chg: [website] Markdown code from GitHub, PySec and VarIoT advisories…

… is now rendered.
cve-search · Jul 16, 2024 · f9af561 · f9af561
1 parent 0366c2f
commit f9af561
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 29 deletions.
diff --git a/website/web/bootstrap.py b/website/web/bootstrap.py
@@ -7,7 +7,7 @@
 from datetime import datetime
 from dateutil.parser import parse  # type: ignore[import-untyped]
 
-import markdown
+import markdown  # type: ignore[import-untyped]
 from flask import Flask
 from flask_bootstrap import Bootstrap5  # type: ignore[import-untyped]
 from flask_migrate import Migrate  # type: ignore[import-untyped]
@@ -100,7 +100,10 @@ def string_to_datetime(value: str, format: str = "%Y %b %d") -> str:
 
 
 def to_markdown(value: str) -> str:
-    return markdown.markdown(value)
+    try:
+        return markdown.markdown(value)
+    except Exception:
+        return value
 
 
 def hash(value: str) -> str:

diff --git a/website/web/templates/recent.html b/website/web/templates/recent.html
@@ -101,43 +101,43 @@ <h1>Recent vulnerabilities</h1>
             <td class="datetime" title="{{vuln['cveMetadata']['dateUpdated']}}">{{vuln['cveMetadata']['dateUpdated']}}</td>
 
           </tr>
-      {%elif source == "github" %}
-      <tr>
-        <th scope="row">
-              <a href="{{url_for('home_bp.vulnerability_view', vulnerability_id=vuln_id)}}">{{vuln_id}}</a>
-        (<a href="https://github.com/advisories/{{vuln_id}}">github</a>)
-        </th>
-        <td>{{vuln['details']}}</td>
-      </tr>
-          {%elif source == "pysec" %}
+          {%elif source == "github" %}
+          <tr>
+            <th scope="row">
+                  <a href="{{url_for('home_bp.vulnerability_view', vulnerability_id=vuln_id)}}">{{vuln_id}}</a>
+            (<a href="https://github.com/advisories/{{vuln_id}}">github</a>)
+            </th>
+            <td>{{ vuln['details'] }}</td>
+          </tr>
+          {% elif source == "pysec" %}
           <tr>
             <th scope="row">
                 <a href="{{url_for('home_bp.vulnerability_view', vulnerability_id=vuln_id)}}">{{vuln_id}}</a>
             </th>
             <td>{{vuln['details']}}</td>
           </tr>
-          {%elif source == "ossf_malicious_packages" %}
+          {% elif source == "ossf_malicious_packages" %}
           <tr>
             <th scope="row">
                 <a href="{{url_for('home_bp.vulnerability_view', vulnerability_id=vuln_id)}}">{{vuln_id}}</a>
             </th>
             <td>{{vuln['details']}}</td>
           </tr>
-          {%elif source == "csaf_certbund" %}
+          {% elif source == "csaf_certbund" %}
           <tr>
             <th scope="row">
                 <a href="{{url_for('home_bp.vulnerability_view', vulnerability_id=vuln_id)}}">{{vuln_id}}</a>
             </th>
             <td>{{vuln['document']['title']}}</td>
           </tr>
-          {%elif source == "csaf_siemens" %}
+          {% elif source == "csaf_siemens" %}
           <tr>
             <th scope="row">
                 <a href="{{url_for('home_bp.vulnerability_view', vulnerability_id=vuln_id)}}">{{vuln_id}}</a>
             </th>
             <td>{{vuln['document']['title']}}</td>
           </tr>
-          {%elif source == "csaf_redhat" %}
+          {% elif source == "csaf_redhat" %}
           <tr>
             <th scope="row">
                 <a href="{{url_for('home_bp.vulnerability_view', vulnerability_id=vuln_id)}}">{{vuln_id}}</a>
@@ -148,68 +148,68 @@ <h1>Recent vulnerabilities</h1>
               {%endif%}
             </td>
           </tr>
-          {%elif source == "csaf_cisa" %}
+          {% elif source == "csaf_cisa" %}
           <tr>
             <th scope="row">
                 <a href="{{url_for('home_bp.vulnerability_view', vulnerability_id=vuln_id)}}">{{vuln_id}}</a>
             </th>
             <td>{{vuln['document']['title']}}</td>
           </tr>
-          {%elif source == "csaf_cisco" %}
+          {% elif source == "csaf_cisco" %}
           <tr>
             <th scope="row">
                 <a href="{{url_for('home_bp.vulnerability_view', vulnerability_id=vuln_id)}}">{{vuln_id}}</a>
             </th>
             <td>{{vuln['document']['title']}}</td>
           </tr>
-          {%elif source == "csaf_sick" %}
+          {% elif source == "csaf_sick" %}
           <tr>
             <th scope="row">
                 <a href="{{url_for('home_bp.vulnerability_view', vulnerability_id=vuln_id)}}">{{vuln_id}}</a>
             </th>
             <td>{{vuln['document']['title']}}</td>
           </tr>
-          {%elif source == "csaf_ox" %}
+          {% elif source == "csaf_ox" %}
           <tr>
             <th scope="row">
                 <a href="{{url_for('home_bp.vulnerability_view', vulnerability_id=vuln_id)}}">{{vuln_id}}</a>
             </th>
             <td>{{vuln['document']['title']}}</td>
           </tr>
-          {%elif source == "csaf_nozominetworks" %}
+          {% elif source == "csaf_nozominetworks" %}
           <tr>
             <th scope="row">
                 <a href="{{url_for('home_bp.vulnerability_view', vulnerability_id=vuln_id)}}">{{vuln_id}}</a>
             </th>
             <td>{{vuln['document']['title']}}</td>
           </tr>
-          {%elif source == "gsd"%}
+          {% elif source == "gsd"%}
           <tr>
             <th scope="row">
               <a href="{{url_for('home_bp.vulnerability_view', vulnerability_id=vuln_id)}}">{{vuln_id}}</a>
             </th>
             <td>The format of the source doesn't require a description, click on the link for more details</td>
           </tr>
-          {%elif source == "variot" %}
+          {% elif source == "variot" %}
           <tr>
             <th scope="row">
                 <a href="{{url_for('home_bp.vulnerability_view', vulnerability_id=vuln_id)}}">{{vuln_id}}</a>
             </th>
             <td>{{vuln['description']['data']}}</td>
           </tr>
-      {%else%}
+      {% else %}
       <tr>
         <td colspan="1">
-        <pre>{{vuln|tojson(indent=2)}}</pre>
+        <pre>{{ vuln | tojson(indent=2) }}</pre>
         </td>
       </tr>
-      {%endif%}
-      {%endfor%}
+      {% endif %}
+      {% endfor %}
       </tbody>
     </table>
   </div>
 </div>
-  {%endfor%}
+  {% endfor %}
 </div>
 <nav aria-label="Navigate vulnerabilities">
   <ul class="pagination justify-content-center">

