Merge pull request #173 from izar/issue-172

HTML escaping missed the 'target' field when cleaning Findings
OWASP · Sep 23, 2021 · 445f3a9 · 445f3a9
2 parents 81911a9 + da975ea
commit 445f3a9
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/pytm/pytm.py b/pytm/pytm.py
@@ -687,7 +687,7 @@ def __repr__(self):
         )
 
     def __str__(self):
-        return f"{self.target}: {self.description}\n{self.details}\n{self.severity}"
+        return f"'{self.target}': {self.description}\n{self.details}\n{self.severity}"
 
 
 class TM:
@@ -775,6 +775,7 @@ def resolve(self):
 
                 finding_count += 1
                 f = Finding(e, id=str(finding_count), threat=t)
+                logger.debug(f"new finding: {f}")
                 findings.append(f)
                 elements[e].append(f)
         self.findings = findings
@@ -1855,6 +1856,9 @@ def encode_threat_data(obj):
         "condition",
     ]
 
+    if type(obj) is Finding or (len(obj) != 0 and type(obj[0]) is Finding):
+        attrs.append("target")
+
     for e in obj:
         t = copy.deepcopy(e)