fix: corrected security advisory parser

thorsten · thorsten · commit 438d72b7ca2b · 2025-10-11T20:22:24.000+02:00
diff --git a/src/app/security/[advisory]/page.tsx b/src/app/security/[advisory]/page.tsx
@@ -4,6 +4,7 @@ import { join } from 'path'
 import PageLayout from '@/components/PageLayout'
 import { generatePageMetadata } from '@/components/PageLayout'
 import { Metadata } from 'next'
+import { parseAdvisoryToHTML } from '@/lib/securityAdvisory'
 
 interface SecurityAdvisoryPageProps {
   params: Promise<{
@@ -38,87 +39,6 @@ function getAdvisoryContent(advisory: string): { title: string; description: str
   }
 }
 
-// Function to convert Markdown content to JSX
-function parseAdvisoryContent(content: string): React.JSX.Element {
-  // Robust parser: group consecutive metadata lines into a single <dl class="dl-horizontal">
-  const lines = content.split('\n')
-
-  const htmlParts: string[] = []
-  let inDl = false
-
-  const closeDlIfOpen = () => {
-    if (inDl) {
-      htmlParts.push('</dl>')
-      inDl = false
-    }
-  }
-
-  for (let line of lines) {
-    let l = line.trim()
-
-    // Skip empty lines, but ensure we close an open DL
-    if (l.length === 0) {
-      closeDlIfOpen()
-      continue
-    }
-
-    // Keep raw HTML intact
-    if (l.startsWith('<')) {
-      closeDlIfOpen()
-      htmlParts.push(l)
-      continue
-    }
-
-    // Headings
-    if (l.startsWith('#### ')) {
-      closeDlIfOpen()
-      htmlParts.push(`<h4>${l.substring(5)}</h4>`)
-      continue
-    }
-    if (l.startsWith('### ')) {
-      closeDlIfOpen()
-      htmlParts.push(`<h3>${l.substring(4)}</h3>`)
-      continue
-    }
-    if (l.startsWith('## ')) {
-      closeDlIfOpen()
-      htmlParts.push(`<h2>${l.substring(3)}</h2>`)
-      continue
-    }
-
-    // Metadata lines like **Issued on::** 2004-07-27 or **Risk:** medium
-    // Strategy: capture bold label and the value; strip trailing colons from label
-    const metaMatch = l.match(/^\*\*(.+?)\*\*\s*(.+)$/)
-    if (metaMatch) {
-      let labelRaw = metaMatch[1].trim()
-      const value = metaMatch[2].trim()
-
-      // Accept labels with one or more trailing colons inside the bold
-      labelRaw = labelRaw.replace(/:+\s*$/, '').trim()
-
-      if (!inDl) {
-        htmlParts.push('<dl class="dl-horizontal">')
-        inDl = true
-      }
-
-      htmlParts.push(`<dt>${labelRaw}:</dt><dd>${value}</dd>`)
-      continue
-    }
-
-    // Default: wrap as paragraph
-    closeDlIfOpen()
-    htmlParts.push(`<p>${l}</p>`)
-  }
-
-  // Close any open DL at the end
-  if (inDl) {
-    htmlParts.push('</dl>')
-  }
-
-  const processedContent = htmlParts.join('\n').replace(/\n+/g, '\n').trim()
-  return <div dangerouslySetInnerHTML={{ __html: processedContent }} />
-}
-
 export async function generateStaticParams() {
   // Read all security advisory files from the content/security directory
   const { readdirSync } = await import('fs')
@@ -166,8 +86,8 @@ export default async function SecurityAdvisoryPage({ params }: SecurityAdvisoryP
     notFound()
   }
   
-  const contentElement = parseAdvisoryContent(advisoryData.content)
-  
+  const html = parseAdvisoryToHTML(advisoryData.content)
+
   return (
     <PageLayout title={advisoryData.title}>
       <div className="row">
@@ -179,7 +99,7 @@ export default async function SecurityAdvisoryPage({ params }: SecurityAdvisoryP
             </ol>
           </nav>
 
