshot to compare to CVSSv4 Website

Expected Results:

>>> from cvss import CVSS4
>>> vector = 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L'
>>> c = CVSS4(vector)
>>> print(c.as_json()['baseScore'])
6.9
>>> print(c.as_json()['baseSeverity'])
Medium
>>> print(c.severity)
Medium
>>> 

[skontar]

@jobiewinserapck can you please have a look?

[jobiewinserapck]

Sure thing, I'll take a look

[jobiewinserapck]

Here's the PR: https://github.com/RedHatProductSecurity/cvss/pull/50

I've fixed both of the issues encountered in the screenshot (details in the commit message). I've added additional tests for these too, hopefully the tests aren't getting too intense as they are currently take 3x as long for cvss4 vs cvss3

[skontar]

@jobiewinserapck more tests++ :smile: .

@falcochu thanks for reporting the issue. Can you please check if the problem was resolved?

[falcochu]

Hey @skontar and @jobiewinserapck can confirm it is working for me as expected now. Thanks so much for the quick fix and again for the tool :)