Skip to content

Commit

Permalink
feat: allow searching advisory and cve dates separately
Browse files Browse the repository at this point in the history 
Issue #519
  • Loading branch information
Ulf Lilleengen committed Sep 13, 2023
1 parent 5c062b5 commit f6bc29f
Show file tree
Hide file tree
Showing 5 changed files with 41 additions and 41 deletions.
2 changes: 1 addition & 1 deletion docs/modules/user/pages/search.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ Which matching type depends on the qualifier, but the possible types are:
* Range - Matches within a range of values

You can use ranges for the date fields.
For example, `release:2022-01-01..2022-12-31`.
For example, `advisoryRelease:2022-01-01..2022-12-31`.

TIP: If the search term has a reserved character, such as `:`, you can add quotes.

Expand Down
9 changes: 5 additions & 4 deletions docs/modules/user/pages/vexination.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,9 +76,10 @@ The following table has a list of the search qualifiers you can use when searchi
| `package` | Search by fixed or affected package or product identifier | Exact, Partial | `affected:"cpe:/a:redhat:openshift_container_storage:4.8::el8"`
| `fixed` | Search by fixed package or product identifier | Exact, Partial | `"cpe:/a:redhat:openshift_container_storage:4.8" in:fixed`
| `affected` | Search by affected package or product identifier | Exact, Partial | `"pkg:rpm/redhat/xz-libs@5.2.4" in:affected`
| `initial` | Search by VEX initial date | Exact, Range | `initial:2022-01-01..2023-01-01`
| `release` | Search by VEX release date | Exact, Range | `release:>2023-05-05`
| `discovery` | Search by VEX discovery date | Exact, Range | `discovery:<2023-01-01`
| `advisoryInitial` | Search by VEX initial date | Exact, Range | `advisoryInitial:2022-01-01..2023-01-01`
| `advisoryRelease` | Search by VEX release date | Exact, Range | `advisoryRelease:>2023-05-05`
| `cveRelease` | Search by CVE release date | Exact, Range | `cveRelease:>2023-05-05`
| `cveDiscovery` | Search by CVE discovery date | Exact, Range | `cveDiscovery:<2023-01-01`
|===

The four matching types are:
Expand Down Expand Up @@ -114,7 +115,7 @@ IMPORTANT: Enable **Complex** searching before running these queries.
.Example
[source,rust]
----
"cpe:/a:redhat:openshift:4.13::el9" in:package release:>2023-01-01 is:critical
"cpe:/a:redhat:openshift:4.13::el9" in:package advisoryRelease:>2023-01-01 is:critical
----

[id="vex-reference"]
Expand Down
10 changes: 5 additions & 5 deletions spog/api/src/config/default.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -249,7 +249,7 @@ vexination:
const end = new Date();
const start = new Date(end.getTime() - (7 * 24 * 60 * 60 * 1000));
[
"release:" +
"advisoryRelease:" +
start.toLocaleString("default", { year: "numeric" }) + "-" +
start.toLocaleString("default", { month: "2-digit" }) + "-" +
start.toLocaleString("default", { day: "2-digit" }) + ".." +
Expand All @@ -263,7 +263,7 @@ vexination:
const end = new Date();
const start = new Date(end.getTime() - (30 * 24 * 60 * 60 * 1000));
[
"release:" +
"advisoryRelease:" +
start.toLocaleString("default", { year: "numeric" }) + "-" +
start.toLocaleString("default", { month: "2-digit" }) + "-" +
start.toLocaleString("default", { day: "2-digit" }) + ".." +
Expand All @@ -278,7 +278,7 @@ vexination:
const start = new Date(date.getFullYear(), 0, 1);
const end = new Date(date.getFullYear()+1, 0, 1);
[
"release:" +
"advisoryRelease:" +
start.toLocaleString("default", { year: "numeric" }) + "-" +
start.toLocaleString("default", { month: "2-digit" }) + "-" +
start.toLocaleString("default", { day: "2-digit" }) + ".." +
Expand All @@ -289,11 +289,11 @@ vexination:
- id: "2022"
label: "2022"
terms:
- 'release:2022-01-01..2023-01-01'
- 'advisoryRelease:2022-01-01..2023-01-01'
- id: "2021"
label: "2021"
terms:
- 'release:2021-01-01..2022-01-01'
- 'advisoryRelease:2021-01-01..2022-01-01'
- id: "any"
label: "Any time"

