Typo fixes, CSS bug fixes, course suggestions

[jtquach1]

Here is a list of inconsistencies I found:

1. The table under "Defaults" has a table row that is green/transparent to the background component, but the other table rows are opaque and light gray. Url: https://mitre.github.io/saf-training/courses/user/06.html#_6-2-the-inspec-command-formula
2. Inconsistent acronym spelling: "saf hardening page" should say "SAF hardening page" ("SAF" is previously used in that section). Url: https://mitre.github.io/saf-training/courses/user/10.html#_10-1-find-the-hardening-content
3. Unclear as to where tree nginx is executed. Url: https://mitre.github.io/saf-training/courses/beginner/02.html#inspec-profile-structure
4. "For our next control we require specific modules" doesn't end with a period- was there supposed to be a list or should this have ended with a period? Url: https://mitre.github.io/saf-training/courses/beginner/06.html#refactoring-the-code-to-use-inputs
5. The comment on line 1 says SHA12 instead of SHA512 (the preceding paragraph refers to SHA512). Url: https://mitre.github.io/saf-training/courses/beginner/07.html#expect-syntax-and-password-hashes
6. Says "json". Url: https://mitre.github.io/saf-training/courses/beginner/09.html#heimdall-lite
7. Expand on acronyms. Url: https://deploy-preview-155--mitre-saf-training.netlify.app/courses/mappers/03.html#what-is-the-security-automation-framework
8. Says "Typescript". Url: https://deploy-preview-155--mitre-saf-training.netlify.app/courses/mappers/09.html#reference-existing-solutions
9. All of the code blocks in light mode use white text instead of black text. Url: https://deploy-preview-155--mitre-saf-training.netlify.app/courses/mappers/05.html
10. Modify the comment under "Remaining Gosec source data", which says "How sure that the identified issue if applicable", under the Issues.severity. Url: https://deploy-preview-155--mitre-saf-training.netlify.app/courses/mappers/11.html#mapping-version-1
11. Says "note that these mapping are informal". Url: https://deploy-preview-155--mitre-saf-training.netlify.app/courses/mappers/11.html#mapping-version-1-1
12. Extra period in the skeleton convert command file under "Integration" step 1; const converter = new Mapper(input, flags.['with-raw']). Url: https://deploy-preview-155--mitre-saf-training.netlify.app/courses/mappers/16.html#integration
13. This says "generated by HDF converters". Url: https://deploy-preview-155--mitre-saf-training.netlify.app/courses/mappers/06.html#profiles
14. The Skeleton Convert Command File contains SonarCloud code smells on the variables that are prefixed with the static token.
15. There is another switch block that needs to be edited parallel of step 4 under Integration. This switch block is inside the Convert.run() method.
16. There is a code typo in the JSON Mapper Skeleton under the Mapper File section of Implementing a Mapper.
17. There should be an additional step regarding changes to make in the relevant Vue.js frontend component that refers to Heimdall2's supported mappers, perhaps after the Fingerprinting section.

Potential solutions:

1. Change the transparent table row to white
2. Change "saf" to "SAF"
3. Do pwd and list the directory where tree nginx is executed
4. Terminate the sentence accordingly or remove it
5. Change "SHA12" to "SHA512"
6. Change "json" to "JSON"
7. Provide definitions for acronyms- ATO - authority/authorization to operate (?), POAM - plan of action and milestones, eMASS - enterprise mission assurance support service
8. Change to "TypeScript"
9. Fix CSS style for table
10. Change "if" to "is"
11. Change "mapping" to "mappings"
12. Remove period right after flags
13. Change to "OHDF"?
14. Update the skeleton convert command file like so:

import {Command, Flags} from '@oclif/core'
import fs from 'fs'
import {SKELETONMapper as Mapper} from '@mitre/hdf-converters'
import {checkInput, checkSuffix} from '../../utils/global'

export default class SKELETON2HDF extends Command {
  readonly static usage = 'convert SKELETON2hdf -i <SKELETON-json> -o <hdf-scan-results-json>'

  readonly static description = 'Translate a SKELETON output file into an HDF results set'

  readonly static examples = ['saf convert SKELETON2hdf -i SKELETON.json -o output-hdf-name.json']

  readonly static flags = {
    help: Flags.help({char: 'h'}),
    input: Flags.string({char: 'i', required: true, description: 'Input SKELETON file'}),
    output: Flags.string({char: 'o', required: true, description: 'Output HDF file'}),
    'with-raw': Flags.boolean({char: 'w', required: false}),
  }

  async run() {
    const {flags} = await this.parse(SKELETON2HDF)
    const input = fs.readFileSync(flags.input, 'utf8')
    checkInput(
      {data: input, filename: flags.input},
      'SKELETON_DATA',
      'SKELETON results JSON',
    )

    const converter = new Mapper(input, flags.['with-raw'])
    fs.writeFileSync(checkSuffix(flags.output), JSON.stringify(converter.toHdf()))
  }
}

15. Inject a step 5 in-between the current steps 4 and 5 under the Integration section. Suggestion of what to write:

Under the switch block in the run method, add your mapper class like so:

switch (Convert.detectedType) {
  ...
  case {YOUR-EXPORT-SERVICE-NAME-HERE}: {
    converter = new {YOUR-CLI-CONVERT-CLASS}(fs.readFileSync(flags.input, 'utf8'))
    fs.writeFileSync(
      checkSuffix(flags.output),
      JSON.stringify(converter.toHdf(), null, 2),
    )
    break
  }
  ...
}

16. Change this code

  constructor(exportJson: string, withRaw = false) {
    super(JSON.parse(exportJson), true);
    this.withRaw = withRaw;
  }

to

  constructor(exportJson: string, withRaw = false) {
    super(JSON.parse(exportJson));
    this.withRaw = withRaw;
  }

17. Make these changes under the Fingerprinting section:

Frontend changes

Update apps/frontend/src/components/global/upload_tabs/FileReader.vue with a bullet point referring to your mapper by its formal name, like so:

<li>{SKELETON}</li>

Related GitHub PR: #155

[jtquach1]

Note: if mitre/saf#2915 gets merged in before this list gets tackled, the example code in items 14-15 above should be updated accordingly.

[p-oneil]

Beginner course recommendations implemented (3-6)
#261

[jtquach1]

Updating the list with a comment here:
18. These markdown files
saf-training/src/courses/advanced/09.md
saf-training/src/courses/advanced/10.md
saf-training/src/courses/advanced/11.md
all refer to actions/checkout@v3 and actions/upload-artifact@v3. Should this be updated to actions/checkout@v4 and actions/upload-artifact@v4? Jan 30 2025, since actions v3 will be closed down.
19. saf-training/src/courses/advanced/10.md has a typo on line 15, Gitub (should be GitHub)

[jtquach1]

Updating the list with a comment here: 18. These markdown files saf-training/src/courses/advanced/09.md saf-training/src/courses/advanced/10.md saf-training/src/courses/advanced/11.md all refer to actions/checkout@v3 and actions/upload-artifact@v3. Should this be updated to actions/checkout@v4 and actions/upload-artifact@v4? Jan 30 2025, since actions v3 will be closed down. 19. saf-training/src/courses/advanced/10.md has a typo on line 15, Gitub (should be GitHub)

I updated the actions-related strings in #299 (as part of the actions v4 and under->v4 PR) @p-oneil but not the GitHub typo

[jtquach1]

Whoops, meant to say artifact actions (not the checkout action)