CVEProject · hkong-mitre · Sep 9, 2025 · Sep 6, 2025
diff --git a/src/search/SearchQueryBuilder.test.unit.ts b/src/search/SearchQueryBuilder.test.unit.ts
@@ -12,21 +12,66 @@ describe(`SearchQueryBuilder`, () => {
 
   // ----- constructor
 
-  it(`constructor(simpleString) correctly sets all fields with proper defaults for options`, async () => {
+  it(`constructor(simpleString) correctly sets fields with proper defaults for options`, async () => {
     const builder = new SearchQueryBuilder(kSimpleSearchString)
     expect(builder._searchText).toBe(kSimpleSearchString)
-    expect(builder._searchOptions.track_total_hits).toBeTruthy()
+    const options = builder._searchOptions;
+    expect(options.useCache).toBeTruthy();
+    expect(options.track_total_hits).toBeTruthy();
+    expect(options.default_operator).toBe('AND');
+    expect(options.metadataOnly).toBeFalsy();
+    expect(options.fields.length).toBe(0);
+    expect(options.sort.length).toBe(1);
+    expect(options.sort).toMatchSnapshot();
+    expect(options.from).toBe(0);
+    expect(options.size).toBe(SearchQueryBuilder.kDefaultNumResults)
   });
 
 
-  it(`constructor(simpleString,{track_total_hits:value}) correctly sets all fields with specified options`, async () => {
-    const builder = new SearchQueryBuilder(kSimpleSearchString, { track_total_hits: true })
-    expect(builder._searchText).toBe(kSimpleSearchString)
+  it(`constructor(simpleString,<options>) correctly sets fields with specified options`, async () => {
+    let builder;
+    // track_total_hits
+    builder = new SearchQueryBuilder("", { track_total_hits: true })
     expect(builder._searchOptions.track_total_hits).toBeTruthy()
-
-    const req2 = new SearchQueryBuilder(kSimpleSearchString, { track_total_hits: false })
-    expect(req2._searchText).toBe(kSimpleSearchString)
-    expect(req2._searchOptions.track_total_hits).toBeFalsy()
+    builder = new SearchQueryBuilder("", { track_total_hits: false });
+    expect(builder._searchOptions.track_total_hits).toBeFalsy();
+
+    // metadataOnly
+    builder = new SearchQueryBuilder("", { metadataOnly: true });
+    expect(builder._searchOptions.metadataOnly).toBeTruthy();
+    builder = new SearchQueryBuilder("", { metadataOnly: false });
+    expect(builder._searchOptions.metadataOnly).toBeFalsy()
+
+    // fileds
+    builder = new SearchQueryBuilder("", { fields: [] });
+    expect(builder._searchOptions.fields.length).toBe(0);
+    expect(builder._searchOptions.fields).toMatchSnapshot();
+    builder = new SearchQueryBuilder("", { fields: ["containers.cna"] });
+    expect(builder._searchOptions.fields).toMatchSnapshot();
+    builder = new SearchQueryBuilder("", { fields: ["containers.adp", "containers.cna", "z", "xy", "ab"] });  // order should be preserved
+    expect(builder._searchOptions.fields).toMatchSnapshot();
+
+
+    // sort
+    builder = new SearchQueryBuilder("", { sort: [] });
+    expect(builder._searchOptions.sort).toMatchSnapshot();
+    builder = new SearchQueryBuilder("", {
+      sort: [{
+        "cveMetadata.cveId.keyword": { "order": "asc" }
+      }]
+    });
+    expect(builder._searchOptions.sort).toMatchSnapshot();
+    builder = new SearchQueryBuilder("", {
+      sort: [
+        {
+          "cveMetadata.dateUpdated": { "order": "desc" }
+        },
+        {
+          "cveMetadata.cveId.keyword": { "order": "desc" }
+        }
+      ]
+    });  // order should be preserved
+    expect(builder._searchOptions.sort).toMatchSnapshot()
   });
 
