Switching between lookup and search

David T Rocca · David T Rocca · commit 7c548a1e634b · 2024-10-10T13:10:51.000-04:00
diff --git a/src/components/AdpVulnerabilityEnrichment.vue b/src/components/AdpVulnerabilityEnrichment.vue
@@ -208,6 +208,7 @@
   
 <script>
 import { usecveRecordStore } from '@/stores/cveRecord.ts';
+import { useGenericGlobalsStore } from '@/stores/genericGlobals';
 import ProductStatus from '@/components/ProductStatus.vue';
 import CveRecordReferences from './CveRecordReferences.vue';
 
@@ -252,7 +253,7 @@ export default {
       //to do
       adpShortName: this.containerObject.providerMetadata.shortName,
       dateUpdated: '',
-      cveServicesBaseUrl: import.meta.env.VITE_CVE_SERVICES_BASE_URL,
+      cveServicesBaseUrl: useGenericGlobalsStore().currentServicesUrl,
       usecveRecordStore: usecveRecordStore(),
     }
   },
diff --git a/src/components/cveRecordSearchModule.vue b/src/components/cveRecordSearchModule.vue
@@ -1,19 +1,29 @@
 <template>
   <div class="field mt-1">
-    <div class="field has-addons mb-1">
-      <div class="control is-expanded">
-        <input v-model.trim="queryString" @keyup.enter="onKeyUpEnter" @keyup="validateQueryString" type="text" class="input cve-id-input"
-          placeholder="Enter keywords (e.g.: CVE ID, sql injection, etc.)"/>
-      </div>
-      <div class="control">
-        <button @click="validate"
+    <div class="field has-addons">
+    <div class="control">
+      <span v-if="websiteEnv !== 'prd'" class="select cve-search-selector">
+          <select v-model="searchType">
+              <option>Search CVE List (Beta)</option>
+              <option>Find a Test CVE Record/ID (Legacy)</option>
+          </select>
+      </span>
+    </div>
+    <div class="control is-expanded">
+      <input v-if="searchTypeBoolean" v-model.trim="queryString" @keyup.enter="onKeyUpEnter" @keyup="validateQueryString" type="text" class="input cve-id-input"
+        placeholder="Enter keywords (e.g.: CVE ID, sql injection, etc.)"/>
+      <input v-else v-model="cveId" @keyup.enter="onKeyUpEnter" @keyup="validateQueryString" @blur="removeHelpText" type="text" class="input cve-id-input"
+        placeholder="Enter CVE ID (CVE-YYYY-NNNN)"/>
+    </div>
+    <div class="control">
+      <button @click="validate"
           class="button cve-button cve-button-accent-warm"
           :class="{'is-loading': cveListSearchStore.isSearching, 'disabled': cveListSearchStore.isSeachButtonDisabled}"
           :aria-disabled="cveListSearchStore.isSeachButtonDisabled">
           Search {{ websiteEnv === 'test' ? 'CVE List in Test' : ''}}
         </button>
-      </div>
     </div>
+  </div>
     <div class="notification is-warning is-light" role="alert" v-if="errorMessage.length > 0">
       <div class="is-flex is-align-content-flex-start">
         <p id="alertIcon" class="is-hidden">alert</p>
@@ -32,13 +42,28 @@
 import { useCveListSearchStore } from '@/stores/cveListSearch';
 import { computed, ref, watch } from 'vue';
 import { useRoute, useRouter } from 'vue-router';
+// Legacy Search Import
+import { usecveRecordStore } from '@/stores/cveRecord';
+import { useGenericGlobalsStore } from '@/stores/genericGlobals';
+
 let cveListSearchStore = useCveListSearchStore();
 const route = useRoute();
 const router = useRouter();
 
 let queryString = ref('');
 let errorMessage = ref('');
 
