Fix report module to handle italics and multiline processing in policy description

PowerShell/ScubaGear/Modules/CreateReport/CreateReport.psm1

@@ -265,7 +265,6 @@ function Import-SecureBaseline{
 
                 # Iterate over matched policy ids found
                 foreach ($LineNumber in $LineNumbers) {
-
                     $Value = [System.Net.WebUtility]::HtmlEncode($Value)
                     $Id = [string]$MdLines[$LineNumber].Substring(5)
 
@@ -283,6 +282,7 @@ function Import-SecureBaseline{
                     $MaxLineSearch = 20;
                     $Value = ([string]$MdLines[$LineNumber+$LineAdvance]).Trim()
                     $IsMalformedDescription = $false
+                    $IsList = $false
 
                     try {
                         if ([string]::IsNullOrWhiteSpace($Value)){
@@ -300,8 +300,20 @@ function Import-SecureBaseline{
                                 # Reached Criticality comment so policy description is complete.
                                 break
                             }
+
+                            # Policy description contains a list assuming list is denoted by a colon character.
+                            if ($Value[-1] -eq ":") {
+                                $isList = $true
+                            }
+
                             if (-not [string]::IsNullOrWhiteSpace([string]$MdLines[$LineNumber+$LineAdvance])) {
-                                $Value += "`n" + ([string]$MdLines[$LineNumber+$LineAdvance]).Trim()
+                                # List case, use newline character between value text
+                                if ($isList) {
+                                    $Value += "`n" + ([string]$MdLines[$LineNumber+$LineAdvance]).Trim()
+                                }
+                                else { # Value ending with newline char, use whitespace character between value text
+                                    $Value += " " + ([string]$MdLines[$LineNumber+$LineAdvance]).Trim()
+                                }
                             }
 
                             if ($LineAdvance -gt $MaxLineSearch){
@@ -310,6 +322,12 @@ function Import-SecureBaseline{
                             }
                         }
 
+                        # Description italics substitution
+                        $Value = Resolve-HTMLMarkdown -OriginalString $Value -HTMLReplace "italic"
+
+                        # Description bold substitution
+                        $Value = Resolve-HTMLMarkdown -OriginalString $Value -HTMLReplace "bold"
+
                         $Group.Controls += @{"Id"=$Id; "Value"=$Value; "Deleted"=$Deleted; MalformedDescription=$IsMalformedDescription}
                     }
                     catch {
@@ -352,6 +370,32 @@ function New-MarkdownAnchor{
     }
 }
 
+function Resolve-HTMLMarkdown{
+    param (
+        [Parameter(Mandatory = $true)]
+        [ValidateNotNullOrEmpty()]
+        [string]
+        $OriginalString,
+        [Parameter(Mandatory = $true)]
+        [ValidateNotNullOrEmpty()]
+        [string]
+        $HTMLReplace
+    )
+
+    # Replace markdown with italics substitution
+    if ($HTMLReplace.ToLower() -match "italic") {
+        $ResolvedString = $OriginalString -replace '(_)([^\v][^_]*[^\v])?(_)', '<i>${2}</i>'
+        return $ResolvedString
+    } elseif($HTMLReplace.ToLower() -match "bold") {
+        $ResolvedString = $OriginalString -replace '(\*\*)(.*?)(\*\*)', '<b>${2}</b>'
+        return $ResolvedString
+    } else {
+        $InvalidHTMLReplace = New-Object System.ArgumentException "$HTMLReplace is not valid"
+        throw $InvalidHTMLReplace
+        return $OriginalString
+    }
+}
+
 Export-ModuleMember -Function @(
     'New-Report',
     'Import-SecureBaseline'

PowerShell/ScubaGear/Testing/Unit/PowerShell/CreateReport/Resolve-HTMLMarkdown.Tests.ps1

