From a66ce9b0aad90f9c65a3b2fa04f12ddb7c31451c Mon Sep 17 00:00:00 2001 From: Malte Juergens Date: Wed, 20 Dec 2023 16:12:04 +0100 Subject: [PATCH 1/3] Improve formatting checks arround advisory titles and descriptions - Check that the title doesn't contain tags or backticks - Check that titles which contain a colon are surrounded by quotes - Check that the description only contains basic html tags that should be used for formatting the description Closes https://github.com/mozilla/foundation-security-advisories/issues/136 --- .../check_advisories.py | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/foundation_security_advisories/check_advisories.py b/foundation_security_advisories/check_advisories.py index 601e2ed..88b760e 100755 --- a/foundation_security_advisories/check_advisories.py +++ b/foundation_security_advisories/check_advisories.py @@ -27,6 +27,8 @@ ) CVE_RE = re.compile('^(CVE|MFSA-TMP|MFSA-RESERVE)-20[0-9]{2}-[0-9]{1,9}$') +UNWANTED_HTML_TAG_RE = re.compile('.*(<(?!\/?(code|em|it|b|a[^>]*|ul|ol|li|br|br\/|br \/)>).*>).*') +INVALID_COLON_TITLE_LINE = re.compile('^ *title: [^\'"].*:.*[^\'"]$') md_schema = Schema({ 'mfsa_id': str, 'fixed_in': [str], @@ -122,6 +124,23 @@ def check_file(file_name): except SchemaError as e: return str(e) + if "advisories" in data: + for _, advisory in data["advisories"].items(): + if advisory["title"] != None: + if "`" in advisory["title"]: + return "Advisory title should not contain any backticks" + if "" in advisory["title"]: + return f"Advisory title should not contain any tags" + match = UNWANTED_HTML_TAG_RE.match(advisory["description"]) + if match: + return f"Advisory description should only contain basic html tags used for formatting, found {match.groups()[0]}. Consider escaping < with <" + + if file_name.endswith('.yml'): + with open(file_name, "r") as f: + for i, line in enumerate(f): + if INVALID_COLON_TITLE_LINE.match(line): + return f"If title contains a colon, it should be surrounded by quotes (line {i+1})" + return None From c3b0f04caa4fcb1869bc124c9ebbecdcdfaa4ee6 Mon Sep 17 00:00:00 2001 From: Malte Juergens Date: Wed, 20 Dec 2023 16:44:13 +0100 Subject: [PATCH 2/3] Correct problems detected by stricter formatting checks --- announce/2016/mfsa2016-85.yml | 20 ++++++++++---------- announce/2016/mfsa2016-86.yml | 12 ++++++------ announce/2016/mfsa2016-87.yml | 2 +- announce/2016/mfsa2016-88.yml | 12 ++++++------ announce/2016/mfsa2016-89.yml | 2 +- announce/2017/mfsa2017-10.yml | 2 +- announce/2017/mfsa2017-18.yml | 2 +- announce/2017/mfsa2017-30.yml | 2 +- announce/2018/mfsa2018-11.yml | 2 +- announce/2021/mfsa2021-03.yml | 2 +- announce/2021/mfsa2021-07.yml | 2 +- announce/2021/mfsa2021-23.yml | 6 +++--- announce/2021/mfsa2021-24.yml | 2 +- announce/2021/mfsa2021-26.yml | 2 +- announce/2021/mfsa2021-38.yml | 2 +- announce/2021/mfsa2021-39.yml | 4 ++-- announce/2021/mfsa2021-40.yml | 2 +- announce/2021/mfsa2021-41.yml | 2 +- announce/2021/mfsa2021-42.yml | 2 +- announce/2022/mfsa2022-24.yml | 2 +- announce/2022/mfsa2022-25.yml | 2 +- announce/2022/mfsa2022-26.yml | 2 +- announce/2022/mfsa2022-28.yml | 2 +- announce/2022/mfsa2022-30.yml | 2 +- announce/2022/mfsa2022-32.yml | 2 +- announce/2023/mfsa2023-22.yml | 2 +- 26 files changed, 48 insertions(+), 48 deletions(-) diff --git a/announce/2016/mfsa2016-85.yml b/announce/2016/mfsa2016-85.yml index c3c7351..fbd19f1 100644 --- a/announce/2016/mfsa2016-85.yml +++ b/announce/2016/mfsa2016-85.yml @@ -6,7 +6,7 @@ fixed_in: title: Security vulnerabilities fixed in Firefox 49 advisories: CVE-2016-2827: - title: Out-of-bounds read in mozilla::net::IsValidReferrerPolicy + title: "Out-of-bounds read in mozilla::net::IsValidReferrerPolicy" impact: low reporter: Atte