remove rev4 constraints

GSA · Dec 3, 2024 · b51779e · b51779e
1 parent 476f2d0
commit b51779e
Show file tree

Hide file tree

Showing 7 changed files with 4 additions and 50 deletions.
diff --git a/features/fedramp_extensions.feature b/features/fedramp_extensions.feature
@@ -6,6 +6,7 @@ Scenario Outline: Validating OSCAL constraints with metaschema constraints
 
 @integration
 Scenario Outline: Documents that should be valid are pass
+  Given I have loaded all Metaschema extensions documents
   Then I should have valid results "<valid_file>"
 Examples:
 | valid_file     |
@@ -125,9 +126,7 @@ Examples:
   | security-sensitivity-level-matches-security-impact-level |
   | unique-inventory-item-asset-id |
   | user-has-authorized-privilege |
-  | user-has-privilege-level |
   | user-has-role-id |
-  | user-has-sensitivity-level |
   | user-has-user-type |
   | user-privilege-level |
   | user-sensitivity-level |
@@ -347,12 +346,8 @@ Examples:
   | unique-inventory-item-asset-id-PASS.yaml |
   | user-has-authorized-privilege-FAIL.yaml |
   | user-has-authorized-privilege-PASS.yaml |
-  | user-has-privilege-level-FAIL.yaml |
-  | user-has-privilege-level-PASS.yaml |
   | user-has-role-id-FAIL.yaml |
   | user-has-role-id-PASS.yaml |
-  | user-has-sensitivity-level-FAIL.yaml |
-  | user-has-sensitivity-level-PASS.yaml |
   | user-has-user-type-FAIL.yaml |
   | user-has-user-type-PASS.yaml |
   | user-privilege-level-FAIL.yaml |

diff --git a/features/steps/fedramp_extensions_steps.ts b/features/steps/fedramp_extensions_steps.ts
@@ -16,7 +16,7 @@ import { Exception, Log, Result } from "sarif";
 import { fileURLToPath } from "url";
 import { parseString } from "xml2js";
 import { promisify } from "util";
-import {formatSarifOutput,fedrampValidationOptions} from 'oscal'
+import {formatSarifOutput} from 'oscal'
 let executor: 'oscal-cli'|'oscal-server' = process.env.OSCAL_EXECUTOR as 'oscal-cli'|'oscal-server' || 'oscal-cli'
 const quiet = process.env.OSCAL_TEST_QUIET === 'true'
 
@@ -677,7 +677,8 @@ Then('I should have valid results {string}', async function (fileToValidate) {
     "src",
     "validations","constraints","content",fileToValidate
   );
-  const {isValid,log}=await validateDocument(fullPath,{quiet,...fedrampValidationOptions},executor);
+  const {isValid,log}=await validateDocument(fullPath,{quiet,
+    extensions:metaschemaDocuments.flatMap((x) => resolve(x))},executor);
   expect(isValid,formatSarifOutput(log)).to.be.true;
 });
 

diff --git a/src/validations/constraints/fedramp-external-constraints.xml b/src/validations/constraints/fedramp-external-constraints.xml
@@ -32,21 +32,11 @@
                 <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#user"/>
                 <message>A FedRAMP document MUST define a user with at least one authorized privilege by a privilege identifier.</message>
             </expect>
-            <expect id="user-has-privilege-level" target="." test="count(prop[@name='privilege-level'][@ns='https://fedramp.gov/ns/oscal']) = 1" level="ERROR">
-                <formal-name>User Has Privilege Level</formal-name>
-                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#user"/>
-                <message>A FedRAMP document MUST define a user with a privilege for their use of the system.</message>
-            </expect>
             <expect id="user-has-role-id" target="." test="count(role-id) gt 0" level="ERROR">
                 <formal-name>User Has Role ID</formal-name>
                 <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#user"/>
                 <message>A FedRAMP document MUST define a user with at least one role by a role identifier.</message>
             </expect>
-            <expect id="user-has-sensitivity-level" target="." test="count(prop[@name='sensitivity']) = 1" level="ERROR">
-                <formal-name>User Has Sensitivity Level</formal-name>
-                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#user"/>
-                <message>A FedRAMP document MUST define a user with a sensitivity level of their use of the system.</message>
-            </expect>
             <expect id="user-has-user-type" target="." test="count(prop[@name='type']) = 1" level="ERROR">
                 <formal-name>User Has User Type</formal-name>
                 <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#user"/>

diff --git a/src/validations/constraints/unit-tests/user-has-privilege-level-FAIL.yaml b/src/validations/constraints/unit-tests/user-has-privilege-level-FAIL.yaml
diff --git a/src/validations/constraints/unit-tests/user-has-privilege-level-PASS.yaml b/src/validations/constraints/unit-tests/user-has-privilege-level-PASS.yaml
diff --git a/src/validations/constraints/unit-tests/user-has-sensitivity-level-FAIL.yaml b/src/validations/constraints/unit-tests/user-has-sensitivity-level-FAIL.yaml
diff --git a/src/validations/constraints/unit-tests/user-has-sensitivity-level-PASS.yaml b/src/validations/constraints/unit-tests/user-has-sensitivity-level-PASS.yaml