From ae03c6107dfa18e648f6fdd1280f5b89092d5d49 Mon Sep 17 00:00:00 2001
From: Chris Sewell <chrisj_sewell@hotmail.com>
Date: Wed, 22 Feb 2023 05:56:39 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20FIX:=20CVE-2023-26303=20(#246)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Bug-Debian: https://bugs.debian.org/1031764

Fix unnecessary asserts, leading to crashes
---
 markdown_it/renderer.py                 | 20 ++++++++------------
 markdown_it/rules_core/replacements.py  |  3 ++-
 markdown_it/rules_core/smartquotes.py   |  4 ++--
 tests/test_port/fixtures/issue-fixes.md |  9 +++++++++
 tests/test_port/test_fixtures.py        |  1 +
 5 files changed, 22 insertions(+), 15 deletions(-)

Index: markdown-it-py-2.1.0/markdown_it/renderer.py
===================================================================
--- markdown-it-py-2.1.0.orig/markdown_it/renderer.py	2023-03-31 07:50:21.639213371 -0300
+++ markdown-it-py-2.1.0/markdown_it/renderer.py	2023-03-31 07:50:21.635213318 -0300
@@ -84,8 +84,8 @@
         for i, token in enumerate(tokens):
 
             if token.type == "inline":
-                assert token.children is not None
-                result += self.renderInline(token.children, options, env)
+                if token.children:
+                    result += self.renderInline(token.children, options, env)
             elif token.type in self.rules:
                 result += self.rules[token.type](tokens, i, options, env)
             else:
@@ -207,8 +207,8 @@
             if token.type == "text":
                 result += token.content
             elif token.type == "image":
-                assert token.children is not None
-                result += self.renderInlineAsText(token.children, options, env)
+                if token.children:
+                    result += self.renderInlineAsText(token.children, options, env)
             elif token.type == "softbreak":
                 result += "\n"
 
@@ -306,14 +306,10 @@
 
         # "alt" attr MUST be set, even if empty. Because it's mandatory and
         # should be placed on proper position for tests.
-
-        assert (
-            token.attrs and "alt" in token.attrs
-        ), '"image" token\'s attrs must contain `alt`'
-
-        # Replace content with actual value
-
-        token.attrSet("alt", self.renderInlineAsText(token.children, options, env))
+        if token.children:
+            token.attrSet("alt", self.renderInlineAsText(token.children, options, env))
+        else:
+            token.attrSet("alt", "")
 
         return self.renderToken(tokens, idx, options, env)
 
Index: markdown-it-py-2.1.0/markdown_it/rules_core/replacements.py
===================================================================
--- markdown-it-py-2.1.0.orig/markdown_it/rules_core/replacements.py	2023-03-31 07:50:21.639213371 -0300
+++ markdown-it-py-2.1.0/markdown_it/rules_core/replacements.py	2023-03-31 07:50:21.635213318 -0300
@@ -116,7 +116,8 @@
     for token in state.tokens:
         if token.type != "inline":
             continue
-        assert token.children is not None
+        if token.children is None:
+            continue
 
         if SCOPED_ABBR_RE.search(token.content):
             replace_scoped(token.children)
Index: markdown-it-py-2.1.0/markdown_it/rules_core/smartquotes.py
===================================================================
--- markdown-it-py-2.1.0.orig/markdown_it/rules_core/smartquotes.py	2023-03-31 07:50:21.639213371 -0300
+++ markdown-it-py-2.1.0/markdown_it/rules_core/smartquotes.py	2023-03-31 07:50:21.635213318 -0300
@@ -198,5 +198,5 @@
 
         if token.type != "inline" or not QUOTE_RE.search(token.content):
             continue
-        assert token.children is not None
-        process_inlines(token.children, state)
+        if token.children is not None:
+            process_inlines(token.children, state)
Index: markdown-it-py-2.1.0/tests/test_port/fixtures/issue-fixes.md
===================================================================
--- markdown-it-py-2.1.0.orig/tests/test_port/fixtures/issue-fixes.md	2023-03-31 07:50:21.639213371 -0300
+++ markdown-it-py-2.1.0/tests/test_port/fixtures/issue-fixes.md	2023-03-31 07:50:21.635213318 -0300
@@ -36,3 +36,12 @@
 .
 <p>💬</p>
 .
+
+Fix CVE-2023-26303
+.
+![![]()
+]([)
+.
+<p><img src="%5B" alt="
+" /></p>
+.
Index: markdown-it-py-2.1.0/tests/test_port/test_fixtures.py
===================================================================
--- markdown-it-py-2.1.0.orig/tests/test_port/test_fixtures.py	2023-03-31 07:50:21.639213371 -0300
+++ markdown-it-py-2.1.0/tests/test_port/test_fixtures.py	2023-03-31 07:50:21.635213318 -0300
@@ -111,4 +111,5 @@
 def test_issue_fixes(line, title, input, expected):
     md = MarkdownIt()
     text = md.render(input)
+    print(text)
     assert text.rstrip() == expected.rstrip()