 

diff --git a/src/search/SearchQueryBuilder.ts b/src/search/SearchQueryBuilder.ts
@@ -8,6 +8,9 @@ import { SearchRequest } from './SearchRequest.js';
  */
 export class SearchQueryBuilder {
 
+  /** default number of results to return when not specified */
+  static kDefaultNumResults = 25
+
   /** the user entered text */
   _searchText: string;
 
@@ -33,8 +36,14 @@ export class SearchQueryBuilder {
         "cveMetadata.cveId.keyword": { "order": "desc" }
       }],
       from: options?.from ?? 0,
-      size: options?.size ?? 25,
+      size: options?.size ?? SearchQueryBuilder.kDefaultNumResults,
     };
+    if (this._searchOptions.from < 0) {
+      this._searchOptions.from = 0;
+    }
+    if (this._searchOptions.size < this._searchOptions.from) {
+      this._searchOptions.size = this._searchOptions.from + 1;
+    }
     this._searchRequest = new SearchRequest(searchText)
   }
 

diff --git a/src/search/SearchRequest.test.unit.ts b/src/search/SearchRequest.test.unit.ts
@@ -183,11 +183,6 @@ describe(`SearchRequest`, () => {
   // ----- disallowed strings -----
   // ["CVE–1999–0001", 'SEARCH_GENERAL_TEXT', "CVE–1999–0001"],
 
-    ["127.0.0.*", 'SEARCH_AS_WILDCARD_ASTERISK', "127.0.0.*"],
-    // [".127.0.0.*", 'SEARCH_AS_WILDCARD_ASTERISK', ".127.0.0.*"],
-    // [".127.0.0.???", 'WILDCARD_QUESTION_SEARCH_NOT_SUPPORTED', ".127.0.0.???"],
-    // [".127.0.0.*", 'SEARCH_AS_WILDCARD_ASTERISK', ".127.0.0.*"],
-
     // // ----- simple search strings -----
     // ["2020", 'SEARCH_GENERAL_TEXT', "2020"],
     // ["office", 'SEARCH_GENERAL_TEXT', "office"],
@@ -345,16 +340,9 @@ describe(`SearchRequest`, () => {
     [`"man in the middle"`, [`man in the middle`]],
     [`man in the middle`, ["man", "in", "the", "middle"]],
     [``, []],
-    [`"`, [`"`]],
+    [`"`, [``]],
     // [`""`, [``]], //@todo
     // [`"""`, [`"`]], //@todo
-    // [`"micro????"`, [`"micro????"`]], // @todo
-    [`micro*`, [`micro*`]],
-    [`*micro*`, [`*micro*`]],
-    [`*micro**`, [`*micro**`]],
-    [`*micro *`, [`*micro`, `*`]],
-    [`micro????`, [`micro????`]],
-    [`micro*????`, [`micro*????`]],
     // ----- UTF codes -----
   ]
     .forEach((test: [string, string[]]) => {