-          {contentElement}
+          <div dangerouslySetInnerHTML={{ __html: html }} />
         </div>
       </div>
     </PageLayout>
diff --git a/src/lib/securityAdvisory.ts b/src/lib/securityAdvisory.ts
@@ -0,0 +1,78 @@
+// Parser für Security-Advisory-Markdown in einen HTML-String
+// - Gruppiert aufeinanderfolgende Metadaten-Zeilen (**Label:** Wert) in ein gemeinsames <dl class="dl-horizontal">
+// - Belässt vorhandenes HTML unverändert
+// - Unterstützt Überschriften (##/###/####) und einfache Absätze pro Zeile
+
+export function parseAdvisoryToHTML(content: string): string {
+  const lines = content.split('\n')
+  const htmlParts: string[] = []
+  let inDl = false
+
+  const closeDlIfOpen = () => {
+    if (inDl) {
+      htmlParts.push('</dl>')
+      inDl = false
+    }
+  }
+
+  for (let rawLine of lines) {
+    const l = rawLine.trim()
+
+    if (l.length === 0) {
+      closeDlIfOpen()
+      continue
+    }
+
+    // Bewahre vorhandenes HTML
+    if (l.startsWith('<')) {
+      closeDlIfOpen()
+      htmlParts.push(l)
+      continue
+    }
+
+    // Überschriften
+    if (l.startsWith('#### ')) {
+      closeDlIfOpen()
+      htmlParts.push(`<h4>${l.substring(5)}</h4>`)
+      continue
+    }
+    if (l.startsWith('### ')) {
+      closeDlIfOpen()
+      htmlParts.push(`<h3>${l.substring(4)}</h3>`)
+      continue
+    }
+    if (l.startsWith('## ')) {
+      closeDlIfOpen()
+      htmlParts.push(`<h2>${l.substring(3)}</h2>`)
+      continue
+    }
+
+    // Metadaten-Zeilen wie **Issued on::** 2004-07-27
+    const metaMatch = l.match(/^\*\*(.+?)\*\*\s*(.+)$/)
+    if (metaMatch) {
+      let labelRaw = metaMatch[1].trim()
+      const value = metaMatch[2].trim()
+
+      // Entferne einen oder mehrere abschließende Doppelpunkte innerhalb des Labels
+      labelRaw = labelRaw.replace(/:+\s*$/, '').trim()
+
+      if (!inDl) {
+        htmlParts.push('<dl class="dl-horizontal">')
+        inDl = true
+      }
+
+      htmlParts.push(`<dt>${labelRaw}:</dt><dd>${value}</dd>`)
+      continue
+    }
+
+    // Standard: Absatz
+    closeDlIfOpen()
+    htmlParts.push(`<p>${l}</p>`)
+  }
+
+  // Offenes DL schließen
+  closeDlIfOpen()
+
+  return htmlParts.join('\n').replace(/\n+/g, '\n').trim()
+}
+
diff --git a/src/test/security-advisory-parser.spec.tsx b/src/test/security-advisory-parser.spec.tsx
@@ -0,0 +1,24 @@
+import { describe, it, expect } from 'vitest'
+import { parseAdvisoryToHTML } from '@/lib/securityAdvisory'
+
+describe('parseAdvisoryContent', () => {
+  it('groups metadata lines into a single dl with correct dt/dd pairs', () => {
+    const md = `## Vulnerability in phpMyFAQ version 1.4.0
+                        **Issued on::** 2004-07-27
+                        **Software::** phpMyFAQ version 1.4.0
+                        **Risk::** medium
+                        **Platforms::** all
+
+                    The phpMyFAQ Team has learned of a security vulnerability in phpMyFAQ version 1.4.0.
+`
+
+    const html = parseAdvisoryToHTML(md)
+
+    expect(html).toContain('<h2>Vulnerability in phpMyFAQ version 1.4.0</h2>')
+    expect(html).toContain('<dl class="dl-horizontal">')
+    expect(html).toContain('<dt>Issued on:</dt><dd>2004-07-27</dd>')
+    expect(html).toContain('<dt>Software:</dt><dd>phpMyFAQ version 1.4.0</dd>')
+    expect(html).toContain('<dt>Risk:</dt><dd>medium</dd>')
+    expect(html).toContain('<dt>Platforms:</dt><dd>all</dd>')
+  })
+})
