Merge pull request #681 from DIVD-NL/faster-validation

Using HTML5validator action
DIVD-NL · Nov 27, 2023 · ff3aa4d · ff3aa4d
2 parents 22a32e8 + 0bd5739
commit ff3aa4d
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 4 deletions.
diff --git a/.github/workflows/build_pages_native.yml b/.github/workflows/build_pages_native.yml
@@ -25,8 +25,10 @@ jobs:
         uses: actions/setup-python@v4
         with:
           python-version: '3.7'
+#      - name: install prerequisites
+#        run:  pip3 install html5validator requests && gem install --no-document html-proofer
       - name: install prerequisites
-        run:  pip3 install html5validator requests && gem install --no-document html-proofer
+        run:  pip3 install requests 
       - name: Update external content
         run:  ./update.sh
       - name: Clean up stubs
@@ -35,8 +37,18 @@ jobs:
         run:  bundle exec jekyll build  --future 2>&1 | tee jekyll-build.log
       - name: "Fix security.txt"
         run: mkdir _site/.well-known && (cd _site/.well-known && ln -s ../security.txt) && ls -al _site/.well-known
+#      - name: Test HTML code
+#        run:  ./proof_html.sh
       - name: Test HTML code
-        run:  ./proof_html.sh
+        uses: Cyb3r-Jak3/[email protected]
+        with:
+          root: _site/
+      - name: Upload HTML test report 
+        uses: actions/upload-artifact@v3
+        if: success() || failure() # Run even if we had an error
+        with:
+          name: html5validator_log
+          path: log.log
       - name: rsync deploy
         uses: burnett01/[email protected]
         if:   ${{ github.ref == 'refs/heads/main' }}

diff --git a/_config.yml b/_config.yml
@@ -54,7 +54,16 @@ defaults:
     scope:
       path: "" # an empty string here means all files in the project
     values:
-      layout: "default"    
+      layout: "default"  
+
+compress_html:
+  clippings: all
+  comments: [""]
+  endings: [html, head, body, li, dt, dd, rt, rp, optgroup, option, colgroup, caption, thead, tbody, tfoot, tr, td, th]
+  profile: false
+  blanklines: false
+  ignore:
+    envs: []  
 
 
 exclude:

diff --git a/_posts/2022/22-08-10-Itarian-Full-Disclosure.md b/_posts/2022/22-08-10-Itarian-Full-Disclosure.md
@@ -82,7 +82,7 @@ The Token session cookie can be retrieved by abusing the XSS vulnerability in th
 
 Creating and bypassing approval consists of multiple steps. The vulnerability is easily exploited by calling the following three API endpoints in the following order:
 1. /procedure/windows/create
-2. /procedure/windows/update/id/<id>
+2. /procedure/windows/update/id/\<id\>
 3. /procedure/run/device-all
 
 The first API call is used to create a procedure, the second is used to add arbitrary Python code and the last API call bypasses approval and pushes the procedure to all devices. These three steps have been automated in a Python POC which can be found [here](https://github.com/DIVD-NL/Itarian-2021-00037/blob/main/POC/CVE-2022-25152-POC.py)