Expand Down
53 changes: 25 additions & 28 deletions vexination/index/src/lib.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -327,7 +327,7 @@ impl trustification_index::Index for Index {
sort_by.replace(self.fields.advisory_severity_score_inverse);
}
},
VulnerabilitiesSortable::Release => match f.direction {
VulnerabilitiesSortable::AdvisoryRelease => match f.direction {
Direction::Descending => {
sort_by.replace(self.fields.advisory_current);
}
Expand Down Expand Up @@ -684,25 +684,22 @@ impl Index {
*to,
)),
},
Vulnerabilities::Initial(ordered) => create_date_query(
Vulnerabilities::AdvisoryInitial(ordered) => create_date_query(
self.fields.advisory_initial,
self.schema.get_field_name(self.fields.advisory_initial),
ordered,
),
Vulnerabilities::Release(ordered) => {
let q1 = create_date_query(
self.fields.advisory_current,
self.schema.get_field_name(self.fields.advisory_current),
ordered,
);
let q2 = create_date_query(
self.fields.cve_release,
self.schema.get_field_name(self.fields.cve_release),
ordered,
);
Box::new(BooleanQuery::union(vec![q1, q2]))
}
Vulnerabilities::Discovery(ordered) => create_date_query(
Vulnerabilities::AdvisoryRelease(ordered) => create_date_query(
self.fields.advisory_current,
self.schema.get_field_name(self.fields.advisory_current),
ordered,
),
Vulnerabilities::CveRelease(ordered) => create_date_query(
self.fields.cve_release,
self.schema.get_field_name(self.fields.cve_release),
ordered,
),
Vulnerabilities::CveDiscovery(ordered) => create_date_query(
self.fields.cve_discovery,
self.schema.get_field_name(self.fields.cve_discovery),
ordered,
Expand Down Expand Up @@ -912,31 +909,31 @@ mod tests {
#[tokio::test]
async fn test_free_form_dates() {
assert_search(|index| {
let result = search(&index, "initial:>2022-01-01");
let result = search(&index, "advisoryInitial:>2022-01-01");
assert_eq!(result.0.len(), 3);

let result = search(&index, "discovery:>2022-01-01");
let result = search(&index, "cveDiscovery:>2022-01-01");
assert_eq!(result.0.len(), 3);

let result = search(&index, "release:>2022-01-01");
let result = search(&index, "advisoryRelease:>2022-01-01");
assert_eq!(result.0.len(), 3);

let result = search(&index, "release:>2023-02-08");
let result = search(&index, "advisoryRelease:>2023-02-08");
assert_eq!(result.0.len(), 3);

let result = search(&index, "release:2022-01-01..2023-01-01");
assert_eq!(result.0.len(), 1);
let result = search(&index, "advisoryRelease:2022-01-01..2023-01-01");
assert_eq!(result.0.len(), 0);

let result = search(&index, "release:2022-01-01..2024-01-01");
let result = search(&index, "advisoryRelease:2022-01-01..2024-01-01");
assert_eq!(result.0.len(), 3);

let result = search(&index, "release:2023-03-23");
let result = search(&index, "advisoryRelease:2023-03-23");
assert_eq!(result.0.len(), 1);

let result = search(&index, "release:2023-03-24");
let result = search(&index, "advisoryRelease:2023-03-24");
assert_eq!(result.0.len(), 0);

let result = search(&index, "release:2023-03-22");
let result = search(&index, "advisoryRelease:2023-03-22");
assert_eq!(result.0.len(), 0);
});
}
Expand Down Expand Up @@ -1060,15 +1057,15 @@ mod tests {
#[tokio::test]
async fn test_sorting_noterms() {
assert_search(|index| {
let result = search(&index, "sort:release");
let result = search(&index, "sort:advisoryRelease");
assert_eq!(result.0.len(), 4);
assert_eq!(result.0[0].document.advisory_id, "RHSA-2021:3029");
assert_eq!(result.0[1].document.advisory_id, "RHSA-2023:1441");
assert_eq!(result.0[2].document.advisory_id, "RHSA-2023:3408");
assert_eq!(result.0[3].document.advisory_id, "RHSA-2023:4378");
assert!(result.0[0].document.advisory_date < result.0[1].document.advisory_date);

let result = search(&index, "-sort:release");
let result = search(&index, "-sort:advisoryRelease");
assert_eq!(result.0.len(), 4);
assert_eq!(result.0[0].document.advisory_id, "RHSA-2023:4378");
assert_eq!(result.0[1].document.advisory_id, "RHSA-2023:3408");
Expand Down
8 changes: 5 additions & 3 deletions vexination/model/src/search.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,11 +25,13 @@ pub enum Vulnerabilities<'a> {
#[search(scope)]
Affected(Primary<'a>),
#[search]
Initial(Ordered<time::OffsetDateTime>),
AdvisoryInitial(Ordered<time::OffsetDateTime>),
#[search(sort)]
Release(Ordered<time::OffsetDateTime>),
AdvisoryRelease(Ordered<time::OffsetDateTime>),
#[search]
Discovery(Ordered<time::OffsetDateTime>),
CveRelease(Ordered<time::OffsetDateTime>),
#[search]
CveDiscovery(Ordered<time::OffsetDateTime>),
Final,
Critical,
High,
Expand Down

0 comments on commit f6bc29f

Please sign in to comment.