def test_simple_page_xss(self, client, project):
query = 'XSS'
page_search = PageDocument.simple_search(query=query)
results = page_search.execute()
expected = """
<h3><em>XSS</em> exploit</h3>
""".strip()
assert results[0].meta.highlight.content[0][:len(expected)] == expected
def get_queryset(self):
"""
Return Elasticsearch DSL Search object instead of Django Queryset.
Django Queryset and elasticsearch-dsl ``Search`` object is similar pattern.
So for searching, its possible to return ``Search`` object instead of queryset.
The ``filter_backends`` and ``pagination_class`` is compatible with ``Search``
"""
# Validate all the required params are there
self.validate_query_params()
query = self.request.query_params.get('query', '')
queryset = PageDocument.simple_search(query=query)
return queryset
def elastic_project_search(request, project_slug):
"""Use elastic search to search in a project."""
queryset = Project.objects.protected(request.user)
project = get_object_or_404(queryset, slug=project_slug)
version_slug = request.GET.get('version', LATEST)
query = request.GET.get('q', None)
results = None
if query:
user = ''
if request.user.is_authenticated:
user = request.user
log.info(
LOG_TEMPLATE.format(
user=user,
project=project or '',
type='inproject',
version=version_slug or '',
language='',
msg=query or '',
),
)
if query:
req = PageDocument.simple_search(query=query)
filtered_query = (
req.filter('term', project=project.slug)
.filter('term', version=version_slug)
)
paginated_query = filtered_query[:50]
results = paginated_query.execute()
return render(
request,
'search/elastic_project_search.html',
{
'project': project,
'query': query,
'results': results,
},
)
