-
Notifications
You must be signed in to change notification settings - Fork 92
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix conflicting negative test case content
- Loading branch information
Showing
3 changed files
with
273 additions
and
25 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
272 changes: 272 additions & 0 deletions
272
src/validations/constraints/content/ssp-responsible-party-is-person-INVALID.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,272 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0" | ||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/1.0 https://github.com/usnistgov/OSCAL/releases/download/v1.1.2/oscal_ssp_schema.xsd" | ||
uuid="12345678-1234-4321-8765-123456789012"> | ||
<metadata> | ||
<title>Enhanced Example System Security Plan</title> | ||
<published>2024-08-01T14:30:00Z</published> | ||
<last-modified>2024-08-01T14:30:00Z</last-modified> | ||
<version>1.1</version> | ||
<oscal-version>1.0.0</oscal-version> | ||
<document-id scheme="https://example.com/identifiers">SSP-2024-002</document-id> | ||
|
||
<role id="creator"> | ||
<title>Document Creator</title> | ||
</role> | ||
<role id="content-approver"> | ||
<title>Content Approver</title> | ||
</role> | ||
<role id="system-admin"> | ||
<title>System Administrator</title> | ||
</role> | ||
<role id="asset-owner"> | ||
<title>Asset Owner</title> | ||
</role> | ||
<role id="system-owner"> | ||
<title>Information System Owner</title> | ||
<description> | ||
<p>The individual within the CSP who is ultimately accountable for everything related to this system.</p> | ||
</description> | ||
</role> | ||
<role id="authorizing-official"> | ||
<title>Authorizing Official</title> | ||
<description> | ||
<p>The individual or individuals who must grant this system an authorization to operate.</p> | ||
</description> | ||
</role> | ||
<role id="authorizing-official-poc"> | ||
<title>Authorizing Official's Point of Contact</title> | ||
<description> | ||
<p>The individual representing the authorizing official.</p> | ||
</description> | ||
</role> | ||
<role id="system-poc-management"> | ||
<title>Information System Management Point of Contact (POC)</title> | ||
<description> | ||
<p>The highest level manager who responsible for system operation on behalf of the System Owner.</p> | ||
</description> | ||
</role> | ||
<role id="system-poc-technical"> | ||
<title>Information System Technical Point of Contact</title> | ||
<description> | ||
<p>The individual or individuals leading the technical operation of the system.</p> | ||
</description> | ||
</role> | ||
<role id="system-poc-other"> | ||
<title>General Point of Contact (POC)</title> | ||
<description> | ||
<p>A general point of contact for the system, designated by the system owner.</p> | ||
</description> | ||
</role> | ||
<role id="information-system-security-officer"> | ||
<title>System Information System Security Officer (or Equivalent)</title> | ||
<description> | ||
<p>The individual accountable for the security posture of the system on behalf of the system owner.</p> | ||
</description> | ||
</role> | ||
<location uuid="11111112-0000-4000-9001-000000000009"> | ||
<address > | ||
<country>WRONG</country> | ||
</address> | ||
<prop name='data-center' value='dc-zone-1' class='tertiary' ns="https://fedramp.gov/ns/oscal"/> | ||
</location> | ||
<party uuid="11111111-0000-4000-9000-000000000001" type="organization"> | ||
<name>Example Organization</name> | ||
<short-name>ExOrg</short-name> | ||
<link rel="website" href="https://example.com"/> | ||
<address type="unsupported-type" /> | ||
</party> | ||
<party uuid="22222222-0000-4000-9000-000000000002" type="person"> | ||
<name>Jane Doe</name> | ||
<email-address>[email protected]</email-address> | ||
<address type="unsupported-type" /> | ||
</party> | ||
|
||
<responsible-party role-id="creator"> | ||
<party-uuid>11111111-0000-4000-9000-000000000001</party-uuid> | ||
</responsible-party> | ||
<responsible-party role-id="content-approver"> | ||
<party-uuid>22222222-0000-4000-9000-000000000002</party-uuid> | ||
</responsible-party> | ||
|
||
<responsible-party role-id="system-owner"> | ||
<party-uuid>11111111-0000-4000-9000-000000000001</party-uuid> | ||
</responsible-party> | ||
<responsible-party role-id="authorizing-official"> | ||
<party-uuid>11111111-0000-4000-9000-000000000001</party-uuid> | ||
