Crashing on https://csaf.data.security.nozominetworks.com/provider-metadata.json

[bernhardreiter]

Displaying https://csaf-poc.github.io/csaf_webview/feed?q=https://csaf.data.security.nozominetworks.com/provider-metadata.json

and clicking on "Distribution 1" gives me a crash with 1.0.0 and the following error message in Chromium:

3.57fc9617.js:1 Uncaught (in promise) TypeError: Cannot read properties of undefined (reading 'feeds')
    at Ot (3.57fc9617.js:1:19527)
    at At (index.7a644faf.js:1:6007)
    at new Nt (3.57fc9617.js:1:19777)
    at Array.Bt (3.57fc9617.js:1:20618)
    at A (scheduler.cc1c0861.js:1:571)
    at dn (Spinner.f025728e.js:1:11991)
    at Object.p (Spinner.f025728e.js:1:13240)
    at z (scheduler.cc1c0861.js:1:1898)
    at M (scheduler.cc1c0861.js:1:1553)
Spinner.f025728e.js:1 Uncaught TypeError: Cannot read properties of null (reading 'getBoundingClientRect')
    at Spinner.f025728e.js:1:13786

[bernhardreiter]

The main problem is that the application is frozen and thus unresponsive afterwards.

[JanHoefelmeyer]

The webviewer is apparently trying to parse the Directory Listings of the PMD as ROLIE feeds, since the webviewer was only developed to handle ROLIE feeds. This shouldn't cause a crash, so it's still a bug to fix.

Note: https://csaf-poc.github.io/csaf_webview/feed?q=https://csaf.data.security.nozominetworks.com/provider-metadata.json passes the CSAF-checker test, albeit warning that the files have the wrong format:

"The content type of https://security.nozominetworks.com/csaf/2023/nn-2023_9-01.json should be 'application/json' but is 'application/json; charset=utf-8'"

However, this seems to be unrelated to the issue at hand.

[ThomasJunk]

Commit 309b4a7 should fix the issue.

[bernhardreiter]

Commit 309b4a7 should fix the issue.

And does it fix the issue in your test and analysis?

If so, can you coordinate a new release and deployment, e.g. with @JanHoefelmeyer?