Skip to content

Build CVE Autocomplete#1510

Merged
cduhn17 merged 23 commits into
developfrom
Build-CVE-Autocomplete
Jul 2, 2026
Merged

Build CVE Autocomplete#1510
cduhn17 merged 23 commits into
developfrom
Build-CVE-Autocomplete

Conversation

@hawkishpolicy

@hawkishpolicy hawkishpolicy commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

🗣 Description

  • Created new elastic search index powered CVE Autocomplete filter for the Findings Library.
  • Provides similar functionality as Organization Autocomplete:
    • Allows users to full text search for CVE's.
    • Standard users are limited to CVE's linked to their assigned organization.
    • Admin users have access to all available CVE's.
    • CVE results are passed into domain search as filter upon selection.
    • Selected results are added to a checkbox controlled list that allows users to deselect.
  • Also moved Severity Facet Filter higher in the filter drawer.
    • Now sits just below Org Autocomplete

💭 Motivation and context

  • Increase UX in the Findings Library.
  • Replace the previous facet based checkbox controlled list implementation.
  • Closes CRASM-2986

🧪 Testing

  • local functional testing
  • created frontend unit tests covering Autocomplete render and use.
  • created backend unit tests covering query behavior, permissions, and returned results.

📷 Screenshots (if appropriate)

Screenshot 2026-07-02 at 9 40 53 AM Screenshot 2026-07-02 at 9 40 57 AM Screenshot 2026-07-02 at 9 41 05 AM Screenshot 2026-07-02 at 9 41 35 AM Screenshot 2026-07-02 at 9 41 15 AM

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All future TODOs are captured in issues, which are referenced in code comments.
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All relevant repo and/or project documentation has been updated to reflect the changes in this PR.
  • Tests have been added and/or modified to cover the changes in this PR.
  • All new and existing tests pass.
  • Bump major, minor, patch, pre-release, and/or build versions as appropriate via the bump_version script if this repository is versioned and the changes in this PR warrant a version bump.
  • Create a pre-release (necessary if and only if the pre-release version was bumped).

✅ Pre-merge checklist

  • Revert dependencies to default branches.
  • Finalize version.

✅ Post-merge checklist

  • Create a release (necessary if and only if the version was bumped).

- define CVE_INDEX
- define cve_mapping
- define sync_cve_index function
- define update_cves function
- define search_cves function
- modified cve_mapping in es_client.py to include organization.
- modified cve.py to only return CVEs to Standard Users that match the organization of the user making the request.
- modified CveSearchBody model to remove regions field since it is not used in the CVE search.
- modified syncmdl.py to include a call to sync_es_cves() after syncing organizations in ES. This ensures that CVEs are synced after organizations, which is important for maintaining the correct relationships between CVEs and organizations in the ES index.
  - this may not be strictly necessary since sync_es_domains() already syncs CVEs, but it is included for completeness and to ensure that CVEs are always synced after organizations.
  - code comments have been added to indicate that this step may not be strictly necessary, but it is included for completeness.
- added sync_es_cves() function to es_sync.py to sync CVEs from the database to the ES index. This function retrieves all CVEs from the database and indexes them in ES, ensuring that the ES index is up-to-date with the latest CVE data.
- removed unnecessary fields from the CVE list dictionary in es_sync.py to only include the fields that are needed for the CVE ES index. This reduces the amount of data that is indexed in ES and improves performance when searching for CVEs.
- added sync_es_cves to searchSync.py to ensure that CVEs are synced when the search index is updated. This ensures that the CVE data in ES is always up-to-date and consistent with the database.
- Backend:
  - Updated the Elasticsearch mapping for CVEs to use "keyword" type for the "name" field instead of "text". This change allows for exact matching and better performance in autocomplete scenarios.
  - Added escape_wildcard_query to the CVE search query to handle special characters, but leave dashes, in the search term.
  - It also uppercases the search term to ensure case-insensitive matching, as CVE names are typically uppercase.

