diff options
author | Alexandre Flament <alex@al-f.net> | 2017-01-20 18:52:47 +0100 |
---|---|---|
committer | Alexandre Flament <alex@al-f.net> | 2017-01-20 18:52:47 +0100 |
commit | 15eef0ebdb15af80c026302bef250dc7f4417951 (patch) | |
tree | c1e5ab56359ed3f23a17e6721cae1c4fbf6d88af | |
parent | 7fdfeca3a43e0e2bd8ef2dcb27cca7745edf596a (diff) | |
download | searxng-15eef0ebdb15af80c026302bef250dc7f4417951.tar.gz searxng-15eef0ebdb15af80c026302bef250dc7f4417951.zip |
[enh] validate input and raise an exception inside search.py. The exception message is output in json and rss format.
-rw-r--r-- | searx/exceptions.py | 32 | ||||
-rw-r--r-- | searx/search.py | 66 | ||||
-rw-r--r-- | searx/templates/__common__/opensearch_response_rss.xml | 6 | ||||
-rw-r--r-- | searx/webapp.py | 67 |
4 files changed, 133 insertions, 38 deletions
diff --git a/searx/exceptions.py b/searx/exceptions.py new file mode 100644 index 000000000..c605ddcab --- /dev/null +++ b/searx/exceptions.py @@ -0,0 +1,32 @@ +''' +searx is free software: you can redistribute it and/or modify +it under the terms of the GNU Affero General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +searx is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU Affero General Public License for more details. + +You should have received a copy of the GNU Affero General Public License +along with searx. If not, see < http://www.gnu.org/licenses/ >. + +(C) 2017- by Alexandre Flament, <alex@al-f.net> +''' + + +class SearxException(Exception): + pass + + +class SearxParameterException(SearxException): + + def __init__(self, name, value): + if value == '' or value is None: + message = 'Empty ' + name + ' parameter' + else: + message = 'Invalid value "' + value + '" for parameter ' + name + super(SearxParameterException, self).__init__(message) + self.parameter_name = name + self.parameter_value = value diff --git a/searx/search.py b/searx/search.py index e0f0cfd6a..0bb774479 100644 --- a/searx/search.py +++ b/searx/search.py @@ -31,11 +31,16 @@ from searx.query import RawTextQuery, SearchQuery from searx.results import ResultContainer from searx import logger from searx.plugins import plugins +from searx.languages import language_codes +from searx.exceptions import SearxParameterException logger = logger.getChild('search') number_of_searches = 0 +language_code_set = set(l[0].lower() for l in language_codes) +language_code_set.add('all') + def send_http_request(engine, request_params, start_time, timeout_limit): # for page_load_time stats @@ -182,33 +187,13 @@ def default_request_params(): def get_search_query_from_webapp(preferences, form): - query = None - query_engines = [] - query_categories = [] - query_pageno = 1 - query_lang = 'all' - query_time_range = None + # no text for the query ? + if not form.get('q'): + raise SearxParameterException('q', '') # set blocked engines disabled_engines = preferences.engines.get_disabled() - # set specific language if set - query_lang = preferences.get_value('language') - - # safesearch - query_safesearch = preferences.get_value('safesearch') - - # TODO better exceptions - if not form.get('q'): - raise Exception('noquery') - - # set pagenumber - pageno_param = form.get('pageno', '1') - if not pageno_param.isdigit() or int(pageno_param) < 1: - pageno_param = 1 - - query_pageno = int(pageno_param) - # parse query, if tags are set, which change # the serch engine or search-language raw_text_query = RawTextQuery(form['q'], disabled_engines) @@ -217,6 +202,13 @@ def get_search_query_from_webapp(preferences, form): # set query query = raw_text_query.getSearchQuery() + # get and check page number + pageno_param = form.get('pageno', '1') + if not pageno_param.isdigit() or int(pageno_param) < 1: + raise SearxParameterException('pageno', pageno_param) + query_pageno = int(pageno_param) + + # get language # set specific language if set on request, query or preferences # TODO support search with multible languages if len(raw_text_query.languages): @@ -226,10 +218,38 @@ def get_search_query_from_webapp(preferences, form): else: query_lang = preferences.get_value('language') + # check language + if query_lang not in language_code_set: + raise SearxParameterException('language', query_lang) + + # get safesearch + if 'safesearch' in form: + query_safesearch = form.get('safesearch') + # first check safesearch + if not query_safesearch.isdigit(): + raise SearxParameterException('safesearch', query_safesearch) + query_safesearch = int(query_safesearch) + else: + query_safesearch = preferences.get_value('safesearch') + + # safesearch : second check + if query_safesearch < 0 or query_safesearch > 2: + raise SearxParameterException('safesearch', query_safesearch) + + # get time_range query_time_range = form.get('time_range') + # check time_range + if not(query_time_range is None)\ + and not (query_time_range in ['', 'day', 'week', 'month', 'year']): + raise SearxParameterException('time_range', query_time_range) + + # query_engines query_engines = raw_text_query.engines + # query_categories + query_categories = [] + # if engines are calculated from query, # set categories by using that informations if query_engines and raw_text_query.specific: diff --git a/searx/templates/__common__/opensearch_response_rss.xml b/searx/templates/__common__/opensearch_response_rss.xml index ddb60fa5e..32c42e7c7 100644 --- a/searx/templates/__common__/opensearch_response_rss.xml +++ b/searx/templates/__common__/opensearch_response_rss.xml @@ -11,6 +11,12 @@ <opensearch:itemsPerPage>{{ number_of_results }}</opensearch:itemsPerPage> <atom:link rel="search" type="application/opensearchdescription+xml" href="{{ base_url }}opensearch.xml"/> <opensearch:Query role="request" searchTerms="{{ q|e }}" startPage="1" /> + {% if error_message %} + <item> + <title>Error</title> + <description>{{ error_message|e }}</description> + </item> + {% endif %} {% for r in results %} <item> <title>{{ r.title }}</title> diff --git a/searx/webapp.py b/searx/webapp.py index 31d85ff5b..929d9e243 100644 --- a/searx/webapp.py +++ b/searx/webapp.py @@ -52,6 +52,7 @@ from flask import ( from flask_babel import Babel, gettext, format_date, format_decimal from flask.json import jsonify from searx import settings, searx_dir, searx_debug +from searx.exceptions import SearxException, SearxParameterException from searx.engines import ( categories, engines, engine_shortcuts, get_engines_stats, initialize_engines ) @@ -400,6 +401,33 @@ def pre_request(): request.user_plugins.append(plugin) +def index_error(output_format, error_message): + if output_format == 'json': + return Response(json.dumps({'error': error_message}), + mimetype='application/json') + elif output_format == 'csv': + response = Response('', mimetype='application/csv') + cont_disp = 'attachment;Filename=searx.csv' + response.headers.add('Content-Disposition', cont_disp) + return response + elif output_format == 'rss': + response_rss = render( + 'opensearch_response_rss.xml', + results=[], + q=request.form['q'] if 'q' in request.form else '', + number_of_results=0, + base_url=get_base_url(), + error_message=error_message + ) + return Response(response_rss, mimetype='text/xml') + else: + # html + request.errors.append(gettext('search error')) + return render( + 'index.html', + ) + + @app.route('/search', methods=['GET', 'POST']) @app.route('/', methods=['GET', 'POST']) def index(): @@ -408,10 +436,19 @@ def index(): Supported outputs: html, json, csv, rss. """ + # output_format + output_format = request.form.get('format', 'html') + if output_format not in ['html', 'csv', 'json', 'rss']: + output_format = 'html' + + # check if there is query if request.form.get('q') is None: - return render( - 'index.html', - ) + if output_format == 'html': + return render( + 'index.html', + ) + else: + return index_error(output_format, 'No query'), 400 # search search_query = None @@ -421,20 +458,24 @@ def index(): # search = Search(search_query) # without plugins search = SearchWithPlugins(search_query, request) result_container = search.search() - except: - request.errors.append(gettext('search error')) + except Exception as e: + # log exception logger.exception('search error') - return render( - 'index.html', - ) + # is it an invalid input parameter or something else ? + if (issubclass(e.__class__, SearxParameterException)): + return index_error(output_format, e.message), 400 + else: + return index_error(output_format, gettext('search error')), 500 + + # results results = result_container.get_ordered_results() + number_of_results = result_container.results_number() + if number_of_results < result_container.results_length(): + number_of_results = 0 # UI advanced_search = request.form.get('advanced_search', None) - output_format = request.form.get('format', 'html') - if output_format not in ['html', 'csv', 'json', 'rss']: - output_format = 'html' # output for result in results: @@ -470,10 +511,6 @@ def index(): else: result['publishedDate'] = format_date(result['publishedDate']) - number_of_results = result_container.results_number() - if number_of_results < result_container.results_length(): - number_of_results = 0 - if output_format == 'json': return Response(json.dumps({'query': search_query.query, 'number_of_results': number_of_results, |