</responsible-party> | ||
<responsible-party role-id="authorizing-official-poc"> | ||
<party-uuid>11111111-0000-4000-9000-000000000001</party-uuid> | ||
</responsible-party> | ||
<responsible-party role-id="system-poc-management"> | ||
<party-uuid>11111111-0000-4000-9000-000000000001</party-uuid> | ||
</responsible-party> | ||
<responsible-party role-id="system-poc-technical"> | ||
<party-uuid>11111111-0000-4000-9000-000000000001</party-uuid> | ||
</responsible-party> | ||
<responsible-party role-id="system-poc-other"> | ||
<party-uuid>11111111-0000-4000-9000-000000000001</party-uuid> | ||
</responsible-party> | ||
<responsible-party role-id="information-system-security-officer"> | ||
<party-uuid>11111111-0000-4000-9000-000000000001</party-uuid> | ||
</responsible-party> | ||
|
||
<remarks> | ||
<p>This SSP is an example for demonstration purposes.</p> | ||
</remarks> | ||
</metadata> | ||
|
||
<import-profile href="https://raw.githubusercontent.com/GSA/fedramp-automation/master/dist/content/rev5/baselines/xml/FedRAMP_rev5_HIGH-baseline-resolved-profile_catalog.xml"/> | ||
|
||
<system-characteristics> | ||
<system-id identifier-type="https://fedramp.gov">F00000001</system-id> | ||
<system-name>Enhanced Example System</system-name> | ||
<description> | ||
<p>This is an enhanced example system for demonstration purposes, incorporating more FedRAMP-specific elements.</p> | ||
</description> | ||
<prop name='cloud-service-model' value='unsupported-model' ns="https://fedramp.gov/ns/oscal"/> | ||
<prop name='cloud-deployment-model' value='unsupported-value' ns="https://fedramp.gov/ns/oscal"/> | ||
<prop name='authorization-type' value='unsupported-value' ns="https://fedramp.gov/ns/oscal"/> | ||
<security-sensitivity-level>moderate</security-sensitivity-level> | ||
<system-information> | ||
<information-type uuid="33333333-0000-4000-9000-000000000003"> | ||
<title>Financial Information</title> | ||
<description> | ||
<p>Contains sensitive financial data related to organizational operations.</p> | ||
</description> | ||
<categorization system="https://unsupported-system.com"> | ||
<!-- Removed information-type-id to ensure that categorization-has-information-type-id fails correctly. --> | ||
</categorization> | ||
<confidentiality-impact> | ||
<base>high</base> | ||
</confidentiality-impact> | ||
<integrity-impact> | ||
<base>moderate</base> | ||
</integrity-impact> | ||
<availability-impact> | ||
<base>low</base> | ||
</availability-impact> | ||
</information-type> | ||
</system-information> | ||
|
||
<security-impact-level> | ||
<security-objective-confidentiality>moderate</security-objective-confidentiality> | ||
<security-objective-integrity>moderate</security-objective-integrity> | ||
<security-objective-availability>moderate</security-objective-availability> | ||
</security-impact-level> | ||
|
||
<status state="operational"/> | ||
|
||
<authorization-boundary> | ||
<description> | ||
<p>The authorization boundary includes all components within the main data center and the disaster recovery site.</p> | ||
</description> | ||
</authorization-boundary> | ||
</system-characteristics> | ||
|
||
<system-implementation> | ||
<user uuid="44444444-0000-4000-9000-000000000004"> | ||
<title>System Administrator</title> | ||
<prop name="type" value="unsupported-type"/> | ||
<prop name="privilege-level" value="unsupported-access-type"/> | ||
<role-id>system-admin</role-id> | ||
</user> | ||
|
||
<component uuid="55555555-0000-4000-9000-000000000005" type="unsupported-component-type"> | ||
<title>Primary Application Server</title> | ||
<description> | ||
<p>Main application server hosting the core system functionality.</p> | ||
</description> | ||
<purpose>main line</purpose> | ||
<status state="operational"/> | ||
<responsible-role role-id="system-admin"> | ||
<party-uuid>11111111-0000-4000-9000-000000000001</party-uuid> | ||
</responsible-role> | ||
<remarks> | ||
<p>This is the primary application server for the system.</p> | ||
</remarks> | ||
</component> | ||
|
||
<component uuid="66666666-0000-4000-9000-000000000006" type="interconnection"> | ||
<title>External API Connection</title> | ||
<description> | ||
<p>Secure connection to an external API for data enrichment.</p> | ||
</description> | ||
<prop name="interconnection-direction" value="unsupported-direction" ns="https://fedramp.gov/ns/oscal"/> | ||