diff --git a/website/web/templates/vulnerability_templates.html b/website/web/templates/vulnerability_templates.html
@@ -371,7 +371,7 @@ <h5 class="card-title"><a href="{{ url_for('home_bp.vulnerability_view', vulnera
     <h6 class="card-subtitle mb-2 text-body-secondary">
       Vulnerability from <a href="https://github.com/pypa/advisory-database" rel="noreferrer" target="_blank">{{source}}</a>
     </h6>
-    <p class="card-text">{{vulnerability_data['details']}}</p>
+    <p class="card-text">{{ vulnerability_data['details'] | markdown | safe }}</p>
     {{ collapse_raw(source, vulnerability_id, vulnerability_data) }}
   </div>
 </div>
@@ -384,7 +384,7 @@ <h5 class="card-title"><a href="{{ url_for('home_bp.vulnerability_view', vulnera
     <h6 class="card-subtitle mb-2 text-body-secondary">
       Vulnerability from <a href="https://www.variotdbs.pl/vulns/"  rel="noreferrer" target="_blank">{{source}}</a>
     </h6>
-    <p class="card-text">{{vulnerability_data['description']['data']}}</p>
+    <p class="card-text">{{ vulnerability_data['description']['data'] | markdown | safe }}</p>
     <a href="https://www.variotdbs.pl/vuln/{{vulnerability_id}}" class="card-link"  rel="noreferrer" target="_blank">Show details on source website</a>
     {{ collapse_raw(source, vulnerability_id, vulnerability_data) }}
   </div>