This is an automated email from the ASF dual-hosted git repository.
arm pushed a commit to branch arm
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
The following commit(s) were added to refs/heads/arm by this push:
new e58a18aa Validate vulnerability URLs are http/s. Closes #768
e58a18aa is described below
commit e58a18aa235ce799557e5f156a7ea06b6c176167
Author: Alastair McFarlane <[email protected]>
AuthorDate: Mon Mar 2 15:07:31 2026 +0000
Validate vulnerability URLs are http/s. Closes #768
---
atr/get/sbom.py | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/atr/get/sbom.py b/atr/get/sbom.py
index 277a6c46..cd9612a7 100644
--- a/atr/get/sbom.py
+++ b/atr/get/sbom.py
@@ -548,8 +548,12 @@ def _vulnerability_component_details_osv(
):
is_new = True
new = new + 1
-
- vuln_header = [htm.a(href=vuln_primary_ref.get("url", ""),
target="_blank")[htm.strong(".me-2")[vuln_id]]]
+ vulnerability_url = vuln_primary_ref.get("url", "")
+ # We only show the link if it's a valid web link
+ if vulnerability_url.startswith("http"):
+ vuln_header = [htm.a(href=vulnerability_url,
target="_blank")[htm.strong(".me-2")[vuln_id]]]
+ else:
+ vuln_header = [htm.strong(".me-2")[vuln_id]]
style = f".badge.me-2{_severity_to_style(vuln_severity)}"
vuln_header.append(htm.span(style)[vuln_severity])
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
