feat: sort all vulns by severity before display

src/cli/commands/test/formatters/remediation-based-format-issues.ts

@@ -4,6 +4,7 @@ import * as config from '../../../../lib/config';
 import { TestOptions } from '../../../../lib/types';
 import { RemediationResult, PatchRemediation,
   DependencyUpdates, IssueData, SEVERITY, GroupedVuln } from '../../../../lib/snyk-test/legacy';
+import { SEVERITIES } from '../../../../lib/snyk-test/common';
 
 interface BasicVulnInfo {
   title: string;
@@ -56,6 +57,10 @@ export function formatIssuesWithRemediation(
   return results;
 }
 
+export function getSeverityValue(severity: SEVERITY): number {
+  return SEVERITIES.find((s) => s.verboseName === severity)!.value;
+}
+
 function constructPatchesText(
   patches: {
     [name: string]: PatchRemediation;
@@ -69,6 +74,7 @@ function constructPatchesText(
     return [];
   }
   const patchedTextArray = [chalk.bold.green('\nPatchable issues:')];
+
   for (const id of Object.keys(patches)) {
     // todo: add vulnToPatch package name
     const packageAtVersion = `${basicVulnInfo[id].name}@${basicVulnInfo[id].version}`;
@@ -104,6 +110,7 @@ function constructUpgradesText(
     const upgradeText =
     `\n  Upgrade ${chalk.bold.whiteBright(upgrade)} to ${chalk.bold.whiteBright(upgradeDepTo)} to fix\n`;
     const thisUpgradeFixes = vulnIds
+      .sort((a, b) => getSeverityValue(basicVulnInfo[a].severity) - getSeverityValue(basicVulnInfo[b].severity))
       .map((id) => formatIssue(
           id,
           basicVulnInfo[id].title,
@@ -125,9 +132,16 @@ function constructUnfixableText(unresolved: IssueData[]) {
     const extraInfo = issue.fixedIn && issue.fixedIn.length
       ? `\n  This issue was fixed in versions: ${chalk.bold(issue.fixedIn.join(', '))}`
       : '\n  No upgrade or patch available';
-    const packageNameAtVersion = chalk.bold.whiteBright(`\n  ${issue.packageName}@${issue.version}\n`);
+    const packageNameAtVersion = chalk.bold
+    .whiteBright(`\n  ${issue.packageName}@${issue.version}\n`);
     unfixableIssuesTextArray
-      .push(packageNameAtVersion + formatIssue(issue.id, issue.title, issue.severity, issue.isNew) + `${extraInfo}`);
+      .push(packageNameAtVersion +
+      formatIssue(
+        issue.id,
+        issue.title,
+        issue.severity,
+        issue.isNew) + `${extraInfo}`,
+      );
   }
 
   return unfixableIssuesTextArray;

src/cli/commands/test/index.ts

@@ -14,7 +14,7 @@ import { MethodArgs } from '../../args';
 import { LegacyVulnApiResult, SEVERITY, GroupedVuln, VulnMetaData } from '../../../lib/snyk-test/legacy';
 import { formatIssues } from './formatters/legacy-format-issue';
 import { WIZARD_SUPPORTED_PACKAGE_MANAGERS } from '../../../lib/package-managers';
-import { formatIssuesWithRemediation } from './formatters/remediation-based-format-issues';
+import { formatIssuesWithRemediation, getSeverityValue } from './formatters/remediation-based-format-issues';
 
 const debug = Debug('snyk');
 const SEPARATOR = '\n-------------------------------------------------------\n';
@@ -451,10 +451,6 @@ function validateSeverityThreshold(severityThreshold) {
     .indexOf(severityThreshold) > -1;
 }
 
-function getSeverityValue(severity) {
-  return SEVERITIES.find((severityObj) => severityObj.verboseName === severity)!.value;
-}
-
 // This is all a copy from Registry snapshots/index
 function isVulnFixable(vuln) {
   return vuln.isUpgradable || vuln.isPatchable;

src/lib/snyk-test/common.ts

@@ -20,17 +20,25 @@ export function assembleQueryString(options) {
   return Object.keys(qs).length !== 0 ? qs : null;
 }
 
-export const SEVERITIES = [
+enum SEVERITY {
+  LOW = 'low',
+  MEDIUM = 'medium',
+  HIGH = 'high',
+}
+export const SEVERITIES: Array<{
+  verboseName: SEVERITY,
+  value: number,
+}> = [
   {
-    verboseName: 'low',
+    verboseName: SEVERITY.LOW,
     value: 1,
   },
   {
-    verboseName: 'medium',
+    verboseName: SEVERITY.MEDIUM,
     value: 2,
   },
   {
-    verboseName: 'high',
+    verboseName: SEVERITY.HIGH,
     value: 3,
   },
 ];

src/lib/snyk-test/legacy.ts

@@ -1,6 +1,7 @@
 import * as _ from 'lodash';
 import * as depGraphLib from '@snyk/dep-graph';
 import { SupportedPackageManagers } from '../package-managers';
+import { SEVERITIES } from './common';
 
 interface Pkg {
   name: string;
@@ -219,7 +220,7 @@ function convertTestDepGraphResultToLegacy(
     res: TestDepGraphResponse,
     depGraph: depGraphLib.DepGraph,
     packageManager: string,
-    severityThreshold?: string): LegacyVulnApiResult {
+    severityThreshold?: SEVERITY): LegacyVulnApiResult {
 
   const result = res.result;
 
@@ -290,7 +291,7 @@ function convertTestDepGraphResultToLegacy(
 
   const meta = res.meta || {};
 
-  severityThreshold = (severityThreshold === 'low') ? undefined : severityThreshold;
+  severityThreshold = (severityThreshold === SEVERITY.LOW) ? undefined : severityThreshold;
 
   const legacyRes: LegacyVulnApiResult = {
     vulnerabilities: vulns,
@@ -335,15 +336,15 @@ function toLegacyPkgId(pkg: Pkg) {
   return `${pkg.name}@${pkg.version || '*'}`;
 }
 
-function getSummary(vulns: object[], severityThreshold?: string): string {
+function getSummary(vulns: object[], severityThreshold?: SEVERITY): string {
   const count = vulns.length;
   let countText = '' + count;
   const severityFilters: string[] = [];
-
-  const SEVERITIES = ['low', 'medium', 'high'];
-
+  const severitiesArray = SEVERITIES.map((s) => s.verboseName);
   if (severityThreshold) {
-    SEVERITIES.slice(SEVERITIES.indexOf(severityThreshold)).forEach((sev) => {
+    severitiesArray
+    .slice(severitiesArray.indexOf(severityThreshold))
+    .forEach((sev) => {
       severityFilters.push(sev);
     });
   }

src/lib/types.ts

@@ -1,5 +1,6 @@
 import { SupportedPackageManagers } from './package-managers';
 import { legacyCommon as legacyApi } from '@snyk/cli-interface';
+import { SEVERITY } from './snyk-test/legacy';
 
 export interface PluginMetadata {
   name: string;
@@ -49,7 +50,7 @@ export interface Options {
   packageManager: SupportedPackageManagers;
   advertiseSubprojectsCount?: number;
   subProjectNames?: string[];
-  severityThreshold?: string;
+  severityThreshold?: SEVERITY;
   dev?: boolean;
   'print-deps'?: boolean;
 }