Order vulnerabilities by severity (#8780)

sipmann · web-flow · commit 70410644e3c5 · 2021-09-08T12:37:16.000-07:00
Addresses #8703
diff --git a/src/NuGetGallery/Helpers/ViewModelExtensions/DisplayPackageViewModelFactory.cs b/src/NuGetGallery/Helpers/ViewModelExtensions/DisplayPackageViewModelFactory.cs
@@ -206,7 +206,7 @@ private DisplayPackageViewModel SetupCommon(
                 && packageKeyToVulnerabilities.TryGetValue(package.Key, out var vulnerabilities)
                 && vulnerabilities != null && vulnerabilities.Any())
             {
-                viewModel.Vulnerabilities = vulnerabilities;
+                viewModel.Vulnerabilities = vulnerabilities.OrderByDescending(vul => vul.Severity).ToList().AsReadOnly();
                 maxVulnerabilitySeverity = viewModel.Vulnerabilities.Max(v => v.Severity); // cache for messaging
                 viewModel.MaxVulnerabilitySeverity = maxVulnerabilitySeverity.Value;
             }
diff --git a/tests/NuGetGallery.Facts/ViewModels/DisplayPackageViewModelFacts.cs b/tests/NuGetGallery.Facts/ViewModels/DisplayPackageViewModelFacts.cs
@@ -924,6 +924,38 @@ public void DeprecationFieldsAreSetAsExpected(
             Assert.Null(versionModel.CustomMessage);
         }
 
+        [Fact]
+        public void VulnerabilitiesDisplayedInOrder()
+        {
+            var package = CreateTestPackage("1.0.0");
+
+            var packageKeyToVulnerabilities = new Dictionary<int, IReadOnlyList<PackageVulnerability>>
+            {
+                { package.Key, new List<PackageVulnerability>
+                    {
+                        new PackageVulnerability { Key = 1, Severity = PackageVulnerabilitySeverity.High },
+                        new PackageVulnerability { Key = 2, Severity = PackageVulnerabilitySeverity.Low },
+                        new PackageVulnerability { Key = 3, Severity = PackageVulnerabilitySeverity.Critical },
+                    }
+                }
+            };
+
+            // Act
+            var model = CreateDisplayPackageViewModel(
+                package,
+                currentUser: null,
+                packageKeyToVulnerabilities: packageKeyToVulnerabilities,
+                readmeHtml: null);
+
+            // Assert
+            var versionModel = model.PackageVersions.Single();
+            Assert.Null(versionModel.CustomMessage);
+            Assert.NotNull(model.Vulnerabilities);
+            Assert.Equal(PackageVulnerabilitySeverity.Critical, model.Vulnerabilities.ElementAt(0).Severity);
+            Assert.Equal(PackageVulnerabilitySeverity.High, model.Vulnerabilities.ElementAt(1).Severity);
+            Assert.Equal(PackageVulnerabilitySeverity.Low, model.Vulnerabilities.ElementAt(2).Severity);
+        }
+
         [Theory]
         [InlineData(true)]
         [InlineData(false)]

Original file line number	Diff line number	Diff line change
`@@ -206,7 +206,7 @@ private DisplayPackageViewModel SetupCommon(`
`206`	`206`	`&& packageKeyToVulnerabilities.TryGetValue(package.Key, out var vulnerabilities)`
`207`	`207`	`&& vulnerabilities != null && vulnerabilities.Any())`
`208`	`208`	`{`
`209`		`- viewModel.Vulnerabilities = vulnerabilities;`
	`209`	`+ viewModel.Vulnerabilities = vulnerabilities.OrderByDescending(vul => vul.Severity).ToList().AsReadOnly();`
`210`	`210`	`maxVulnerabilitySeverity = viewModel.Vulnerabilities.Max(v => v.Severity); // cache for messaging`
`211`	`211`	`viewModel.MaxVulnerabilitySeverity = maxVulnerabilitySeverity.Value;`
`212`	`212`	`}`