CVSS4 round_away_from_zero error

[Zalutskii]

cvss/cvss/cvss4.py

Line 55 in e4cf69b

def round_away_from_zero(x, dp):

The round_away_from_zero function is not working correctly.
For values round_away_from_zero(8.45, 1) should return 8.5, but it returns 8.4. https://python-fiddle.com/saved/IKHz08xWhe4LsUnxAAez
This error leads to incorrect calculation of score for some vectors. For example, for the vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:L/IR:L/AR:L/MAV:N/MAC:L/MAT:N/MPR:L/MUI:A/MVC:H/MVI:H/MVA:H/MSC:H/MSI:S/MSA:S/S:P/AU:Y/R:I/V:C/RE:H/U:Red score should be 8.5 and not 8.4.

[skontar]

Hi! We are aware of rounding issues caused mostly by using floats instead of Decimals in CVSS v4 implementation.

In this specific case, it is because 8.45 cannot be represented correctly in float.

>>> print(8.45)
8.45
>>> print(f"{8.45:0.20f}")
8.44999999999999928946
>>> round(8.45, 1)
8.4

We are currently working on making sure both Javascript and Python implementations will return the same – and expected – values.

We will be likely using the following:

>>> from decimal import ROUND_HALF_UP
>>> float(D(8.45 * 10).quantize(D("1"), rounding=ROUND_HALF_UP) / 10)
8.5

[skontar]

We are currently in phase of testing.
FYI, @superbuggy , you can check this specific vector.

[skontar]

Resolved by #61