From ae03c6107dfa18e648f6fdd1280f5b89092d5d49 Mon Sep 17 00:00:00 2001 From: Chris Sewell Date: Wed, 22 Feb 2023 05:56:39 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20FIX:=20CVE-2023-26303=20(#246)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix unnecessary asserts, leading to crashes --- markdown_it/renderer.py | 20 ++++++++------------ markdown_it/rules_core/replacements.py | 3 ++- markdown_it/rules_core/smartquotes.py | 4 ++-- tests/test_port/fixtures/issue-fixes.md | 9 +++++++++ tests/test_port/test_fixtures.py | 1 + 5 files changed, 22 insertions(+), 15 deletions(-) diff --git a/markdown_it/renderer.py b/markdown_it/renderer.py index aa6272a3..81d0bc37 100644 --- a/markdown_it/renderer.py +++ b/markdown_it/renderer.py @@ -83,8 +83,8 @@ def render( for i, token in enumerate(tokens): if token.type == "inline": - assert token.children is not None - result += self.renderInline(token.children, options, env) + if token.children: + result += self.renderInline(token.children, options, env) elif token.type in self.rules: result += self.rules[token.type](tokens, i, options, env) else: @@ -206,8 +206,8 @@ def renderInlineAsText( if token.type == "text": result += token.content elif token.type == "image": - assert token.children is not None - result += self.renderInlineAsText(token.children, options, env) + if token.children: + result += self.renderInlineAsText(token.children, options, env) elif token.type == "softbreak": result += "\n" @@ -305,14 +305,10 @@ def image( # "alt" attr MUST be set, even if empty. Because it's mandatory and # should be placed on proper position for tests. - - assert ( - token.attrs and "alt" in token.attrs - ), '"image" token\'s attrs must contain `alt`' - - # Replace content with actual value - - token.attrSet("alt", self.renderInlineAsText(token.children, options, env)) + if token.children: + token.attrSet("alt", self.renderInlineAsText(token.children, options, env)) + else: + token.attrSet("alt", "") return self.renderToken(tokens, idx, options, env) diff --git a/markdown_it/rules_core/replacements.py b/markdown_it/rules_core/replacements.py index 45377d3e..5e9b7ae7 100644 --- a/markdown_it/rules_core/replacements.py +++ b/markdown_it/rules_core/replacements.py @@ -116,7 +116,8 @@ def replace(state: StateCore) -> None: for token in state.tokens: if token.type != "inline": continue - assert token.children is not None + if token.children is None: + continue if SCOPED_ABBR_RE.search(token.content): replace_scoped(token.children) diff --git a/markdown_it/rules_core/smartquotes.py b/markdown_it/rules_core/smartquotes.py index 7a39fad4..b11a5739 100644 --- a/markdown_it/rules_core/smartquotes.py +++ b/markdown_it/rules_core/smartquotes.py @@ -197,5 +197,5 @@ def smartquotes(state: StateCore) -> None: for token in state.tokens: if token.type != "inline" or not QUOTE_RE.search(token.content): continue - assert token.children is not None - process_inlines(token.children, state) + if token.children is not None: + process_inlines(token.children, state) diff --git a/tests/test_port/fixtures/issue-fixes.md b/tests/test_port/fixtures/issue-fixes.md index 0c693b04..319945af 100644 --- a/tests/test_port/fixtures/issue-fixes.md +++ b/tests/test_port/fixtures/issue-fixes.md @@ -36,3 +36,12 @@ .

💬

. + +Fix CVE-2023-26303 +. +![![]() +]([) +. +

+

+. diff --git a/tests/test_port/test_fixtures.py b/tests/test_port/test_fixtures.py index 5117c5e1..d2199caf 100644 --- a/tests/test_port/test_fixtures.py +++ b/tests/test_port/test_fixtures.py @@ -111,4 +111,5 @@ def test_strikethrough(line, title, input, expected): def test_issue_fixes(line, title, input, expected): md = MarkdownIt() text = md.render(input) + print(text) assert text.rstrip() == expected.rstrip()