From 6908e1327f87d0e70a61f6004876ccbc2ef1d4f1 Mon Sep 17 00:00:00 2001 From: wilky singh Date: Fri, 26 May 2023 20:45:28 +0530 Subject: [PATCH 1/2] default search is modified for contentSecurity --- .../org/sunbird/search/dto/SearchDTO.java | 7 +++++++ .../search/processor/SearchProcessor.java | 19 ++++++++++++++++++- .../search-service/conf/application.conf | 5 ++++- 3 files changed, 29 insertions(+), 2 deletions(-) diff --git a/search-api/search-core/src/main/java/org/sunbird/search/dto/SearchDTO.java b/search-api/search-core/src/main/java/org/sunbird/search/dto/SearchDTO.java index 6fa3d15a9..baa0ca3fe 100644 --- a/search-api/search-core/src/main/java/org/sunbird/search/dto/SearchDTO.java +++ b/search-api/search-core/src/main/java/org/sunbird/search/dto/SearchDTO.java @@ -16,6 +16,7 @@ public class SearchDTO { private int limit; private int offset; boolean fuzzySearch = false; + boolean secureSettings = false; private Map additionalProperties = new HashMap(); private Map softConstraints = new HashMap(); private List> aggregations = new ArrayList<>(); @@ -72,6 +73,12 @@ public boolean isFuzzySearch() { public void setFuzzySearch(boolean fuzzySearch) { this.fuzzySearch = fuzzySearch; } + public boolean isSecureSettings() { + return secureSettings; + } + public void setSecureSettings(boolean secureSettings) { + this.secureSettings = secureSettings; + } public Map getAdditionalProperties() { return additionalProperties; } diff --git a/search-api/search-core/src/main/java/org/sunbird/search/processor/SearchProcessor.java b/search-api/search-core/src/main/java/org/sunbird/search/processor/SearchProcessor.java index c95fc4f24..65cf0d503 100644 --- a/search-api/search-core/src/main/java/org/sunbird/search/processor/SearchProcessor.java +++ b/search-api/search-core/src/main/java/org/sunbird/search/processor/SearchProcessor.java @@ -5,6 +5,7 @@ import com.fasterxml.jackson.databind.ObjectMapper; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.StringUtils; +import org.apache.lucene.search.join.ScoreMode; import org.elasticsearch.action.search.SearchResponse; import org.elasticsearch.index.query.*; import org.elasticsearch.index.query.MultiMatchQueryBuilder.Type; @@ -342,6 +343,9 @@ private QueryBuilder prepareSearchQuery(SearchDTO searchDTO) { } private void formQuery(List properties, QueryBuilder queryBuilder, BoolQueryBuilder boolQuery, String operation, Boolean fuzzy) { + boolean enableSecureSettings = Platform.config.hasPath("search.fields.enable.secureSettings") && + Platform.config.getBoolean("search.fields.enable.secureSettings"); + for (Map property : properties) { String opertation = (String) property.get("operation"); @@ -359,6 +363,8 @@ private void formQuery(List properties, QueryBuilder queryBuilder, BoolQuer relevanceSort = true; propertyName = "all_fields"; queryBuilder = getAllFieldsPropertyQuery(values, fuzzy); + if(!enableSecureSettings) + boolQuery.mustNot(getSecureSettingsQuery()); boolQuery.must(queryBuilder); continue; } @@ -447,6 +453,8 @@ private void formQuery(List properties, QueryBuilder queryBuilder, BoolQuer } } if (operation.equalsIgnoreCase(AND)) { + if(!enableSecureSettings) + boolQuery.mustNot(getSecureSettingsQuery()); boolQuery.must(queryBuilder); } else { boolQuery.should(queryBuilder); @@ -515,9 +523,18 @@ private QueryBuilder getAllFieldsPropertyQuery(List values, Boolean fuzz .operator(Operator.AND).type(Type.CROSS_FIELDS).fuzzyTranspositions(false).lenient(true)); } } - return queryBuilder; } + private QueryBuilder getSecureSettingsQuery() { + + QueryBuilder firstNestedQuery =new NestedQueryBuilder("secureSettings", + QueryBuilders.boolQuery() .mustNot(new ExistsQueryBuilder("organisation")), org.apache.lucene.search.join.ScoreMode.None); + QueryBuilder secondNestedQuery= new NestedQueryBuilder("secureSettings", QueryBuilders.boolQuery() + .filter(new RangeQueryBuilder("organisation" + ".length").lte(0)) , org.apache.lucene.search.join.ScoreMode.None); + QueryBuilder query = QueryBuilders.boolQuery() .should(firstNestedQuery).should (secondNestedQuery); + + return query; + } /** * @param softConstraints diff --git a/search-api/search-service/conf/application.conf b/search-api/search-service/conf/application.conf index 0b038102c..b39c0e2b5 100644 --- a/search-api/search-service/conf/application.conf +++ b/search-api/search-service/conf/application.conf @@ -315,4 +315,7 @@ content.tagging.property=["subject","medium"] search.payload.log_enable=true #Folling configuration would enable the fuzzy search when there are no matches found for given query. -search.fields.enable.fuzzy.when.noresult=false \ No newline at end of file +search.fields.enable.fuzzy.when.noresult=false + +#Following configuration would enable the secureSettings search +search.fields.enable.secureSettings=false \ No newline at end of file From 4fd8d5b3d5683e9413c4e70518c61be5f24e23f6 Mon Sep 17 00:00:00 2001 From: wilky singh Date: Tue, 30 May 2023 09:29:09 +0530 Subject: [PATCH 2/2] Search query modification for content Security --- .../search/processor/SearchProcessor.java | 32 ++++++++++++++----- 1 file changed, 24 insertions(+), 8 deletions(-) diff --git a/search-api/search-core/src/main/java/org/sunbird/search/processor/SearchProcessor.java b/search-api/search-core/src/main/java/org/sunbird/search/processor/SearchProcessor.java index 65cf0d503..c4f8caa98 100644 --- a/search-api/search-core/src/main/java/org/sunbird/search/processor/SearchProcessor.java +++ b/search-api/search-core/src/main/java/org/sunbird/search/processor/SearchProcessor.java @@ -363,9 +363,13 @@ private void formQuery(List properties, QueryBuilder queryBuilder, BoolQuer relevanceSort = true; propertyName = "all_fields"; queryBuilder = getAllFieldsPropertyQuery(values, fuzzy); - if(!enableSecureSettings) - boolQuery.mustNot(getSecureSettingsQuery()); - boolQuery.must(queryBuilder); + if (!enableSecureSettings) { + boolQuery.mustNot(getSecureSettingsSearchDefaultQuery()); + boolQuery.must(queryBuilder); + } else { + boolQuery.must(getSecureSettingsSearchQuery("0134149030919618561")); + boolQuery.must(queryBuilder); + } continue; } @@ -453,10 +457,15 @@ private void formQuery(List properties, QueryBuilder queryBuilder, BoolQuer } } if (operation.equalsIgnoreCase(AND)) { - if(!enableSecureSettings) - boolQuery.mustNot(getSecureSettingsQuery()); - boolQuery.must(queryBuilder); - } else { + if (!enableSecureSettings) { + boolQuery.mustNot(getSecureSettingsSearchDefaultQuery()); + boolQuery.must(queryBuilder); + } else { + boolQuery.must(getSecureSettingsSearchQuery("0134149030919618561")); + boolQuery.must(queryBuilder); + } + } + else { boolQuery.should(queryBuilder); } @@ -525,7 +534,7 @@ private QueryBuilder getAllFieldsPropertyQuery(List values, Boolean fuzz } return queryBuilder; } - private QueryBuilder getSecureSettingsQuery() { + private QueryBuilder getSecureSettingsSearchDefaultQuery() { QueryBuilder firstNestedQuery =new NestedQueryBuilder("secureSettings", QueryBuilders.boolQuery() .mustNot(new ExistsQueryBuilder("organisation")), org.apache.lucene.search.join.ScoreMode.None); @@ -535,6 +544,13 @@ private QueryBuilder getSecureSettingsQuery() { return query; } + private QueryBuilder getSecureSettingsSearchQuery(String org_id) { + + QueryBuilder query =new NestedQueryBuilder("secureSettings", + QueryBuilders.boolQuery() .must(new ExistsQueryBuilder("secureSettings.organisation")).must(QueryBuilders.termQuery("secureSettings.organisation",org_id)), org.apache.lucene.search.join.ScoreMode.None); + + return query; + } /** * @param softConstraints