@@ -0,0 +1,40 @@
+$CreateReportModulePath = Join-Path -Path $PSScriptRoot -ChildPath "../../../../Modules/CreateReport/CreateReport.psm1"
+Import-Module $CreateReportModulePath -Force
+
+InModuleScope CreateReport {
+    Describe -Tag "Resolve-HTMLMarkdown" -name "Parameter error handling" {
+        It "Empty original string" {
+            {Resolve-HTMLMarkdown -OriginalString "" -HTMLReplace "italic"} |
+                Should -Throw -Because "Invalid OriginalString parameter"
+        }
+        It "Empty html replacement string" {
+            {Resolve-HTMLMarkdown -OriginalString "A valid string" -HTMLReplace ""} |
+                Should -Throw -Because "Invalid HTMLReplace parameter"
+        }
+        It "Null original string" {
+            {Resolve-HTMLMarkdown -OriginalString $null -HTMLReplace "italic"} |
+                Should -Throw -Because "Invalid OriginalString parameter"
+        }
+        It "Null html replacement string" {
+            {Resolve-HTMLMarkdown -OriginalString "A valid string" -HTMLReplace $null} |
+                Should -Throw -Because "Invalid HTMLReplace parameter"
+        }
+        It "Bad html replacement string" {
+            {Resolve-HTMLMarkdown -OriginalString "A valid string" -HTMLReplace "underline"} |
+                Should -Throw -ExceptionType ArgumentException
+        }
+    }
+
+    Describe -tag "Resolve-HTMLMarkdown" -name 'Test resolve HTML Markdown in baseline descriptions' {
+        It "Test Valid html markdown resolution: <OriginalString> <HTMLReplace>" -ForEach @(
+            @{ OriginalString = "_A test string._"; HTMLReplace = "italic"; HTMLTranslation = "<i>A test string.</i>"},
+            @{ OriginalString = "**A test string.**"; HTMLReplace = "bold"; HTMLTranslation = "<b>A test string.</b>"}
+        ){
+            $ResolvedString = Resolve-HTMLMarkdown -OriginalString $OriginalString -HTMLReplace $HTMLReplace
+            $ResolvedString -eq $HTMLTranslation | Should -BeTrue
+        }
+    }
+    AfterAll {
+        Remove-Module CreateReport -ErrorAction SilentlyContinue
+        }
+    }

baselines/aad.md

@@ -366,7 +366,7 @@ Security logs SHALL be sent to the agency's security operations center for monit
 
 #### MS.AAD.4.1v1 Instructions
 
-Follow the configuration instructions unique to the products and integration patterns at your organization to send the security logs to the security operations center for monitoring. 
+Follow the configuration instructions unique to the products and integration patterns at your organization to send the security logs to the security operations center for monitoring.
 
 ## 5. Application Registration and Consent
 
@@ -524,7 +524,7 @@ Permanent active role assignments SHALL NOT be allowed for highly privileged rol
 - _Rationale:_ Instead of giving users permanent assignments to privileged roles, provisioning access just in time lessens exposure if those accounts become compromised. In Azure AD PIM or an alternative PAM system, just in time access can be provisioned by assigning users to roles as eligible instead of perpetually active.
 - _Last modified:_ June 2023
 - _Note:_ Exceptions to this policy are:
-  - Emergency access accounts that need perpetual access to the tenant in the rare event of system degradation or other scenarios. 
+  - Emergency access accounts that need perpetual access to the tenant in the rare event of system degradation or other scenarios.
   - Some types of service accounts that require a user account with privileged roles; since these accounts are used by software programs, they cannot perform role activation.
 
 #### MS.AAD.7.5v1

baselines/defender.md

@@ -569,7 +569,7 @@ See [MS.DEFENDER.4.1v1 Instructions](#msdefender41v1-instructions) steps
 1. Sign in to the **Microsoft Purview compliance portal**.
 
 2. Under **Solutions**, select **Data loss prevention**.
-  
+
 3. Go to **Endpoint DLP Settings**.
 
 4. Go to **Restricted apps and app groups**.