search

mitre / heimdall2

Heimdall Enterprise Server 2 lets you view, store, and compare automated security control scan results.
Other
206 stars 61 forks source link

HTML export doesn't render html properly in some cases [BUG] #6038

Open kemley76 opened 2 months ago

kemley76 commented 2 months ago

Describe the bug When exporting some hdf files to HTML, the resulting HTML file contains unrendered HTML tags that are not present in the original HDF.

To Reproduce Steps to reproduce the behavior:

  1. Go to https://heimdall-lite.mitre.org/
  2. Import sample "Fortify Heimdall_tools Sample"
  3. Note the titles of the first controls (no HTML tags present)
  4. Export as HTML
  5. View HTML and note unrendered html tags in output

Expected behavior The tags should be rendered as HTML properly, not as raw text. The tags appear to be coming from the html template file used to generate the output HTML.

image
kemley76 commented 2 months ago

After a bit of investigation, this appears to be an issue with how the Fortify mapper is working because these XML tags appear in the HDF Json export as well.

charleshu-8 commented 2 months ago

HTML mapper directly converts from OHDF outputs, which in this case includes these tags in the final OHDF JSON output. I can add some tag cleaning before the HTML mapper outputs a file to prevent this in the future.