diff --git a/src/search/__snapshots__/SearchQueryBuilder.test.unit.ts.snap b/src/search/__snapshots__/SearchQueryBuilder.test.unit.ts.snap
@@ -308,3 +308,58 @@ SearchRequest {
   "_searchText": "office",
 }
 `;
+
+exports[`SearchQueryBuilder constructor(simpleString) correctly sets fields with proper defaults for options 1`] = `
+Array [
+  Object {
+    "cveMetadata.cveId.keyword": Object {
+      "order": "desc",
+    },
+  },
+]
+`;
+
+exports[`SearchQueryBuilder constructor(simpleString,<options>) correctly sets fields with specified options 1`] = `Array []`;
+
+exports[`SearchQueryBuilder constructor(simpleString,<options>) correctly sets fields with specified options 2`] = `
+Array [
+  "containers.cna",
+]
+`;
+
+exports[`SearchQueryBuilder constructor(simpleString,<options>) correctly sets fields with specified options 3`] = `
+Array [
+  "containers.adp",
+  "containers.cna",
+  "z",
+  "xy",
+  "ab",
+]
+`;
+
+exports[`SearchQueryBuilder constructor(simpleString,<options>) correctly sets fields with specified options 4`] = `Array []`;
+
+exports[`SearchQueryBuilder constructor(simpleString,<options>) correctly sets fields with specified options 5`] = `
+Array [
+  Object {
+    "cveMetadata.cveId.keyword": Object {
+      "order": "asc",
+    },
+  },
+]
+`;
+
+exports[`SearchQueryBuilder constructor(simpleString,<options>) correctly sets fields with specified options 6`] = `
+Array [
+  Object {
+    "cveMetadata.dateUpdated": Object {
+      "order": "desc",
+    },
+  },
+  Object {
+    "cveMetadata.cveId.keyword": Object {
+      "order": "desc",
+    },
+  },
+]
+`;
diff --git a/src/search/test_cases/search_ipv4.test.e2e.ts b/src/search/test_cases/search_ipv4.test.e2e.ts
@@ -8,6 +8,7 @@ describe('IPv4 Searches', () => {
     { input: "10.0.0.1" },    // class A
     { input: "172.16.0.1" },  // class B
     { input: "255.255.255.255" }, // broadcast
+    { input: "0.0.0.0" },  //  non-routable, special IP
   ];
 
   testCases.forEach(({ input }) => {
@@ -23,6 +24,7 @@ describe('IPv4 Searches', () => {
     { counterInput: "wikipedia" }, // google search bar style "url"
     { counterInput: "localhost" },
     { counterInput: "127.0.0.1:65535" },   // localhost with user port is treated as URL
+    { counterInput: "1.2.3.4.5", expectedType: 'SEARCH_AS_VERSION' },   // too many periods
     { counterInput: "http://user:pass@127.0.0.1/?a=b&abc=1%22#25", expectedType: 'SEARCH_AS_URL'},
     { counterInput: "::", expectedType: 'SEARCH_AS_IPv6'},
     { counterInput: "2001:db8:3333:4444:5555:6666:1.2.3.4", expectedType: 'SEARCH_AS_IPv6'},
@@ -32,6 +34,8 @@ describe('IPv4 Searches', () => {
     // using * as wildcard
     { counterInput: "127.0.0.*", expectedType: 'SEARCH_AS_WILDCARD_ASTERISK' },
     { counterInput: "*.0.0.1", expectedType: 'SEARCH_AS_WILDCARD_ASTERISK' },
+    // cidr
+    { counterInput: "172.16.0.1/32"/*, expectedType: 'SEARCH_AS_URL'*/ }, // this should be CIDR
   ];
 
   antiCases.forEach(({ counterInput, expectedType }) => {
@@ -98,19 +102,19 @@ describe('SearchRequest testing IPv6', () => {
   ];
 
   antiCases.forEach(({ counterInput, expectedType }) => {
-      it(`isUrl('${counterInput}') --> false`, () => {
-          const result = SearchRequest.isIpV6String(counterInput);
-          expect(result).toBe(false);
-      });
+    it(`isUrl('${counterInput}') --> false`, () => {
+      const result = SearchRequest.isIpV6String(counterInput);
+      expect(result).toBe(false);
+    });
   });
 
   antiCases.forEach(({ counterInput, expectedType }) => {
-      if (expectedType) {
-          it(`findSearchRequestType('${counterInput}') --> ${expectedType}`, () => {
-              const result = SearchRequest.findSearchRequestType(counterInput);
-              expect(result).toBe(expectedType);
-          });
-      }
+    if (expectedType) {
+      it(`findSearchRequestType('${counterInput}') --> ${expectedType}`, () => {
+        const result = SearchRequest.findSearchRequestType(counterInput);
+        expect(result).toBe(expectedType);
+      });
+    }
   });
 
