Skip to content

Commit

Permalink
🐛 FIX: CVE-2023-26303 (#246)
Browse files Browse the repository at this point in the history
Fix unnecessary asserts, leading to crashes
  • Loading branch information
chrisjsewell authored Feb 22, 2023
1 parent 2c93e0b commit ae03c61
Show file tree
Hide file tree
Showing 5 changed files with 22 additions and 15 deletions.
20 changes: 8 additions & 12 deletions markdown_it/renderer.py
Original file line number Diff line number Diff line change
Expand Up @@ -83,8 +83,8 @@ def render(

for i, token in enumerate(tokens):
if token.type == "inline":
assert token.children is not None
result += self.renderInline(token.children, options, env)
if token.children:
result += self.renderInline(token.children, options, env)
elif token.type in self.rules:
result += self.rules[token.type](tokens, i, options, env)
else:
Expand Down Expand Up @@ -206,8 +206,8 @@ def renderInlineAsText(
if token.type == "text":
result += token.content
elif token.type == "image":
assert token.children is not None
result += self.renderInlineAsText(token.children, options, env)
if token.children:
result += self.renderInlineAsText(token.children, options, env)
elif token.type == "softbreak":
result += "\n"

Expand Down Expand Up @@ -305,14 +305,10 @@ def image(

# "alt" attr MUST be set, even if empty. Because it's mandatory and
# should be placed on proper position for tests.

assert (
token.attrs and "alt" in token.attrs
), '"image" token\'s attrs must contain `alt`'

# Replace content with actual value

token.attrSet("alt", self.renderInlineAsText(token.children, options, env))
if token.children:
token.attrSet("alt", self.renderInlineAsText(token.children, options, env))
else:
token.attrSet("alt", "")

return self.renderToken(tokens, idx, options, env)

Expand Down
3 changes: 2 additions & 1 deletion markdown_it/rules_core/replacements.py
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,8 @@ def replace(state: StateCore) -> None:
for token in state.tokens:
if token.type != "inline":
continue
assert token.children is not None
if token.children is None:
continue

if SCOPED_ABBR_RE.search(token.content):
replace_scoped(token.children)
Expand Down
4 changes: 2 additions & 2 deletions markdown_it/rules_core/smartquotes.py
Original file line number Diff line number Diff line change
Expand Up @@ -197,5 +197,5 @@ def smartquotes(state: StateCore) -> None:
for token in state.tokens:
if token.type != "inline" or not QUOTE_RE.search(token.content):
continue
assert token.children is not None
process_inlines(token.children, state)
if token.children is not None:
process_inlines(token.children, state)
9 changes: 9 additions & 0 deletions tests/test_port/fixtures/issue-fixes.md
Original file line number Diff line number Diff line change
Expand Up @@ -36,3 +36,12 @@
.
<p>💬</p>
.

Fix CVE-2023-26303
.
![![]()
]([)
.
<p><img src="%5B" alt="
" /></p>
.
1 change: 1 addition & 0 deletions tests/test_port/test_fixtures.py
Original file line number Diff line number Diff line change
Expand Up @@ -111,4 +111,5 @@ def test_strikethrough(line, title, input, expected):
def test_issue_fixes(line, title, input, expected):
md = MarkdownIt()
text = md.render(input)
print(text)
assert text.rstrip() == expected.rstrip()

0 comments on commit ae03c61

Please sign in to comment.