Merge pull request #67 from moonD4rk/fix/markdown

fix: Improve message rendering and markdown handling in push module
zema1 · Mar 5, 2024 · 91e231b · 91e231b
2 parents 0de9db7 + 5112562
commit 91e231b
Show file tree

Hide file tree

Showing 2 changed files with 71 additions and 2 deletions.
diff --git a/push/msg.go b/push/msg.go
@@ -1,9 +1,10 @@
 package push
 
 import (
-	"github.com/zema1/watchvuln/grab"
 	"strings"
 	"text/template"
+
+	"github.com/zema1/watchvuln/grab"
 )
 
 const vulnInfoMsg = `
@@ -60,8 +61,21 @@ var (
 	initialMsgTpl  = template.Must(template.New("markdown").Funcs(funcMap).Parse(initialMsg))
 )
 
+const (
+	maxDescriptionLength    = 500
+	maxReferenceIndexLength = 8
+)
+
 func RenderVulnInfo(v *grab.VulnInfo) string {
 	var builder strings.Builder
+	runeDescription := []rune(v.Description)
+	if len(runeDescription) > maxDescriptionLength {
+		v.Description = string(runeDescription[:maxDescriptionLength]) + "..."
+	}
+	if len(v.References) > maxReferenceIndexLength {
+		v.References = v.References[:maxReferenceIndexLength]
+	}
+	v.Description = escapeMarkdown(v.Description)
 	if err := vulnInfoMsgTpl.Execute(&builder, v); err != nil {
 		return err.Error()
 	}
@@ -119,3 +133,29 @@ func NewRawVulnInfoMessage(m *grab.VulnInfo) *RawMessage {
 		Type:    RawMessageTypeVulnInfo,
 	}
 }
+
+// escapeMarkdown escapes the special characters in the markdown text.
+// Pushing unclosed markdown tags on some IM platforms may result in formatting errors.
+// Telegram push will directly report an send request error.
+func escapeMarkdown(text string) string {
+	replacer := strings.NewReplacer(
+		"_", "\\_",
+		"*", "\\*",
+		"[", "\\[",
+		"]", "\\]",
+		"(", "\\(",
+		")", "\\)",
+		"~", "\\~",
+		"`", "\\`",
+		">", "\\>",
+		"#", "\\#",
+		"+", "\\+",
+		"-", "\\-",
+		"=", "\\=",
+		"|", "\\|",
+		"{", "\\{",
+		"}", "\\}",
+		"!", "\\!",
+	)
+	return replacer.Replace(text)
+}
diff --git a/push/msg_test.go b/push/msg_test.go
@@ -2,8 +2,11 @@ package push
 
 import (
 	"fmt"
-	"github.com/zema1/watchvuln/grab"
 	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/zema1/watchvuln/grab"
 )
 
 func TestRenderVulnInfo(t *testing.T) {
@@ -40,3 +43,29 @@ func TestRenderVulnInfo(t *testing.T) {
 	v.Solutions = ""
 	fmt.Println(RenderVulnInfo(v))
 }
+
+func TestEscapeMarkdown(t *testing.T) {
+	testCases := []struct {
+		name             string
+		inputDescription string
+		expected         string
+	}{
+		{
+			name:             "escape underscores",
+			inputDescription: "I Doc View。2023年11月，官方发布13.10.1_20231115版本，修复相关漏洞。",
+			expected:         "I Doc View。2023年11月，官方发布13.10.1\\_20231115版本，修复相关漏洞。",
+		},
+		{
+			name:             "escape asterisks",
+			inputDescription: "This is not a *bold text",
+			expected:         "This is not a \\*bold text",
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			result := escapeMarkdown(tc.inputDescription)
+			assert.Equal(t, tc.expected, result)
+		})
+	}
+}