 });
diff --git a/src/search/test_cases/search_wildcards.test.e2e.ts b/src/search/test_cases/search_wildcards.test.e2e.ts
@@ -15,30 +15,29 @@ describe('Wildcard Searches', () => {
 
   describe('SearchRequest.tokenizeSearchText()', () => {
     const testCases: Array<{ input: string; expected: string[]; }> = [
-    // Wildcards in 1 term
-    { input: `"microsoft"`, expected: ["microsoft"] },
-    { input: "127.0.0.*", expected: ["127.0.0.*"] },
-    { input: `"microsoft *"`, expected: ["microsoft *"] },
-    // Wildcards in 2 terms
-    { input: `"micro* office"`, expected: ["micro* office"] },
-    { input: `"microsoft off*"`, expected: ["microsoft off*"] },
-    { input: `"*soft office"`, expected: ["*soft office"] },
-    { input: `"*soft off*"`, expected: ["*soft off*"] },
-    { input: `"CVE*" "micro*"`, expected: ["CVE*", "micro*"] },
-    // Wildcards in 3 terms
-    { input: `"CVE*" "microsoft*" "off*"`, expected: ["CVE*", "microsoft*", "off*"] },
-    // Wildcards in phrases
-    { input: `"microsoft off*"`, expected: ["microsoft off*"] },
-    { input: `"CVE*" "*soft office"`, expected: ["CVE*", "*soft office"] },
-  ];
-
-  testCases.forEach(({ input, expected }) => {
-    it(`should correctly tokenize "${input}" into ${JSON.stringify(expected)}`, () => {
-      const result = SearchRequest.tokenizeSearchText(input);
-      expect(result).toEqual(expected);
+      // Wildcards in 1 term
+      { input: "127.0.0.*", expected: ["127.0.0.*"] },
+      { input: `"microsoft *"`, expected: ["microsoft *"] },
+      // Wildcards in 2 terms
+      { input: `"micro* office"`, expected: ["micro* office"] },
+      { input: `"microsoft off*"`, expected: ["microsoft off*"] },
+      { input: `"*soft office"`, expected: ["*soft office"] },
+      { input: `"*soft off*"`, expected: ["*soft off*"] },
+      { input: `"CVE*" "micro*"`, expected: ["CVE*", "micro*"] },
+      // Wildcards in 3 terms
+      { input: `"CVE*" "microsoft*" "off*"`, expected: ["CVE*", "microsoft*", "off*"] },
+      // Wildcards in phrases
+      { input: `"microsoft off*"`, expected: ["microsoft off*"] },
+      { input: `"CVE*" "*soft office"`, expected: ["CVE*", "*soft office"] },
+    ];
+
+    testCases.forEach(({ input, expected }) => {
+      it(`should correctly tokenize "${input}" into ${JSON.stringify(expected)}`, () => {
+        const result = SearchRequest.tokenizeSearchText(input);
+        expect(result).toEqual(expected);
+      });
     });
   });
-  });
 
 
   describe('SearchRequest.findSearchRequestType()', () => {
@@ -130,6 +129,15 @@ describe('Wildcard Searches', () => {
       { input: "m*cro*f*", succeed: true, expectedNum: 52 },    //@todo, expected 65, same as "micro*"
       { input: "m**t", succeed: true, expectedNum: 237 },     //@todo, should return error due to repeating *
       { input: "m*****t", succeed: true, expectedNum: 237 },  //@todo, should return error due to repeating *
+      // @todo
+      // [`"micro????"`, [`"micro????"`]], // @todo
+      // [`micro*`, [`micro*`]],
+      // [`*micro*`, [`*micro*`]],
+      // [`*micro**`, [`*micro**`]],
+      // [`*micro *`, [`*micro`, `*`]],
+      // [`micro????`, [`micro????`]],
+      // [`micro*????`, [`micro*????`]],
+
       // ----- ????? -----
       // { input: ".127.0.0.*", expectedNum: 2 },
       // { input: ".127.0.0.???", expectedType: 'SEARCH_AS_WILDCARD_QUESTION', expectedProcessedText: ".127.0.0.???" },  //