cveListSearch: make all CVE ID only searches consistent by quoting the ID

rlxdev · rlxdev · commit 11978a13b94a · 2026-01-23T15:36:02.000-05:00
diff --git a/src/stores/cveListSearch.js b/src/stores/cveListSearch.js
@@ -3,6 +3,18 @@ import { useErrorMessageStore } from './cveRecord';
 import { useGenericGlobalsStore } from './genericGlobals';
 import axios from 'axios';
 
+// Users may search for a CVE ID by either specifying it with or without quotes.
+// The regular expresssion object defined here will detect if a string is solely
+// a CVE ID (quotes optional).  It's used to extract the CVE ID. This helps to
+// yield consistent results independent of whether the user has enclosed the CVE
+// ID in quotes.
+
+const cveIdRegex = '(?<cveid>CVE-\\d{4}-\\d{4,7})';
+
+const searchCveIdRegex = `^"?${cveIdRegex}"?\$`;
+
+const searchCveIdRe = RegExp(searchCveIdRegex, 'i');
+
 export const useCveListSearchStore = defineStore('cveListSearch ', {
   state: () => {
     return {
@@ -66,30 +78,46 @@ export const useCveListSearchStore = defineStore('cveListSearch ', {
     }
   },
   actions: {
+    cveIdSearchTerm() {
+
+        // This method returns true if the search query is a CVE ID, optionally
+        // surrounded by quotes.  If this is the case, the CVE ID is extracted,
+        // normalized, and the query set to the quoted CVE ID.  By enclosing
+        // the CVE ID in quotes, the search won't break it up into its parts
+        // which is certainly not what the user expects.  This will make the
+        // search quicker and provide better results for CVE ID only searches.
+
+        const cveIdMatch = searchCveIdRe.exec(this.query);
+        if (cveIdMatch) {
+          this.cveId = cveIdMatch.groups.cveid.toUpperCase();
+          this.query = `"${this.cveId}"`;
+        }
+
+        return cveIdMatch !== null;
+    },
     decrement(field) {
       this[field] -= 1;
     },
-    isCveIdPattern() {
-      return new RegExp(/^CVE-\d{4}-\d{4,7}$/, 'i').test(this.query);
-    },
     resetResults() {
       this.searchResults = [];
       this.totalSearchResultCount = 0;
     },
     async search() {
       this.isSearching = true;
-      try{
+
+      const isCveIdSearch = this.cveIdSearchTerm();
+
+      try {
 
         // * query search service
         this.totalExecutingRequests = 1;
+
         await this.getSearchResults();
 
-        if (this.isCveIdPattern()) {
+        if (isCveIdSearch) {
 
           // The user's query is one CVE ID.
 
-          this.cveId = this.query.toUpperCase();
-
           if (this.searchResults.length === 1
               && this.searchResults[0].cveId === this.cveId) {
 
@@ -116,7 +144,7 @@ export const useCveListSearchStore = defineStore('cveListSearch ', {
         }
       } catch (error) {
         // if record is not found, find potential reserved/rejected ID
-        if (this.isCveIdPattern() && Object.keys(this.recordData).length === 0) {
+        if (isCveIdSearch && Object.keys(this.recordData).length === 0) {
           await this.getIdData();
         } else
           throw new Error(`search() >> error with getSearchResults(), getRecordData(): ${error}`);
