Sort package vulnerability advisories by severity in descending order (…

…#4175)
NuGet · Oct 13, 2021 · 8923757 · 8923757
1 parent 4e62c16
commit 8923757
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 16 deletions.
diff --git a/src/NuGet.Clients/NuGet.PackageManagement.UI/Models/DetailControlModel.cs b/src/NuGet.Clients/NuGet.PackageManagement.UI/Models/DetailControlModel.cs
@@ -415,27 +415,17 @@ public IReadOnlyCollection<PackageVulnerabilityMetadataContextInfo> PackageVulne
             private set
             {
                 _packageVulnerabilities = value;
-                PackageVulnerabilityMaxSeverity = value?.Max(v => v.Severity) ?? -1;
 
                 OnPropertyChanged(nameof(PackageVulnerabilities));
+                OnPropertyChanged(nameof(PackageVulnerabilityMaxSeverity));
                 OnPropertyChanged(nameof(IsPackageVulnerable));
                 OnPropertyChanged(nameof(PackageVulnerabilityCount));
             }
         }
 
-        private int _packageVulnerabilityMaxSeverity = -1;
         public int PackageVulnerabilityMaxSeverity
         {
-            get => _packageVulnerabilityMaxSeverity;
-            private set
-            {
-                if (_packageVulnerabilityMaxSeverity != value)
-                {
-                    _packageVulnerabilityMaxSeverity = value;
-
-                    OnPropertyChanged(nameof(PackageVulnerabilityMaxSeverity));
-                }
-            }
+            get => PackageVulnerabilities?.FirstOrDefault()?.Severity ?? -1;
         }
 
         public bool IsPackageVulnerable
@@ -509,8 +499,7 @@ public DetailedPackageMetadata PackageMetadata
                     PackageDeprecationReasons = newDeprecationReasons;
                     PackageDeprecationAlternatePackageText = newAlternatePackageText;
 
-                    IEnumerable<PackageVulnerabilityMetadataContextInfo> vulnerabilities = _packageMetadata?.Vulnerabilities;
-                    PackageVulnerabilities = vulnerabilities?.ToList();
+                    PackageVulnerabilities = _packageMetadata?.Vulnerabilities?.ToList();
 
                     OnPropertyChanged(nameof(PackageMetadata));
                     OnPropertyChanged(nameof(IsPackageDeprecated));

diff --git a/src/NuGet.Clients/NuGet.PackageManagement.UI/ViewModels/PackageItemViewModel.cs b/src/NuGet.Clients/NuGet.PackageManagement.UI/ViewModels/PackageItemViewModel.cs
@@ -668,7 +668,7 @@ private async Task ReloadPackageMetadataAsync()
 
                 DeprecationMetadata = deprecationMetadata;
                 IsPackageDeprecated = deprecationMetadata != null;
-                VulnerabilityMaxSeverity = packageMetadata?.Vulnerabilities?.Max(v => v.Severity) ?? -1;
+                VulnerabilityMaxSeverity = packageMetadata?.Vulnerabilities?.FirstOrDefault()?.Severity ?? -1;
             }
             catch (OperationCanceledException) when (cancellationToken.IsCancellationRequested)
             {

diff --git a/...ts/NuGet.VisualStudio.Internal.Contracts/ContextInfos/PackageSearchMetadataContextInfo.cs b/...ts/NuGet.VisualStudio.Internal.Contracts/ContextInfos/PackageSearchMetadataContextInfo.cs
@@ -73,7 +73,9 @@ public static PackageSearchMetadataContextInfo Create(IPackageSearchMetadata pac
                 IsListed = packageSearchMetadata.IsListed,
                 DependencySets = packageSearchMetadata.DependencySets?.ToList(),
                 DownloadCount = packageSearchMetadata.DownloadCount,
-                Vulnerabilities = packageSearchMetadata.Vulnerabilities?.Select(vulnerability => new PackageVulnerabilityMetadataContextInfo(vulnerability.AdvisoryUrl, vulnerability.Severity)).ToArray(),
+                Vulnerabilities = packageSearchMetadata.Vulnerabilities?
+                    .Select(vulnerability => new PackageVulnerabilityMetadataContextInfo(vulnerability.AdvisoryUrl, vulnerability.Severity))
+                    .OrderByDescending(v => v.Severity).ToArray(),
             };
         }
     }

diff --git a/test/NuGet.Clients.Tests/NuGet.PackageManagement.UI.Test/Models/V3DetailControlModelTests.cs b/test/NuGet.Clients.Tests/NuGet.PackageManagement.UI.Test/Models/V3DetailControlModelTests.cs
@@ -131,6 +131,17 @@ public void VulnerabilityCountWhenMetadataHasVulnerability_Calculated()
             Assert.Equal(_testInstance.PackageVulnerabilityCount, _testData.TestData.Vulnerabilities.Count());
         }
 
+        [Fact]
+        public void PackageVulnerabilities_WhenMetadataHasVulnerability_IsOrderedBySeverityDescending()
+        {
+            IEnumerable<PackageVulnerabilityMetadataContextInfo> sortedTestVulnerabilities =
+                _testData.TestData.Vulnerabilities
+                .OrderByDescending(v => v.Severity)
+                .Select(v => new PackageVulnerabilityMetadataContextInfo(v.AdvisoryUrl, v.Severity));
+
+            Assert.Equal(sortedTestVulnerabilities, _testInstance.PackageVulnerabilities);
+        }
+
         [Fact]
         public async Task SetCurrentPackageAsync_SortsVersions_ByNuGetVersionDesc()
         {