correct test

GSA · Nov 27, 2024 · 2c19c60 · 2c19c60
1 parent 1a7c908
commit 2c19c60
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 10 deletions.
diff --git a/src/validations/constraints/content/ssp-all-VALID.xml b/src/validations/constraints/content/ssp-all-VALID.xml
@@ -315,7 +315,7 @@
         </remarks>
       </prop>
      <status state="operational"/>
-       <responsible-role role-id="provider">
+      <responsible-role role-id="provider">
         <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
       </responsible-role>
     </component>
@@ -333,6 +333,9 @@
         </remarks>
       </prop>
       <status state="operational"/>
+      <responsible-role role-id="provider">
+        <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+      </responsible-role>
       <responsible-role role-id="system-admin">
         <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
       </responsible-role>
@@ -355,6 +358,9 @@
         </remarks>
       </prop>
       <status state="operational"/>
+      <responsible-role role-id="provider">
+        <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+      </responsible-role>
     </component>
 
     <inventory-item uuid="77777777-0000-4000-9000-000000000007">

diff --git a/...lidations/constraints/content/ssp-component-responsible-role-references-party-INVALID.xml b/...lidations/constraints/content/ssp-component-responsible-role-references-party-INVALID.xml
@@ -1,11 +1,5 @@
 <system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/1.0 https://github.com/usnistgov/OSCAL/releases/download/v1.1.2/oscal_ssp_schema.xsd" uuid="12345678-1234-4321-8765-123456789012">
   <metadata>
-  <!-- There are two parties with the same uuid. The count should be 1. -->
-    <party uuid="11111111-0000-4000-9000-000000000001" type="organization">
-      <name>Example Organization</name>
-      <short-name>ExOrg</short-name>
-      <link rel="website" href="https://example.com"/>
-    </party>
     <party uuid="11111111-0000-4000-9000-000000000001" type="organization">
       <name>Example Organization</name>
       <short-name>ExOrg</short-name>
@@ -16,7 +10,9 @@
     <component uuid="6ac88fd2-7c7b-4357-af2e-f22ccd3ead26" type="system">
       <prop name="leveraged-authorization-uuid" value="233e0f09-fe5e-47e2-bca3-5f32df75e57a"/>
       <responsible-role role-id="provider">
+        <!-- There are two parties referenced. The count should be 1. -->
         <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+        <party-uuid>11111111-0000-4000-9000-000000000002</party-uuid>
       </responsible-role>
     </component>
   </system-implementation>

diff --git a/src/validations/constraints/fedramp-external-constraints.xml b/src/validations/constraints/fedramp-external-constraints.xml
@@ -76,19 +76,17 @@
     <context>
         <metapath target="/system-security-plan"/>
         <constraints>
-            <let var="all-parties" expression="//party"/>
             <let var="authorization-boundary-link" expression="system-characteristics/authorization-boundary/diagram/link/@href"/>
             <let var="data-flow-link" expression="system-characteristics/data-flow/diagram/link/@href"/>
             <let var="network-architecture-link" expression="system-characteristics/network-architecture/diagram/link/@href"/>
             <let var="import-profile-href" expression="import-profile/@href"/>
-            <let var="provider-role-party-uuid" expression="//component[(@type='system' and ./prop[@name='leveraged-authorization-uuid']) or (@type='service' and not(./prop[@name='leveraged-authorization-uuid']) and ./prop[@name='implementation-point' and @value='external']) or (@type='interconnection') or (@type='service' and ./prop[@name='implementation-point' and @value='internal'] and ./prop[@name='direction']) or (@type='software' and ./prop[@name='asset-type' and @value='cli'] and ./prop[@name='direction'])]/responsible-role[@role-id='provider']/party-uuid"/>
             <let var="resolved-import-profile-href" expression="if (starts-with($import-profile-href, '#')) then back-matter/resource[@uuid = substring($import-profile-href, 2)]/rlink/@href else $import-profile-href"/>
             <expect id="component-has-authentication-method" target="//component[(@type='system' and ./prop[@name='leveraged-authorization-uuid']) or (@type='service' and not(./prop[@name='leveraged-authorization-uuid']) and ./prop[@name='implementation-point' and @value='external']) or (@type='interconnection') or (@type='service' and ./prop[@name='implementation-point' and @value='internal'] and ./prop[@name='direction']) or (@type='software' and ./prop[@name='asset-type' and @value='cli'] and ./prop[@name='direction'])]" test="count(prop[@ns='https://fedramp.gov/ns/oscal' and @name='authentication-method']) >= 1" level="ERROR">
                 <formal-name>Component Has Authentication Method</formal-name>
                 <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#leveraged-fedramp-authorized-services"/>
                 <message>A FedRAMP SSP MUST include at least one authentication method for each leveraged system.</message>
             </expect>
-            <expect id="component-responsible-role-references-party" target="." test="count($all-parties[@uuid = $provider-role-party-uuid]) = 1" level="ERROR">
+            <expect id="component-responsible-role-references-party" target="//component[(@type='system' and ./prop[@name='leveraged-authorization-uuid']) or (@type='service' and not(./prop[@name='leveraged-authorization-uuid']) and ./prop[@name='implementation-point' and @value='external']) or (@type='interconnection') or (@type='service' and ./prop[@name='implementation-point' and @value='internal'] and ./prop[@name='direction']) or (@type='software' and ./prop[@name='asset-type' and @value='cli'] and ./prop[@name='direction'])]" test="count(responsible-role[@role-id='provider']/party-uuid) = 1" level="ERROR">
                 <formal-name>Component Responsible Role References Party</formal-name>
                 <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#leveraged-fedramp-authorized-services"/>
                 <message>Each component dealing with leveraged systems, interconnections, or authorized services MUST have a "provider" responsible-role that references exactly one valid party.</message>