Merge branch 'Layout-Changes' of https://github.com/bugcrowd/templates …

…into Layout-Changes
bugcrowd · Sep 29, 2024 · 4596c68 · 4596c68
2 parents 733b75b + e90b415
commit 4596c68
Show file tree

Hide file tree

Showing 7 changed files with 19 additions and 12 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -12,5 +12,7 @@ jobs:
 
     - name: Lint Markdown files
       uses: avto-dev/markdown-lint@v1
+      env: 
+        MARKDOWN_CONFIG_FILE: ".markdownlint.json"
       with:
         args: '**/*.md'
diff --git a/.markdownlint.json b/.markdownlint.json
@@ -6,5 +6,5 @@
   "line_length": false,
   "fenced-code-language": false,
   "no-emphasis-as-heading": false,
-  "blanks-around-headings": false
+  "first-line-heading": false
 }
diff --git a/README.md b/README.md
@@ -149,20 +149,20 @@ Incorrect:
 
 Incorrect:
 
-> Throughout the course of the engagement, a critical severity SQL injection was discovered in the web application (www.example.com) which could be used by an attacker to exfiltrate personally identifiable information from the backend database.
+> Throughout the course of the engagement, a critical severity SQL injection was discovered in the web application (<www.example.com>) which could be used by an attacker to exfiltrate personally identifiable information from the backend database.
 
 Correct:
 
-> An SQL injection was discovered in www.example.com allowing a malicious attacker to exfiltrate personally identifiable information.
+> An SQL injection was discovered in <www.example.com> allowing a malicious attacker to exfiltrate personally identifiable information.
 
 ### Split Up Long Sentences
 
 Incorrect:
 
-> An SQL injection was discovered in www.example.com allowing a malicious attacker to exfiltrate personally identifiable information including email addresses which would be considered a GDPR violation and poses a considerable business risk.
+> An SQL injection was discovered in <www.example.com> allowing a malicious attacker to exfiltrate personally identifiable information including email addresses which would be considered a GDPR violation and poses a considerable business risk.
 
 Correct:
-> An SQL injection was discovered in www.example.com allowing a malicious attacker to exfiltrate personally identifiable information. The retrievable data includes passwords, email addresses and full names. This poses a GDPR violation and considerable business risk.
+> An SQL injection was discovered in <www.example.com> allowing a malicious attacker to exfiltrate personally identifiable information. The retrievable data includes passwords, email addresses and full names. This poses a GDPR violation and considerable business risk.
 
 ## Acronyms
 
@@ -184,7 +184,7 @@ Incorrect: pen test, PenTest, Pen Test
 
 ## A vs. An
 
-"An" should be used when the next word starts with a consonant _sound_. Otherwise, "A" should be used.
+"An" should be used when the next word starts with a consonant *sound*. Otherwise, "A" should be used.
 
 Correct:
 

diff --git a/methodology/notes/website_testing/information.md b/methodology/notes/website_testing/information.md
@@ -1,16 +1,19 @@
 # Information gathering and Reconnaisance
 
 ## Tools used
+
 <!--
 Provide a 1-2 sentence overview of the tools you used to do information gathering and recon, and how you used those tools
 -->
 
 ## Attack Surface Summary
+
 <!--
 Provide a 1-2 sentence overview of the attack surface you discovered
 -->
 
 ## What is done well
+
 <!--
 Provide a 1-2 sentence overview of what the application does well, where it seems most robust and well-designed
 -->
diff --git a/spec/bugcrowd_templates_spec.rb b/spec/bugcrowd_templates_spec.rb
@@ -70,15 +70,15 @@
         let!(:file_name) { 'template' }
 
         it 'returns the bugcrowd template value as string' do
-          is_expected.to include('# Outdated Software Version')
+          is_expected.to include('Outdated Software Version')
         end
 
         context 'when file_name with multiple options' do
           context 'file_name as template' do
             let!(:file_name) { 'template' }
 
             it 'returns the bugcrowd template value as string' do
-              is_expected.to include('# Outdated Software Version')
+              is_expected.to include('Outdated Software Version')
             end
           end
 
@@ -113,7 +113,7 @@
             let!(:file_name) { 'template' }
 
             it 'returns the bugcrowd template value as string' do
-              is_expected.to include('# Outdated Software Version')
+              is_expected.to include('Outdated Software Version')
             end
           end
 
@@ -159,7 +159,7 @@
           let!(:file_name) { 'template' }
 
           it 'returns the template defined in the subcategory folder' do
-            is_expected.to include('# Clickjacking')
+            is_expected.to include('Clickjacking')
           end
         end
 
@@ -170,7 +170,7 @@
           let!(:file_name) { 'template' }
 
           it 'returns the template defined in the subcategory folder' do
-            is_expected.to include('# Clickjacking')
+            is_expected.to include('Clickjacking')
           end
         end
 
@@ -181,7 +181,7 @@
           let!(:file_name) { 'template' }
 
           it 'returns the template defined in the subcategory folder' do
-            is_expected.to include('# Outdated Software Version')
+            is_expected.to include('Outdated Software Version')
           end
         end
 

diff --git a/...ription/lack_of_binary_hardening/lack_of_jailbreak_detection/recommendations.md b/...ription/lack_of_binary_hardening/lack_of_jailbreak_detection/recommendations.md
@@ -1,4 +1,5 @@
 # Recommendation(s)
+
 It is recommended to implement exploit mitigation controls within the application that prevent an attacker from analyzing, reverse engineering, or performing unauthorized code modifications. This can include leveraging jailbreak detection frameworks and libraries specifically designed to identify jailbroken (or rooted Android) devices. A good framework will monitor the runtime environment and check for the presence of known jailbreak files and directories. 
 
 For further information, please refer to:

diff --git a/submissions/description/server_side_injection/ldap_injection/template.md b/submissions/description/server_side_injection/ldap_injection/template.md
@@ -1,5 +1,6 @@
 
 #### Business Impact
+
 LDAP injection vulnerabilities can lead to reputational damage through the impact to customers’ trust, or to regulatory fines due to an attacker’s unauthorized access to data. The severity of the impact to the business is dependent on the sensitivity of the data being stored in, and transmitted by the application.
 
 #### Steps to Reproduce