Report flaws

[madelondohmen]

Changes

• Fixes the duplicate recommendations (Aggregate report, Chapter 1)
• Fixes the duplicate compliance issues (Ciphers - Compliance issues table)
• Adds unique description to the three Cipher findings
• Fixes the empty host (Aggregate report, Vulnerabilities)

Issue link

Closes #3837

Demo

Please add some proof in the form of screenshots or screen recordings to show (off) new functionality, if there are interesting new features for end-users.

QA notes

Please add some information for QA on how to test the newly created code.

---

Code Checklist

• All the commits in this PR are properly PGP-signed and verified.
• This PR only contains functionality relevant to the issue.
• I have written unit tests for the changes or fixes I made.
• I have checked the documentation and made changes where necessary.
• I have performed a self-review of my code and refactored it to the best of my abilities.

• Tickets have been created for newly discovered issues.
• For any non-trivial functionality, I have added integration and/or end-to-end tests.
• I have informed others of any required .env changes files if required and changed the .env-dist accordingly.
• I have included comments in the code to elaborate on what is not self-evident from the code itself, including references to issues and discussions online, or implicit behavior of an interface.

---

Checklist for code reviewers:

Copy-paste the checklist from the docs/source/templates folder into your comment.

---

Checklist for QA:

Copy-paste the checklist from the docs/source/templates folder into your comment.

[stephanie0x00]

Checklist for QA:

• I have checked out this branch, and successfully ran a fresh make reset.
• I confirmed that there are no unintended functional regressions in this branch:
  • I have managed to pass the onboarding flow
  • Objects and Findings are created properly
  • Tasks are created and completed properly
• I confirmed that the PR's advertised feature or hotfix works as intended.
• I checked the logs for errors and/or warnings and made issues where necessary

What works:

Improvement on what it was. Some minor changes should be made, as shown below.

What doesn't work:

Apparently we show Finding recommendations if those are available and otherwise show the Finding Type recommendations. Since searching for some of these recommendations in the kat_findings_types file give no results.

Some textual changes below for the report I checked.

Bug or feature?:

Generate a SSL certificate for this web server..... -> Generate SSL certificates for web servers that do not use secure connections to offer confidentiality and integrity to users and data.

"1. Set the Content-Security-Policy HTTP header in all HTTP answers. 2. Make sure that when the Content Security Policy is violated by a browser, that this violation is logged and monitored. Point the content security violation variable report-uri to a server-side log script. 3. Implement a process that periodically analyses these logs for programming errors and hack attacks." -> remove the numbers.

"Determine if this port should be reachable from the identified location. Limit access to reduce the attack surface if necessary." -> Determine if the open system administrator port should be reachable...

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud