-
Notifications
You must be signed in to change notification settings - Fork 644
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixing the vulnerability order inside the dictionary cache #8780
Conversation
Thanks for starting this! The This vulnerabilities information is later passed by the PackagesController to the factory that creates the view model. What do you think of sorting the vulnerabilities inside of this view model factory? The drawback I see is that we will do redundant sorting, however, this should be acceptable as most packages don't have vulnerabilities. |
Sounds good to me. I'll do the change ;) |
Do you think this needs a test @loic-sharma ? |
Yup please add unit tests. It looks like we have a test gap currently, but you should be able to mirror the test on the deprecations here: NuGetGallery/tests/NuGetGallery.Facts/ViewModels/DisplayPackageViewModelFacts.cs Lines 843 to 925 in 1433c81
A test like "arrange 3 vulnerabilities with different severities out-of-order and assert the resulting model's vulnerabilities are in order" should be perfect. Let us know if you have questions! |
var versionModel = model.PackageVersions.Single(); | ||
Assert.Null(versionModel.CustomMessage); | ||
Assert.NotNull(model.Vulnerabilities); | ||
Assert.Equal(model.Vulnerabilities, packageKeyToVulnerabilities[package.Key].OrderByDescending(p => p.Severity).ToList().AsReadOnly()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm worried someone could break this logic if they re-order the PackageVulnerabilitySeverity
enum. To prevent this mistake, we could manually verify the order here:
Assert.Equal(model.Vulnerabilities, packageKeyToVulnerabilities[package.Key].OrderByDescending(p => p.Severity).ToList().AsReadOnly()); | |
Assert.Equal(PackageVulnerabilitySeverity.Critical, model.Vulnerabilities[0].Severity); | |
Assert.Equal(PackageVulnerabilitySeverity.High, model.Vulnerabilities[1].Severity); | |
Assert.Equal(PackageVulnerabilitySeverity.Low, model.Vulnerabilities[2].Severity); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For sure :)
@agr (on-call) or @loic-sharma (point of contact), could you shepherd this PR into a merged state? |
@sipmann Thanks for the contribution! This will be included in our next nuget.org deployment. You can track our progress using this work item: #8703 @joelverhagen Yup can do. |
Fixes #8703
I'm not sure how much this will impact the performance. Do we have an environment to do any kind of performance test?
I've tried to put the order inside the query but without success.
Accept any tips on this ❤