- Frontend:
  - Updated the CVEFilter component to handle the new autocomplete functionality.
  - Changed the mapping of CVE names in the filter to use a number as the key instead of a string, which is more appropriate for list rendering in React.
  - Removed commented-out code related to domain and IP search, as it is not relevant to the CVE autocomplete feature.
  - Adjusted the useEffect hook to ensure that the searchCVEs function is called whenever the search term or filters change, ensuring that the displayed results are always up-to-date.
  - Added endpoint constants for the CVE search API to maintain consistency and avoid hardcoding URLs in the component.
  - Rendered CVEFilter component inside the DrawerInterior component, which is responsible for displaying the filter options in the UI.
  - Added a List component to display the filtered CVE results, allowing users to easily see and deselect CVEs chosen from the autocomplete suggestions.
- adding sync_es_cves to syncmdl command may be causing issues with github actions, so commenting it out for now. It may not be needed since sync_es_domains() already syncs CVEs, but keeping it for completeness.
- Moved call to sync_es_cves inside the populate block to ensure CVEs are synced inside the populate block to avoid erroring out when no Vulnerability Materialized Views exist yet.
- Moved call to sync_es_cves inside the populate block to ensure CVEs are synced inside the populate block to avoid erroring out when no Vulnerability Materialized Views exist yet.
- restored the "name" field in the CVE mapping to be of type "text" with a subfield of type "keyword" for wildcard searches, instead of just "keyword". This allows for more flexible search capabilities while still supporting exact matches.
- added unit tests for the CVE autocomplete functionality to ensure that the search behaves as expected with the new mapping:
  - tests for exact matches, partial matches, and wildcard searches, verifying that the correct CVEs are returned based on the search term.
  - tests for Standard Users, verifying that they can only see CVEs associated with their organization.
  - tests for Admin Users, verifying that they can see all CVEs.
  - test for no authentication, verifying that an unauthorized user cannot access the CVE search endpoint.
- Added unit tests for CVE Autocomplete component to ensure correct filtering and selection behavior.
- Updated SaveSearchModal component to improve accessibility by changing ARIA labels from "search" to "filter" where appropriate.
- Added /search/cves to list of endpoints that do not require response model.
- There is a todo to add respose models to all endpoints, but for now this is a temporary fix to allow the /search/cves endpoint to be tested without a response model.
- Update ARIA attributes for accessibility
- removed original CVE Facet Filter from DrawerInterior.tsx
- removed unused imports from CVEFilter.test.tsx
- Statements, Functions, and Lines have been increased slightly to reflect the current state of the codebase.
- Branches threshold has been decreased slightly.
- May be due to conditional rendering or Build and Transpiler noise from typescript injections.
- Luckily, overall coverage has increased.
- Moved severity  dfacet filter higher in the filter drawer to be just below the Org Autocomplete filter. This change was made to improve the user experience by making the severity filter more prominent and easier to access.
@hawkishpolicy hawkishpolicy marked this pull request as ready for review July 2, 2026 13:51
Comment thread backend/src/xfd_django/xfd_api/api_methods/cve.py Outdated
Comment thread backend/src/xfd_django/xfd_api/api_methods/cve.py Outdated
Comment thread frontend/src/components/FilterDrawer/CVEFilter.tsx Outdated
- Raise HTTPException with status code 403 and detail "Unauthorized" when the user is not authorized to access CVE data, instead of returning an empty list. This change ensures that unauthorized access attempts are properly handled and communicated to the client.
- Removed id from option button in CVEFilter component to avoid duplicate ids.

@jayjaybunce jayjaybunce left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested locally, all portions of the feature are working as expected.

@cduhn17 cduhn17 merged commit 900000a into develop Jul 2, 2026
23 checks passed
@cduhn17 cduhn17 deleted the Build-CVE-Autocomplete branch July 2, 2026 18:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants