Sinderella
commented
7 years ago Do full text search instead?
Open Sinderella opened 7 years ago
Sinderella
commented
7 years ago Do full text search instead?
Sinderella
commented
7 years ago Google "site:exploit-db.com "CVE-2016-5195" has an accurate result though More reason to implement this #6
ngkogkos
commented
7 years ago What do you mean full text search instead?
Hmm I see the reason of the problem. It is because the exploit description in exploit-db is enclosed in single quotes. The code still finds the exploits but it throws the division exception as the frequency of the exact term "COW" in this case is 0, as it only shows up with single quotes next to it.
If in this case we assume that this term is rare enough we can return 1/1 so it will have more weight, I am not sure if this will bring other bugs though.
Generally the problem stems from the fact that I count the frequency of the keywords provided by the user in their exact form, while when searching I use python's "in" operator, so there is a miss match there.
Ideas?
Sinderella
commented
7 years ago I don't think it's a priority, but it'd be better if we don't have a failing test build. I'm not sure I fully understand the problem here, would striping special characters from both keyword and text help? I'd go for a quick fix first.
ngkogkos
commented
7 years ago Ok the text based bug may be fixed for now.
About the CVE based search the issue is that there is no mapping of the Exploit-DB ID of the exploit to the CVE here https://cve.mitre.org/data/refs/refmap/source-EXPLOIT-DB.html.
So I guess in this case, we were thinking to fallback in full text search yeah.
Sinderella
commented
7 years ago I just tried to find a solution, I thought we could use github to search for us instead of Google, but there's no CVE in it. See below:
https://www.exploit-db.com/exploits/40611/
CVE is only on their site. See this https://github.com/offensive-security/exploit-database/issues/54
It couldn't find Dirty COW exploit based on its CVE