From f1a1ca9c7be15c9cb66ed9d44790098c670043d9 Mon Sep 17 00:00:00 2001
From: Admin MPCZ <admin@mpcz.fr>
Date: Wed, 15 Apr 2026 15:40:04 +0200
Subject: [PATCH] Qualys Tags V3: unescape entites XML dans ruleText/name

Qualys renvoie les entites XML dans ruleText deja echappees (Bip&amp;Go,
&lt;?xml...). Jinja auto-escape les ressortait en double (&amp;lt;...).
Unescape iteratif (jusqu'a 3 passes) pour couvrir le double-escape.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 app/services/qualys_tags_service.py | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/app/services/qualys_tags_service.py b/app/services/qualys_tags_service.py
index f292fd4..26031a5 100644
--- a/app/services/qualys_tags_service.py
+++ b/app/services/qualys_tags_service.py
@@ -44,10 +44,18 @@ def _qualys_post(db, endpoint, payload, timeout=60):
 
 
 def _parse_xml_text(text_block, tag):
-    """Extrait <tag>valeur</tag> (premier match)."""
-    import re
+    """Extrait <tag>valeur</tag>, unescape entites (boucle si double-escape Qualys)."""
+    import re, html
     m = re.search(f"<{tag}>(.*?)</{tag}>", text_block, re.DOTALL)
-    return m.group(1).strip() if m else ""
+    if not m:
+        return ""
+    v = m.group(1).strip()
+    for _ in range(3):
+        u = html.unescape(v)
+        if u == v:
+            break
+        v = u
+    return v
 
 
 def list_qualys_tags(db):