-
Notifications
You must be signed in to change notification settings - Fork 361
/
search.go
277 lines (235 loc) · 8.37 KB
/
search.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
package api
import (
"encoding/json"
"fmt"
"net/http"
"slices"
"strings"
"github.com/sensepost/gowitness/pkg/log"
"github.com/sensepost/gowitness/pkg/models"
)
type searchRequest struct {
Query string `json:"query"`
}
type searchResult struct {
ID uint `json:"id" gorm:"primarykey"`
URL string `json:"url"`
FinalURL string `json:"final_url"`
ResponseCode int `json:"response_code"`
ResponseReason string `json:"response_reason"`
Protocol string `json:"protocol"`
ContentLength int64 `json:"content_length"`
Title string `json:"title"`
Failed bool `json:"failed"`
FailedReason string `json:"failed_reason"`
Filename string `json:"file_name"`
Screenshot string `json:"screenshot"`
MatchedFields []string `json:"matched_fields"`
}
// searchOperators are the operators we support. everything else is
// "free text"
var searchOperators = []string{"title", "body", "tech", "header", "p"}
// SearchHandler handles search
//
// @Summary Search for results
// @Description Searches for results based on free form text, or operators.
// @Tags Results
// @Accept json
// @Produce json
// @Param query body searchRequest true "The search term to search for. Supports search operators: `title:`, `tech:`, `header:`, `body:`, `p:`"
// @Success 200 {object} searchResult
// @Router /search [post]
func (h *ApiHandler) SearchHandler(w http.ResponseWriter, r *http.Request) {
var request searchRequest
if err := json.NewDecoder(r.Body).Decode(&request); err != nil {
log.Error("failed to read json request", "err", err)
http.Error(w, "Error reading JSON request", http.StatusInternalServerError)
return
}
parsed, freeText := parseSearchQuery(request.Query)
var searchResults []searchResult
resultIDs := make(map[uint]bool)
// iterate over parsed search operators
for key, value := range parsed {
lowerValue := fmt.Sprintf("%%%s%%", value)
switch key {
case "title":
var titleResults []models.Result
if err := h.DB.Model(&models.Result{}).Where("LOWER(title) LIKE ?", lowerValue).
Find(&titleResults).Error; err != nil {
log.Error("failed to get title results", "err", err)
return
}
searchResults = appendResults(searchResults, resultIDs, titleResults, key)
case "tech":
var techResults []models.Result
if err := h.DB.Model(&models.Result{}).
Where("id in (?)", h.DB.Model(&models.Technology{}).
Select("result_id").Distinct("result_id").
Where("value LIKE ?", lowerValue)).
Find(&techResults).Error; err != nil {
log.Error("failed to get tech results", "err", err)
return
}
searchResults = appendResults(searchResults, resultIDs, techResults, key)
case "body":
var bodyResults []models.Result
if err := h.DB.Model(&models.Result{}).
Where("LOWER(html) LIKE ?", lowerValue).Find(&bodyResults).Error; err != nil {
log.Error("failed to get html results", "err", err)
return
}
searchResults = appendResults(searchResults, resultIDs, bodyResults, key)
case "header":
var headerResults []models.Result
if err := h.DB.Model(&models.Result{}).
Where("id in (?)", h.DB.Model(&models.Header{}).
Select("result_id").Distinct("result_id").
Where("value LIKE ?", lowerValue)).
Find(&headerResults).Error; err != nil {
log.Error("failed to get tech results", "err", err)
return
}
searchResults = appendResults(searchResults, resultIDs, headerResults, key)
case "p":
var perceptionHashResults []models.Result
if err := h.DB.Model(&models.Result{}).
Where("perception_hash_group_id in (?)", h.DB.Model(&models.Result{}).
Select("perception_hash_group_id").Distinct("perception_hash_group_id").
Where(
"perception_hash = ?",
// p: was used as the operatator trigger, but we need it
// back to resolve the group_id.
fmt.Sprintf("p:%s", value),
)).
Find(&perceptionHashResults).Error; err != nil {
log.Error("failed to get perception hash results", "err", err)
return
}
searchResults = appendResults(searchResults, resultIDs, perceptionHashResults, key)
}
}
// process any freetext if there is
if freeText != "" {
lowerFreeText := fmt.Sprintf("%%%s%%", freeText)
var freeTextResults []models.Result
if err := h.DB.Model(&models.Result{}).
Where("LOWER(url) LIKE ?", lowerFreeText).
Or("LOWER(final_url) LIKE ?", lowerFreeText).
Or("LOWER(title) LIKE ?", lowerFreeText).
Find(&freeTextResults).Error; err != nil {
log.Error("failed to get freetext results", "err", err)
return
}
searchResults = appendResults(searchResults, resultIDs, freeTextResults, "text")
}
jsonData, err := json.Marshal(searchResults)
if err != nil {
http.Error(w, "Error creating JSON response", http.StatusInternalServerError)
return
}
w.Write(jsonData)
}
// parseSearchQuery parses a search query string into key-value pairs for known operators
// and captures any remaining free-form text.
func parseSearchQuery(query string) (map[string]string, string) {
// Operators that we know of and that will be parsed
result := make(map[string]string)
var freeText string
var currentKey string
var currentValue []string
parts := strings.Fields(query)
for i := 0; i < len(parts); i++ {
part := parts[i]
// Check if the part contains an operator (e.g., title: or tech:)
if index := strings.Index(part, ":"); index != -1 {
operator := part[:index]
if slices.Contains(searchOperators, operator) {
// If we are processing an operator, finalize the previous key-value pair
if currentKey != "" {
result[currentKey] = strings.Join(currentValue, " ")
currentValue = nil
}
// Set the current key to the new operator
currentKey = operator
// Handle the value right after the colon
remainingPart := part[index+1:]
// quoted value?
if strings.HasPrefix(remainingPart, `"`) {
// Quoted value (with spaces)
remainingPart = strings.Trim(remainingPart, `"`)
currentValue = append(currentValue, remainingPart)
// Continue appending parts until the closing quote
for i+1 < len(parts) && !strings.HasSuffix(parts[i+1], `"`) {
i++
currentValue = append(currentValue, parts[i])
}
if i+1 < len(parts) && strings.HasSuffix(parts[i+1], `"`) {
i++
closingPart := strings.Trim(parts[i], `"`)
currentValue = append(currentValue, closingPart)
}
} else if remainingPart != "" {
// Unquoted single word after colon
currentValue = append(currentValue, remainingPart)
} else if i+1 < len(parts) && !strings.HasPrefix(parts[i+1], `"`) {
// Unquoted value in the next part
i++
currentValue = append(currentValue, parts[i])
}
continue
}
}
// Add remaining parts as free text
freeText += part + " "
}
// If we have an unprocessed key-value pair, store it
if currentKey != "" {
result[currentKey] = strings.Join(currentValue, " ")
}
// Trim any excess spaces from freeText
freeText = strings.TrimSpace(freeText)
return result, freeText
}
// appendResults adds results to searchResults, ensuring unique results are added,
// and also tracks which field caused the match
func appendResults(searchResults []searchResult, resultIDs map[uint]bool, newResults []models.Result, matchedField string) []searchResult {
for _, res := range newResults {
if resultIDs[res.ID] {
for i := range searchResults {
if searchResults[i].ID == res.ID {
searchResults[i].MatchedFields = appendUnique(searchResults[i].MatchedFields, matchedField)
break
}
}
} else {
searchResults = append(searchResults, searchResult{
ID: res.ID,
URL: res.URL,
FinalURL: res.FinalURL,
ResponseCode: res.ResponseCode,
ResponseReason: res.ResponseReason,
Protocol: res.Protocol,
ContentLength: res.ContentLength,
Title: res.Title,
Failed: res.Failed,
FailedReason: res.FailedReason,
Filename: res.Filename,
Screenshot: res.Screenshot,
MatchedFields: []string{matchedField},
})
// Mark the result ID as added
resultIDs[res.ID] = true
}
}
return searchResults
}
// appendUnique ensures no duplicates in the list of matched fields
func appendUnique(existingFields []string, newField string) []string {
for _, field := range existingFields {
if field == newField {
return existingFields
}
}
return append(existingFields, newField)
}