Kettunen description: | @@ -15,7 +15,7 @@ advisories: - url: 1289085 desc: Bug 1289085 CVE-2016-5270: - title: Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString + title: "Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString" impact: high reporter: Atte Kettunen description: An out-of-bounds write of a boolean value during text conversion with some unicode characters @@ -23,7 +23,7 @@ advisories: - url: 1291016 desc: Bug 1291016 CVE-2016-5271: - title: Out-of-bounds read in PropertyProvider::GetSpacingInternal + title: "Out-of-bounds read in PropertyProvider::GetSpacingInternal" impact: low reporter: Abhishek Arya description: | @@ -41,7 +41,7 @@ advisories: - url: 129793 desc: Bug 129793 CVE-2016-5273: - title: crash in mozilla::a11y::HyperTextAccessible::GetChildOffset + title: "crash in mozilla::a11y::HyperTextAccessible::GetChildOffset" impact: high reporter: Nils description: A potentially exploitable crash in accessibility. @@ -49,7 +49,7 @@ advisories: - url: 1280387 desc: Bug 1280387 CVE-2016-5276: - title: Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList + title: "Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList" impact: high reporter: Nils description: | @@ -58,7 +58,7 @@ advisories: - url: 1287721 desc: Bug 1287721 CVE-2016-5274: - title: use-after-free in nsFrameManager::CaptureFrameState + title: "use-after-free in nsFrameManager::CaptureFrameState" impact: high reporter: Nils description: A use-after-free issue in web animations during restyling. @@ -66,7 +66,7 @@ advisories: - url: 1282076 desc: Bug 1282076 CVE-2016-5277: - title: Heap-use-after-free in nsRefreshDriver::Tick + title: "Heap-use-after-free in nsRefreshDriver::Tick" impact: high reporter: Nils description: A use-after-free vulnerability with web animations when destroying a timeline. @@ -74,7 +74,7 @@ advisories: - url: 1291665 desc: Bug 1291665 CVE-2016-5275: - title: Buffer overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions + title: "Buffer overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions " impact: critical reporter: Nils description: A buffer overflow when working with empty filters during canvas rendering. @@ -82,7 +82,7 @@ advisories: - url: 1287316 desc: Bug 1287316 CVE-2016-5278: - title: Heap-buffer-overflow in nsBMPEncoder::AddImageFrame + title: "Heap-buffer-overflow in nsBMPEncoder::AddImageFrame" impact: critical reporter: Nils description: A potentially exploitable crash caused by a buffer overflow while encoding image frames to images. @@ -98,7 +98,7 @@ advisories: - url: 1249522 desc: Bug 1249522 CVE-2016-5280: - title: Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap + title: "Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap" impact: high reporter: Mei Wang description: Use-after-free vulnerability when changing text direction. diff --git a/announce/2016/mfsa2016-86.yml b/announce/2016/mfsa2016-86.yml index a48a0ab..e27d773 100644 --- a/announce/2016/mfsa2016-86.yml +++ b/announce/2016/mfsa2016-86.yml @@ -6,7 +6,7 @@ fixed_in: title: Security vulnerabilities fixed in Firefox ESR 45.4 advisories: CVE-2016-5270: - title: Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString + title: "Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString" impact: high reporter: Atte Kettunen description: An out-of-bounds write of a boolean value during text conversion with some unicode characters @@ -23,7 +23,7 @@ advisories: - url: 129793 desc: Bug 129793 CVE-2016-5276: - title: Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList + title: "Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList" impact: high reporter: Nils description: | @@ -32,7 +32,7 @@ advisories: - url: 1287721 desc: Bug 1287721 