Closed bobmcwhirter closed 3 months ago
bobmcwhirter
commented
3 months ago @carlosthe19916 this should allow sorting by average_score (not severity, since that's just a string derived from the score).
Relates to https://github.com/trustification/trustify/issues/383
ctron
commented
3 months ago So we are doing all this work just to avoid having an intermediate search model?
mrizzi
commented
3 months ago Just a comment after having seen the PLSQL code. Considering the efforts we're putting into having rustsec/CVSS library to fully cover CVSS 3.1 specs, i.e. https://github.com/rustsec/rustsec/pull/1198/, would be possible to calculate the score just once when the vectorString is ingested and then store the value in an column? too basic/not enough approach?
bobmcwhirter
commented
3 months ago Marco: yes we should probably just store the computer score.
Will still need the extra magic to sort and filter by the AVG() but it would reduce the work of the DB by some.
I'll enhance.
Provide enough escape-hatches around filterin/sorting to do my evil deeds. Do some evil deeds in SQL to allow sorting/filtering by synthetic
average_scoreon advisories. Do even more evil, by writing entirely too many SQL functions. Lay in appropriate DOWN migration for cvss3 scoring functions.