+let cveGenericGlobalsStore = useGenericGlobalsStore();
+let cveRecordStore = usecveRecordStore();
+let searchType = ref('Search CVE List (Beta)');
+let cveId = cveRecordStore.cveId;
+
+// this seems redundant, but it fixes an edge case.
+// if a user searches for a particular field, then on the results page flips the toggle, THEN refreshes without searching, this will keep the correct helper text showing.
+let searchTypeBoolean = computed(() => {
+  return searchType.value == 'Search CVE List (Beta)' ? true : false;
+});
+
 watch(
   () => route.query,
   () => {
@@ -54,7 +79,17 @@ watch(
 
 
 function startSearch() {
-  if (queryString.value !== cveListSearchStore.query) {
+  // We only want to flip the search item _When we actually do a search_ otherwise we should default back to what we were on a page refresh
+  if (searchTypeBoolean.value) {
+    cveGenericGlobalsStore.setUseSearch(true);
+    cveGenericGlobalsStore.setCurrentServicesUrl(`https://${import.meta.env.VITE_CVE_SERVICES_BASE_URL}`)
+  }
+  else {
+    cveGenericGlobalsStore.setUseSearch(false);
+    cveGenericGlobalsStore.setCurrentServicesUrl("https://cveawg-test.mitre.org")
+  }
+  if (cveGenericGlobalsStore.useSearch) {
+    if (queryString.value !== cveListSearchStore.query) {
     cveListSearchStore.$reset();
     cveListSearchStore.query = queryString.value;
       router.push({
@@ -63,24 +98,47 @@ function startSearch() {
       });
       cveListSearchStore.search();
   }
+  } else {
+    const lookupPath = `/CVERecord?id=${cveId}`;
+    router.push(lookupPath)    
+  }
+  
 }
 
 function validateQueryString() {
-  const alphaNumericDashPattern = new RegExp(/^[a-zA-Z0-9 ]+$/, 'i').test(queryString.value);
-  const cveIdPattern = new RegExp(/^CVE-\d{4}-\d{4,7}$/, 'i').test(queryString.value);
-
-  if (queryString.value.length > 0 && !alphaNumericDashPattern && !cveIdPattern) {
-    cveListSearchStore.isSeachButtonDisabled = true;
-    errorMessage.value = 'Only letters, numbers, and CVE IDs (CVE-YYYY-NNNN) are allowed.';
-    cveListSearchStore.showHelpText = true;
-  } else if (queryString.value.length === 0) {
-    cveListSearchStore.isSeachButtonDisabled = true;
-    errorMessage.value = '';
-    cveListSearchStore.showHelpText = false;
+  if (searchTypeBoolean.value) {
+    const alphaNumericDashPattern = new RegExp(/^[a-zA-Z0-9 ]+$/, 'i').test(queryString.value);
+    const cveIdPattern = new RegExp(/^CVE-\d{4}-\d{4,7}$/, 'i').test(queryString.value);
+
+    if (queryString.value.length > 0 && !alphaNumericDashPattern && !cveIdPattern) {
+      cveListSearchStore.isSeachButtonDisabled = true;
+      errorMessage.value = 'Only letters, numbers, and CVE IDs (CVE-YYYY-NNNN) are allowed.';
+      cveListSearchStore.showHelpText = true;
+    } else if (queryString.value.length === 0) {
+      cveListSearchStore.isSeachButtonDisabled = true;
+      errorMessage.value = '';
+      cveListSearchStore.showHelpText = false;
+    } else {
+      cveListSearchStore.isSeachButtonDisabled = false;
+      errorMessage.value = '';
+      cveListSearchStore.showHelpText = false;
+    }
   } else {
-    cveListSearchStore.isSeachButtonDisabled = false;
-    errorMessage.value = '';
-    cveListSearchStore.showHelpText = false;
+    //Basic Checking
+    const cveIdPattern = new RegExp(/^CVE-\d{4}-\d{4,7}$/, 'i').test(cveId); 
+    if (cveId.length > 0 && !cveIdPattern) {
+      cveListSearchStore.isSeachButtonDisabled = true;
+      errorMessage.value = 'Only CVE IDs (CVE-YYYY-NNNN) are allowed.';
+      cveListSearchStore.showHelpText = true;
+    } else if (cveId.length === 0) {
+      cveListSearchStore.isSeachButtonDisabled = true;
+      errorMessage.value = '';
+      cveListSearchStore.showHelpText = false;
+    } else {
+      cveListSearchStore.isSeachButtonDisabled = false;
+      errorMessage.value = '';
+      cveListSearchStore.showHelpText = false;
+    }
   }
 }
 