CVE-2016-5274: - title: use-after-free in nsFrameManager::CaptureFrameState + title: "use-after-free in nsFrameManager::CaptureFrameState" impact: high reporter: Nils description: A use-after-free issue in web animations during restyling. @@ -40,7 +40,7 @@ advisories: - url: 1282076 desc: Bug 1282076 CVE-2016-5277: - title: Heap-use-after-free in nsRefreshDriver::Tick + title: "Heap-use-after-free in nsRefreshDriver::Tick" impact: high reporter: Nils description: A use-after-free vulnerability with web animations when destroying a timeline. @@ -48,7 +48,7 @@ advisories: - url: 1291665 desc: Bug 1291665 CVE-2016-5278: - title: Heap-buffer-overflow in nsBMPEncoder::AddImageFrame + title: "Heap-buffer-overflow in nsBMPEncoder::AddImageFrame" impact: critical reporter: Nils description: A potentially exploitable crash caused by a buffer overflow while encoding image frames to images. @@ -56,7 +56,7 @@ advisories: - url: 1294677 desc: Bug 1294677 CVE-2016-5280: - title: Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap + title: "Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap" impact: high reporter: Mei Wang description: Use-after-free vulnerability when changing text direction. diff --git a/announce/2016/mfsa2016-87.yml b/announce/2016/mfsa2016-87.yml index cb8153b..f7c935f 100644 --- a/announce/2016/mfsa2016-87.yml +++ b/announce/2016/mfsa2016-87.yml @@ -6,7 +6,7 @@ fixed_in: title: Security vulnerabilities fixed in Firefox 49.0.2 advisories: CVE-2016-5287: - title: Crash in nsTArray_base<T>::SwapArrayElements + title: "Crash in nsTArray_base<T>::SwapArrayElements" impact: high reporter: Philipp description: A potentially exploitable use-after-free crash during actor destruction with service workers. This issue does not affect releases earlier than Firefox 49. diff --git a/announce/2016/mfsa2016-88.yml b/announce/2016/mfsa2016-88.yml index 3d6d3de..350e1df 100644 --- a/announce/2016/mfsa2016-88.yml +++ b/announce/2016/mfsa2016-88.yml @@ -8,7 +8,7 @@ description: | *In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.* advisories: CVE-2016-5270: - title: Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString + title: "Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString" impact: high reporter: Atte Kettunen description: An out-of-bounds write of a boolean value during text conversion with some unicode characters. @@ -24,7 +24,7 @@ advisories: - url: 1297934 desc: 1297934 CVE-2016-5276: - title: Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList + title: "Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList" impact: high reporter: Nils description: A use-after-free vulnerability triggered by setting a aria-owns attribute @@ -32,7 +32,7 @@ advisories: - url: 1287721 desc: 1287721 CVE-2016-5274: - title: use-after-free in nsFrameManager::CaptureFrameState + title: "use-after-free in nsFrameManager::CaptureFrameState" impact: high reporter: Nils description: A use-after-free issue in web animations during restyling. @@ -40,7 +40,7 @@ advisories: - url: 1282076 desc: 1282076 CVE-2016-5277: - title: Heap-use-after-free in nsRefreshDriver::Tick + title: "Heap-use-after-free in nsRefreshDriver::Tick" impact: high reporter: Nils description: A use-after-free vulnerability with web animations when destroying a timeline @@ -48,7 +48,7 @@ advisories: - url: 1291665 desc: 1291665 CVE-2016-5278: - title: Heap-buffer-overflow in nsBMPEncoder::AddImageFrame + title: "Heap-buffer-overflow in nsBMPEncoder::AddImageFrame" impact: critical reporter: Nils description: A potentially exploitable crash caused by a buffer overflow while encoding image frames to images @@ -56,7 +56,7 @@ advisories: - url: 1294677 desc: 1294677 CVE-2016-5280: - title: Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap + title: "Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap" impact: high reporter: Mei Wang description: Use-after-free vulnerability when changing text direction diff --git a/announce/2016/mfsa2016-89.yml b/announce/2016/mfsa2016-89.yml index 2a7d61a..d80826c 100644 --- a/announce/2016/mfsa2016-89.yml +++ b/announce/2016/mfsa2016-89.yml @@ -73,7 +73,7 @@ advisories: - url: 1299686 desc: CVE-2016-9067: - title: heap-use-after-free in nsINode::ReplaceOrInsertBefore + title: "heap-use-after-free in nsINode::ReplaceOrInsertBefore" impact: high reporter: Nils description: Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. diff --git a/announce/2017/mfsa2017-10.yml b/announce/2017/mfsa2017-10.yml index f8d998e..779c6aa 100644 --- a/announce/2017/mfsa2017-10.yml +++ b/announce/2017/mfsa2017-10.yml @@ -235,7 +235,7 @@ advisories: bugs: - url: 1340127 CVE-2017-5450: - title: "Addressbar spoofing using javascript: URI on Firefox for Android" + title: "Addressbar spoofing using javascript: URI on Firefox for Android" impact: moderate reporter: Haosheng Wang description: | diff --git a/announce/2017/mfsa2017-18.yml b/announce/2017/mfsa2017-18.yml index 54dc8a5..9cec8a2 100755 --- a/announce/2017/mfsa2017-18.yml +++ b/announce/2017/mfsa2017-18.yml @@ -182,7 +182,7 @@ advisories: bugs: - url: 1360842 CVE-2017-7788: - title: Sandboxed about:srcdoc iframes do not inherit CSP directives + title: "Sandboxed about:srcdoc iframes do not inherit CSP directives" impact: low reporter: Muneaki Nishimura description: | diff --git a/announce/2017/mfsa2017-30.yml b/announce/2017/mfsa2017-30.yml index 4a3c55e..ab60da2 100644 --- a/announce/2017/mfsa2017-30.yml +++ b/announce/2017/mfsa2017-30.yml @@ -14,7 +14,7 @@ advisories: bugs: - url: 1402372 CVE-2017-7846: - title: JavaScript Execution via RSS in mailbox:// origin + title: "JavaScript Execution via RSS in mailbox:// origin" impact: high reporter: cure53 description: | diff --git a/announce/2018/mfsa2018-11.yml b/announce/2018/mfsa2018-11.yml index 474e0a0..99523c2 100644 --- a/announce/2018/mfsa2018-11.yml +++ b/announce/2018/mfsa2018-11.yml @@ -175,7 +175,7 @@ advisories: bugs: - url: 1451452 CVE-2018-5180: - title: heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced + title: "heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced" impact: low reporter: Nils description: | diff --git a/announce/2021/mfsa2021-03.yml b/announce/2021/mfsa2021-03.yml index 0157187..b1ac6a0 100644 --- a/announce/2021/mfsa2021-03.yml +++ b/announce/2021/mfsa2021-03.yml @@ -78,7 +78,7 @@ advisories: bugs: - url: 1677940 CVE-2021-23962: - title: 'Use-after-poison in nsTreeBodyFrame::RowCountChanged' + title: 'Use-after-poison in "nsTreeBodyFrame::RowCountChanged"' impact: low reporter: Chiaki ISHIKAWA description: | diff --git a/announce/2021/mfsa2021-07.yml b/announce/2021/mfsa2021-07.yml index 640d7db..bb25b39 100644 --- a/announce/2021/mfsa2021-07.yml +++ b/announce/2021/mfsa2021-07.yml @@ -70,7 +70,7 @@ advisories: bugs: - url: 1683536 CVE-2021-23975: - title: about:memory Measure function caused an incorrect pointer operation + title: "about:memory Measure function caused an incorrect pointer operation" impact: low reporter: Brian Carpenter of Geeknik Labs & Farm description: | diff --git a/announce/2021/mfsa2021-23.yml b/announce/2021/mfsa2021-23.yml index fb77776..ef33982 100644 --- a/announce/2021/mfsa2021-23.yml +++ b/announce/2021/mfsa2021-23.yml @@ -24,11 +24,11 @@ advisories: bugs: - url: 1675965 CVE-2021-29961: - title: Firefox UI spoof using `" elements and CSS scaling impact: moderate reporter: Irvan Kurniawan description: | - When styling and rendering an oversized `