Remediation Steps in Output are Formatted as Double Numbered List

Question

Remediation Steps in Output are Formatted as Double Numbered List

Closed this issue 3 months ago · 5 comments

TL;DR

After running a scan, the remediation steps for a particular finding are double numbered. For example:

Remediation Steps:

Note: The remediation steps apply to legacy branch protections, rules set-based protection should be updated from the rules set page

Make sure you have admin permissions

Go to the repo's settings page

Enter 'Branches' tab

Under 'Branch protection rules'

Click 'Edit' on the default branch rule

Check 'Require a pull request before merging'

Check 'Require approvals'

Set 'Required number of approvals before merging' to 1 or more

Click 'Save changes'

Expected behavior

Only a single numbered list (like in v1.0.7)

Observed behavior

Remediation steps are double numbered

Version

1.0.8

On which operating system are you using legitify?

Linux

Relevant log output

No response

Additional information

Did not experience this in v1.0.7

Answer 1 · 2024-06-06T21:35:08.000Z

Thanks @ajh-

Did this happen for only one policy?
Can you paste a few lines above the remediation steps (starting from the policy title)
Can you attach logs?

Answer 2 · 2024-06-11T09:34:41.000Z

@ajh- thanks to @sagic-orca your bug was fixed in version 1.0.9.

Answer 3 · 2024-06-11T13:39:55.000Z

@royb-legit @sagic-orca thanks for taking this on. I should've been more specific upfront. This happens for all policies when outputted as markdown. Unfortunately, just tested v1.0.9 and still have the same issue.

I'm assuming applying @sagic-orca's fix to formatter_markdown.go should also remediate my current issue?

Answer 4 · 2024-06-13T13:30:49.000Z

@ajh- thanks for resurfacing this.
Version 1.0.10 should fix it, could you please check it?

Answer 5 · 2024-06-14T13:33:33.000Z

@royb-legit Perfect, just tested it and it looks like it is fixed. Thanks!

I will add, with this formatting update, the blockquote section is now displayed as multiple sections instead of being one contiguous section. Not the end of the world, but just wanted to let you know.

For example:

Default Branch Should Require Code Review ⛔

In order to comply with separation of duties principle and enforce secure code practices, a code review should be mandatory using the source-code-management system's built-in enforcement. This option is found in the branch protection setting of the repository.

Policy Name: code_review_not_required
Namespace: repository
Severity: HIGH ⛔

Threat:

Users can merge code without being reviewed, which can lead to insecure code reaching the main branch and production.

Remediation Steps:

Note: The remediation steps apply to legacy branch protections, rules set-based protection should be updated from the rules set page

Make sure you have admin permissions

Go to the repo's settings page

Enter 'Branches' tab

Under 'Branch protection rules'

Click 'Edit' on the default branch rule

Check 'Require a pull request before merging'

Check 'Require approvals'

Set 'Required number of approvals before merging' to 1 or more

Click 'Save changes'

Violations:

Link to repository: https://test.com/test
Auxiliary Info:

Entity Id: 77

Entity Name: test