@@ -89,10 +147,16 @@ function onKeyUpEnter() {
 }
 
 function validate() {
+ 
   validateQueryString();
-  if (!cveListSearchStore.isSeachButtonDisabled) {
+  if (cveGenericGlobalsStore.useSearch) {
+    if (!cveListSearchStore.isSeachButtonDisabled) {
+      startSearch();
+    }
+  } else {
     startSearch();
   }
+ 
 }
 
 const websiteEnv = computed(() => {
@@ -119,4 +183,5 @@ const websiteEnv = computed(() => {
     width: 470px;
   }
 }
+
 </style>
diff --git a/src/stores/cveListSearch.js b/src/stores/cveListSearch.js
@@ -1,4 +1,5 @@
 import { defineStore } from 'pinia';
+import { useGenericGlobalsStore } from './genericGlobals';
 import axios from 'axios';
 
 export const useCveListSearchStore = defineStore('cveListSearch ', {
@@ -108,7 +109,7 @@ export const useCveListSearchStore = defineStore('cveListSearch ', {
       const getRecordUrl = `/api/cve/${this.cveId}`;
 
       try {
-        axios.defaults.baseURL = `https://${import.meta.env.VITE_CVE_SERVICES_BASE_URL}`;
+        axios.defaults.baseURL = useCveListSearchStore().currentServicesUrl;
         const response = await axios.get(getRecordUrl);
         const cveRecordData = response?.data || {};
         this.isArecord = true;
diff --git a/src/stores/genericGlobals.ts b/src/stores/genericGlobals.ts
@@ -1,9 +1,23 @@
 import { defineStore } from 'pinia';
 
 export const useGenericGlobalsStore = defineStore('genericGlobals', {
-  state: () => { 
+  state: () => {
+    const storedUseSearch = sessionStorage.getItem('useSearch');
+    const storedCurrentServicesUrl = sessionStorage.getItem('currentServicesUrl');
     return {
+      useSearch: storedUseSearch ? JSON.parse(storedUseSearch) : true, 
+      currentServicesUrl: storedCurrentServicesUrl ? JSON.parse(storedCurrentServicesUrl) : `https://${import.meta.env.VITE_CVE_SERVICES_BASE_URL}`,
       legacyCveWebsiteLink: 'https://cve.mitre.org/cve/search_cve_list.html'
+    };
+  },
+  actions: {
+    setUseSearch(value) {
+      this.useSearch = value;
+      sessionStorage.setItem('useSearch', JSON.stringify(value)); 
+    },
+    setCurrentServicesUrl(value) {
+      this.currentServicesUrl = value;
+      sessionStorage.setItem('currentServicesUrl', JSON.stringify(value));
     }
-  }
+  },
 });
diff --git a/src/views/CVERecord/CVERecord.vue b/src/views/CVERecord/CVERecord.vue
@@ -21,6 +21,21 @@
     </div>
     <div v-else>
       <div v-if="usecveRecordStore.isIdOrRecordFound">
+        <div class="notification is-warning is-light" role="alert">
+        <div v-if="websiteEnv !== 'prd'" class="is-flex" style="justify-content: center;">
+          <p id="alertIconCveRecordsRequestErrored" class="is-hidden">alert</p>
+          <font-awesome-icon style="flex: 0 0 40px;" size="1x"  icon="triangle-exclamation" role="img"
+            aria-labelledby="alertIconCveRecordsRequestErrored" aria-hidden="false" />
+          <p>You are viewing <strong>{{ usingProd }}</strong> data from&nbsp;</p>
+          <a :href="resultUrl" target="_blank"> {{ resultUrl }} 
+              <span class="icon cve-icon-xxs">
+                <p id="externalLinkIcon" class="is-hidden">external website</p>
+                <font-awesome-icon icon="up-right-from-square"
+                 aria-labelledby="externalLinkIcon" aria-hidden="false"/>
+              </span>
+          </a>
+        </div>
+      </div>
         <PublishedRecord v-if="usecveRecordStore.isPublished"/>
         <RejectedRecordOrId v-if="usecveRecordStore.isRejected"/>
         <ReservedId v-if="usecveRecordStore.isReserved"/>
@@ -77,6 +92,9 @@ export default {
   },
   data() {
     return {
+      isResultFromProd: false,
+      // There is a special case when the website deals with some cached data. This ensures that the correct value is shown, even though it is not pretty
+      resultUrl: this.GenericGlobalsStore.useSearch ? `https://${import.meta.env.VITE_CVE_SERVICES_BASE_URL}` : `https://cveawg-test.mitre.org`,
       usecveRecordStore: usecveRecordStore(),
       cveId: usecveRecordStore().cveId,
       showHelpText: false,
@@ -87,6 +105,9 @@ export default {
     };
   },
   computed: {
+    usingProd() {
+      return this.isResultFromProd ? 'Production' : 'Test'
+    },
     isSearching() {
       return usecveRecordStore().isSearching;
     },
@@ -207,7 +228,7 @@ export default {
 
