Commit 5907a5f5 authored by PidgeyL's avatar PidgeyL
Browse files

fulltext search on database

parent e67c1d58
Loading
Loading
Loading
Loading
+2 −0
Original line number Diff line number Diff line
@@ -15,6 +15,7 @@ runPath = os.path.dirname(os.path.realpath(__file__))
sys.path.append(os.path.join(runPath, ".."))

import traceback
from pymongo import TEXT

from lib.Config import Configuration

@@ -37,6 +38,7 @@ setIndex('cpeother', 'id')
setIndex('cves', 'id')
setIndex('cves', 'vulnerable_configuration')
setIndex('cves', 'Modified')
setIndex('cves', [("summary",TEXT)])
setIndex('vfeed', 'id')
setIndex('vendor', 'id')
setIndex('d2sec', 'id')
+13 −0
Original line number Diff line number Diff line
@@ -477,6 +477,19 @@ def browse(vendor=None):
                               status={'except':'redis-connection',
                                       'info':{'host':Configuration.getRedisHost(),'port':Configuration.getRedisPort()}})


@app.route('/search', methods=['POST'])
def searchText():
    search = request.form.get('search')
    collection = db.cves
    try:
        cvelist = db.command("text", "cves", search=search)["results"]
    except:
        return render_template('error.html', status={'except':'textsearch-not-enabled'})
    cve=[x["obj"] for x in cvelist]
    return render_template('search.html', cve=cve)


@app.route('/search/<vendor>/<path:product>')
def search(vendor=None, product=None):
    collection = db.cves
+16 −1
Original line number Diff line number Diff line
//Search function
function redirect() {
  var url = "/cve/" + document.getElementById("search").value.toUpperCase(); window.location = url;
  var search = document.getElementById("search").value
  if(/^CVE-[0-9]{4}-[0-9]{4,6}$/.test(search.toUpperCase())){
    var url = "/cve/" + search; window.location = url;
  }else{
    var form = document.createElement("form");
    form.method="POST";
    form.action="/search";
    var field = document.createElement("INPUT");
    field.type = "hidden";
    field.name = "search"
    field.value = search
    form.appendChild(field);
    document.body.appendChild(form);
    form.submit();
  }
  
}

//Bootstrap tooltip
+5 −1
Original line number Diff line number Diff line
@@ -22,6 +22,10 @@
            <h1>This CVE does not exist</h1>
            <p>{{status['info']['cve']}} could not be found in the CVE-Search database.
               This could mean that this CVE is not in the National Vulnerability Database yet, that your database is outdated or that you entered a wrong CVE.</p>
          {% elif status['except']=='textsearch-not-enabled' %}
            <h1>Fulltext search not enabled</h1>
            <p>The current settings in the database do not allow fulltext search.<br />
               If you feel like this should be enabled, please contact your administrator.</p>
          {% endif %}
        </div>
        <!-- end content -->
+28 −28
Original line number Diff line number Diff line
@@ -10,7 +10,7 @@
      <li>
        <div class="col-sm-3">
          <form id="tfnewsearch" method="get" class="input-group navbar-form"onsubmit="redirect(); return false;">
                    <input type="text" class="form-control input-sm" id="search" pattern="[cC][vV][eE]-[0-9]{4}-[0-9]{4,6}" placeholder="Search CVE"/>
            <input type="text" class="form-control input-sm" id="search" placeholder="Search CVE"/>
            <span class="input-group-btn">
              <input type="submit" class="btn btn-default input-sm" value="search" />
            </span>
Loading