From 4f37c7b3f513e60c10dd9a83016f1d08bba68210 Mon Sep 17 00:00:00 2001
From: tdruez <tdruez@nexb.com>
Date: Tue, 12 Nov 2024 14:53:14 +0400
Subject: [PATCH] Sort the vulnerability by risk in listing #98

Signed-off-by: tdruez <tdruez@nexb.com>
---
 component_catalog/views.py |  2 +-
 product_portfolio/views.py |  6 +-----
 vulnerabilities/models.py  |  7 +++++++
 vulnerabilities/views.py   | 11 ++++-------
 4 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/component_catalog/views.py b/component_catalog/views.py
index 05bca00..2643ce2 100644
--- a/component_catalog/views.py
+++ b/component_catalog/views.py
@@ -251,7 +251,7 @@ class TabVulnerabilityMixin:
     template = "component_catalog/tabs/tab_vulnerabilities.html"
 
     def tab_vulnerabilities(self):
-        vulnerabilities_qs = self.object.affected_by_vulnerabilities.all()
+        vulnerabilities_qs = self.object.affected_by_vulnerabilities.order_by_risk()
         if not vulnerabilities_qs:
             return
 
diff --git a/product_portfolio/views.py b/product_portfolio/views.py
index b7badc1..40dd71a 100644
--- a/product_portfolio/views.py
+++ b/product_portfolio/views.py
@@ -25,7 +25,6 @@
 from django.core.paginator import Paginator
 from django.db import transaction
 from django.db.models import Count
-from django.db.models import F
 from django.db.models import Prefetch
 from django.db.models.functions import Lower
 from django.forms import modelformset_factory
@@ -1111,10 +1110,7 @@ def get_context_data(self, **kwargs):
         package_qs = Package.objects.filter(product=product).only_rendering_fields()
         vulnerability_qs = base_vulnerability_qs.prefetch_related(
             Prefetch("affected_packages", package_qs)
-        ).order_by(
-            F("max_score").desc(nulls_last=True),
-            "-min_score",
-        )
+        ).order_by_risk()
 
         self.filterset = self.filterset_class(
             self.request.GET,
diff --git a/vulnerabilities/models.py b/vulnerabilities/models.py
index 7f843a8..05e3d2d 100644
--- a/vulnerabilities/models.py
+++ b/vulnerabilities/models.py
@@ -40,6 +40,13 @@ def with_affected_packages_count(self):
             affected_packages_count=Count("affected_packages", distinct=True),
         )
 
+    def order_by_risk(self):
+        return self.order_by(
+            models.F("risk_score").desc(nulls_last=True),
+            models.F("weighted_severity").desc(nulls_last=True),
+            models.F("exploitability").desc(nulls_last=True),
+        )
+
 
 class Vulnerability(HistoryDateFieldsMixin, DataspacedModel):
     """
diff --git a/vulnerabilities/views.py b/vulnerabilities/views.py
index d2959c0..9b1b28c 100644
--- a/vulnerabilities/views.py
+++ b/vulnerabilities/views.py
@@ -7,7 +7,6 @@
 #
 
 from django.contrib.auth.mixins import LoginRequiredMixin
-from django.db.models import F
 from django.http import Http404
 from django.utils.translation import gettext_lazy as _
 
@@ -47,18 +46,16 @@ def get_queryset(self):
                 "aliases",
                 "summary",
                 "fixed_packages_count",
-                "max_score",
-                "min_score",
+                "exploitability",
+                "weighted_severity",
+                "risk_score",
                 "created_date",
                 "last_modified_date",
                 "dataspace",
             )
             .with_affected_products_count()
             .with_affected_packages_count()
-            .order_by(
-                F("max_score").desc(nulls_last=True),
-                "-min_score",
-            )
+            .order_by_risk()
         )
 
     def get_context_data(self, **kwargs):