<prop name="interconnection-security" value="unsupported-security" ns="https://fedramp.gov/ns/oscal"/> | ||
<status state="operational"/> | ||
<responsible-role role-id="system-admin"> | ||
<party-uuid>11111111-0000-4000-9000-000000000001</party-uuid> | ||
</responsible-role> | ||
<remarks> | ||
<p>This connection is used for secure data exchange with external systems.</p> | ||
</remarks> | ||
</component> | ||
|
||
<inventory-item uuid="77777777-0000-4000-9000-000000000007"> | ||
<description> | ||
<p>Primary database server</p> | ||
</description> | ||
<prop name="asset-id" value="DB-001" ns="http://csrc.nist.gov/ns/oscal"/> | ||
<prop name="asset-type" value="database"/> | ||
<prop name="allows-authenticated-scan" value="unsupported-scan"/> | ||
<prop name="public" value="unsupported-public"/> | ||
<prop name="virtual" value="unsupported-virtual"/> | ||
<prop name="scan-type" value="unsupported-scan-type" ns="https://fedramp.gov/ns/oscal"/> | ||
<responsible-party role-id="asset-owner"> | ||
<party-uuid>11111111-0000-4000-9000-000000000001</party-uuid> | ||
</responsible-party> | ||
<implemented-component component-uuid="55555555-0000-4000-9000-000000000005"> | ||
<prop name="asset-id" value="DB-001" ns="http://csrc.nist.gov/ns/oscal"/> | ||
</implemented-component> | ||
</inventory-item> | ||
</system-implementation> | ||
|
||
<control-implementation> | ||
<description> | ||
<p>Implementation of controls for the Enhanced Example System</p> | ||
</description> | ||
<implemented-requirement uuid="88888888-0000-4000-9000-000000000008" control-id="ac-1"> | ||
<prop name="control-origination" value="unsupported-origination" ns="https://fedramp.gov/ns/oscal"/> | ||
<prop name="implementation-status" value="unsupported-status" ns="https://fedramp.gov/ns/oscal"/> | ||
<statement statement-id="ac-1_stmt.a" uuid="99999999-0000-4000-9000-000000000009"> | ||
</statement> | ||
<by-component component-uuid="55555555-0000-4000-9000-000000000005" uuid="aaaaaaaa-0000-4000-9000-00000000000a"> | ||
<description> | ||
<p>Access Control Policy and Procedures (AC-1) is fully implemented in our system.</p> | ||
</description> | ||
<prop ns="https://fedramp.gov/ns/oscal" name="implementation-status" value="unsupported-status"/> | ||
<responsible-role role-id="system-admin"> | ||
<party-uuid>11111111-0000-4000-9000-000000000001</party-uuid> | ||
</responsible-role> | ||
</by-component> | ||
</implemented-requirement> | ||
|
||
<implemented-requirement uuid="bbbbbbbb-0000-4000-9000-00000000000b" control-id="cm-8"> | ||
<prop name="control-origination" value="unsupported-origination" ns="https://fedramp.gov/ns/oscal"/> | ||
<statement statement-id="cm-8_stmt.a" uuid="cccccccc-0000-4000-9000-00000000000c"> | ||
</statement> | ||
<by-component component-uuid="55555555-0000-4000-9000-000000000005" uuid="dddddddd-0000-4000-9000-00000000000d"> | ||
<description> | ||
<p>Information System Component Inventory (CM-8) is partially implemented.</p> | ||
</description> | ||
<prop ns="https://fedramp.gov/ns/oscal" name="implementation-status" value="unsupported-status"/> | ||
<responsible-role role-id="system-admin"> | ||
<party-uuid>11111111-0000-4000-9000-000000000001</party-uuid> | ||
</responsible-role> | ||
</by-component> | ||
</implemented-requirement> | ||
</control-implementation> | ||
|
||
<back-matter> | ||
<resource uuid="eeeeeeee-0000-4000-9000-00000000000e"> | ||
<!-- There is no <title/> to purposefully to trigger an error for negative testing. --> | ||
<description> | ||
<p>Detailed access control policy document</p> | ||
</description> | ||
<prop name="type" value="unsupported-type" ns="https://fedramp.gov/ns/oscal"/> | ||
<!-- There is no <rlink/> to purposefully to trigger an error for negative testing. --> | ||
</resource> | ||
</back-matter> | ||
</system-security-plan> |
2 changes: 1 addition & 1 deletion
2
src/validations/constraints/unit-tests/responsible-party-is-person-FAIL.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,7 @@ | ||
test-case: | ||
name: Negative Test for responsible-party-is-person | ||
description: This test case validates the behavior of constraint responsible-party-is-person | ||
content: ssp-all-INVALID.xml | ||
content: ssp-responsible-party-is-person-INVALID.xml | ||
expectations: | ||
- constraint-id: responsible-party-is-person | ||
result: fail |