does not show some CSAF documents (e.g. wid-sec-w-2023-2662)

[bernhardreiter]

When trying to view https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2662.json in v0.6.0 and later nothing is shown and the browser console has:

proxy.js?v=0ea9c63c:15 [HMR][Svelte] Unrecoverable HMR error in <ProductTree>: next update will trigger a full reload

Uncaught (in promise) Error: {#each} only works with iterable values.
    at ensure_array_like_dev (dev.js:218:9)
    at create_fragment (ProductTree.svelte:40:78)
    at init (Component.js:148:34)
    at new ProductTree (ProductTree.svelte:20:7)
    at createProxiedComponent (svelte-hooks.js?v=0ea9c63c:341:9)
    at new ProxyComponent (proxy.js?v=0ea9c63c:242:7)
    at new Proxy<ProductTree> (proxy.js?v=0ea9c63c:349:11)
    at Array.create_default_slot_1 (SingleView.svelte:65:46)
    at create_slot (utils.js:165:22)
    at create_fragment (Collapsible.svelte:62:20)

[bernhardreiter]

The reason is that the product_tree does not have any branches:

  "product_tree" : {
    "full_product_names" : [ {
      "name" : "OTRS OTRS < 8.0.37",
      "product_id" : "T030541"
    }, {
      "name" : "OTRS OTRS < 7.0.47",
      "product_id" : "T030542"
    } ]
  }

while the working docs/bsi-2022-0001.json does have branches.

According to https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#322-product-tree-property the branches are optional:

Product Tree (product_tree) has value type object with 1 or more properties

The properties are Branches (branches), Full Product Names (full_product_names), Product Groups (product_groups), and Relationships (relationships).

[bernhardreiter]

6eb338ebc1e793c490573a5b097af0e2f1f9e08d improves the situation, now something is shown, but the "Vulnerabilities overview" is still empty.

[bernhardreiter]

With 9ff515768c33df34baf0e2364f7fcd9c9df93b52 we explain an empty overview.