Skip to content
This repository has been archived by the owner on Feb 15, 2024. It is now read-only.

Commit

Permalink
Merge pull request #216 from RedHatProductSecurity/fix-regex-expresio…
Browse files Browse the repository at this point in the history 
…n-everywhere

GRIF-114: make regex searches output safe everywhere
  • Loading branch information
@JimFuller-RedHat
JimFuller-RedHat authored Jun 30, 2023
2 parents c4e0645 + 8ea335d commit 88b0834
Show file tree
Hide file tree
Showing 2 changed files with 57 additions and 30 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## Unreleased

### Changed
* ensured use of regexes with verbose settings do not interact everywhere!

## [0.2.11] - 2023-06-30
### Changed
* fixed -v output with components-affected-by-flaw
Expand Down
84 changes: 54 additions & 30 deletions griffon/output.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -434,19 +434,27 @@ def text_output_products_contain_component(
if not any([match in cn for match in exclude_components]):
# select the latest nvr (from sorted list)
nvr = list(result_tree[pv][ps][cn].keys())[-1]
dep_name = re.sub(
search_component_name,
f"[b]{search_component_name}[/b]",
nvr,
)
dep = f"[grey93]{dep_name}[/grey93]"
related_url = ""
if result_tree[pv][ps][cn][nvr]["related_url"]:
related_url = re.sub(
# highlight search term
dep_name = nvr
try:
dep_name = re.sub(
search_component_name,
f"[b]{search_component_name}[/b]",
result_tree[pv][ps][cn][nvr]["related_url"],
nvr,
)
except re.error:
pass
dep = f"[grey93]{dep_name}[/grey93]"
related_url = result_tree[pv][ps][cn][nvr].get("related_url")
try:
if result_tree[pv][ps][cn][nvr]["related_url"]:
related_url = re.sub(
search_component_name,
f"[b]{search_component_name}[/b]",
result_tree[pv][ps][cn][nvr]["related_url"],
)
except re.error:
pass
build_source_url = ""
if result_tree[pv][ps][cn][nvr]["build_source_url"]:
build_source_url = result_tree[pv][ps][cn][nvr][
Expand Down Expand Up @@ -515,19 +523,27 @@ def text_output_products_contain_component(
if not any([match in cn for match in exclude_components]):
# select the latest nvr (from sorted list)
nvr = list(result_tree[pv][ps][cn].keys())[-1]
dep_name = re.sub(
search_component_name,
f"[b]{search_component_name}[/b]",
nvr,
)
dep = f"[grey93]{dep_name}[/grey93]"
related_url = ""
if result_tree[pv][ps][cn][nvr]["related_url"]:
related_url = re.sub(
# highlight search term
dep_name = nvr
try:
dep_name = re.sub(
search_component_name,
f"[b]{search_component_name}[/b]",
result_tree[pv][ps][cn][nvr]["related_url"],
nvr,
)
except re.error:
pass
dep = f"[grey93]{dep_name}[/grey93]"
related_url = result_tree[pv][ps][cn][nvr].get("related_url")
try:
if result_tree[pv][ps][cn][nvr]["related_url"]:
related_url = re.sub(
search_component_name,
f"[b]{search_component_name}[/b]",
result_tree[pv][ps][cn][nvr]["related_url"],
)
except re.error:
pass
build_source_url = ""
if result_tree[pv][ps][cn][nvr]["build_source_url"]:
build_source_url = result_tree[pv][ps][cn][nvr][
Expand Down Expand Up @@ -587,19 +603,27 @@ def text_output_products_contain_component(
if not any([match in cn for match in exclude_components]):
# select the latest nvr (from sorted list)
nvr = list(result_tree[pv][ps][cn].keys())[-1]
dep_name = re.sub(
search_component_name,
f"[b]{search_component_name}[/b]",
nvr,
)
dep = f"[grey93]{dep_name}[/grey93]"
related_url = ""
if result_tree[pv][ps][cn][nvr]["related_url"]:
related_url = re.sub(
# highlight search term
dep_name = nvr
try:
dep_name = re.sub(
search_component_name,
f"[b]{search_component_name}[/b]",
result_tree[pv][ps][cn][nvr]["related_url"],
nvr,
)
except re.error:
pass
dep = f"[grey93]{dep_name}[/grey93]"
related_url = result_tree[pv][ps][cn][nvr].get("related_url")
try:
if result_tree[pv][ps][cn][nvr]["related_url"]:
related_url = re.sub(
search_component_name,
f"[b]{search_component_name}[/b]",
result_tree[pv][ps][cn][nvr]["related_url"],
)
except re.error:
pass
build_source_url = ""
if result_tree[pv][ps][cn][nvr]["build_source_url"]:
build_source_url = result_tree[pv][ps][cn][nvr][
Expand Down

0 comments on commit 88b0834

Please sign in to comment.