       const getIdUrl = `/api/cve-id/${usecveRecordStore().cveId}`;
       try {
-        axios.defaults.baseURL = `https://${import.meta.env.VITE_CVE_SERVICES_BASE_URL}`;
+        axios.defaults.baseURL = this.GenericGlobalsStore.currentServicesUrl;
         const idData = await axios.get(getIdUrl);
         this.getIdStatusCode = 200;
         if (idData.status === 200 && idData?.data?.error === undefined) {
@@ -243,9 +264,14 @@ export default {
       }
     },
     async getRecordData() {
-      const getRecordUrl = `https://${import.meta.env.VITE_CVE_SERVICES_BASE_URL}/api/cve/${usecveRecordStore().cveId}`;
+      const getRecordUrl = `${this.GenericGlobalsStore.currentServicesUrl}/api/cve/${usecveRecordStore().cveId}`;
+      if (this.GenericGlobalsStore.useSearch) {
+        this.isResultFromProd = true;
+      } else {
+        this.isResultFromProd = false;
+      }
+      this.resultUrl = this.GenericGlobalsStore.currentServicesUrl
       const recordData = await axios.get(getRecordUrl);
-
       if (!(typeof (recordData.data) === 'object')) {
         usecveRecordStore().isPublished = false;
         usecveRecordStore().isReserved = false;
diff --git a/src/views/CVERecord/PublishedRecord.vue b/src/views/CVERecord/PublishedRecord.vue
@@ -153,7 +153,7 @@ export default {
         tags: [],
       },
       originalRecordData: usecveRecordStore().recordData || {},
-      cveServicesBaseUrl: import.meta.env.VITE_CVE_SERVICES_BASE_URL,
+      cveServicesBaseUrl: this.GenericGlobalsStore.currentServicesUrl,
       usecveRecordStore: usecveRecordStore(),
       cpe: {},
       cnaContainer: {},
diff --git a/src/views/CVERecord/RejectedRecordOrId.vue b/src/views/CVERecord/RejectedRecordOrId.vue
@@ -118,7 +118,7 @@ export default {
       },
       originalRecordData: usecveRecordStore().recordData || {},
       originalIdData: usecveRecordStore().idData || {},
-      cveServicesBaseUrl: import.meta.env.VITE_CVE_SERVICES_BASE_URL,
+      cveServicesBaseUrl: this.GenericGlobalsStore.currentServicesUrl,
       usecveRecordStore: usecveRecordStore()
     };
   },
diff --git a/src/views/CVERecord/ReservedId.vue b/src/views/CVERecord/ReservedId.vue
@@ -79,7 +79,7 @@ export default {
   data() {
     return {
       isMessageExpanded: false,
-      cveServicesBaseUrl: import.meta.env.VITE_CVE_SERVICES_BASE_URL,
+      cveServicesBaseUrl: this.GenericGlobalsStore.currentServicesUrl,
       usecveRecordStore: usecveRecordStore()
     };
   },
