-
Notifications
You must be signed in to change notification settings - Fork 92
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No 'value' in an 'hashes' object causes a runtime error #787
Comments
Thank you, this is a very useful bug report. We will track this down soon. More updates to follow. |
@Telos-sa, can you please provide the following specifically:
Thanks in advance for your continued reports, we appreciate it. |
oscal-cli --version
@aj-stein-gsa What argument did you want to see output of with --disable-schema-validation? The --version output? or the stack trace output? |
Can you please re-run the command that led to this stack track with the correct file like so And to make sure I am on the same page, can you please update the full command showing that failed validation command, with or without |
here it is with the command
|
Thanks for this report. Per review after today's discussion, there is a bug in the NIST documentation (reported in usnistgov/OSCAL-Reference#42) and a need to add more precise error message about how the necessary element in JSON is missing and gracefully handling that error condition, not presenting a NPE with stack trace without further detail. The metaschema-framework maintainers are tracking that in metaschema-framework/metaschema-java#205. Once these upstream issues are resovled, I can mark this issue downstream here as resolved. For the time being, I will mark it as blocked. |
For @aj-stein-gsa need to revisit the output and confirm improved error handling in 2.3.0 or newer release of |
Tried another snapshot release of 2.3.1 and it is still reporting the same error as repeated. Will follow up in the upstream project as this is an issue with |
Marking blocked until we receive user feedback. |
The upstream project has updated the error messaging as documented in metaschema-framework/metaschema-java#239. I have prepared an example file to demonstrate the updated error messaging. As null data fields are often signfiicant issues, the tool now captures the stack trace, reports it, but as requested will reliably print the Metapath query to precisely identify where the missing non-conformant data was not encoded. Here is the GitHub Gist. https://gist.github.com/aj-stein-gsa/63953e88bfd813a1c9e92865cea5fff0 Here is the resulting error. % oscal-cli --version
oscal-cli 2.3.1 built at 2024-11-09 22:03 from branch 626ab999e3ff69b81b3775d22d18f834d3c92638 (626ab99) at https://github.com/metaschema-framework/oscal-cli
liboscal-java built at 2024-11-09 21:49 from branch 32b8e398eab9fedd371fc4b3f1519170fb46a1d7 (32b8e39) at https://github.com/metaschema-framework/liboscal-java
oscal v1.1.2 built at 2024-11-09 21:49 from branch 4f02dac6f698efda387cc5f55bc99581eaf494b6 (4f02dac) at https://github.com/usnistgov/OSCAL.git
metaschema-java 2.0.1 built at 2024-11-09T21:13:35+0000 from branch 964b8456020ec810a0eb885208dda4584c660f9a (964b845) at https://github.com/metaschema-framework/metaschema-java
metaschema built at 2024-11-09T21:13:35+0000 from branch b6601f7430f83f1a53a11bf32575b69e131bc912 (b6601f7) at https://github.com/metaschema-framework/metaschema.git
% oscal-cli convert --to=json ssp-all-VALID.xml ssp-all-VALID.json --overwrite
Converting 'file:/home/me/fedramp-automation/src/validations/constraints/content/ssp-all-VALID.xml'.
Generated JSON file: /home/me/fedramp-automation/src/validations/constraints/content/ssp-all-VALID.json
alexanderjstein@FCOH2J-JH2LXQ2H content % oscal-cli validate '/home/me/fedramp-automation/src/validations/constraints/content/ssp-all-VALID.json'
Validating 'file:/home/me/fedramp-automation/src/validations/constraints/content/ssp-all-VALID.json' as JSON.
A gov.nist.secauto.metaschema.core.model.constraint.impl.DefaultMatchesConstraint constraint targeting the metapath '.[@algorithm=('SHA-256','SHA3-256')]', matching the item at path '/system-security-plan/back-matter[1]/resource[10]/rlink[1]/hash[1]', resulted in an unexpected error. The error was: null
java.lang.NullPointerException: null
at gov.nist.secauto.metaschema.core.util.ObjectUtils.requireNonNull(ObjectUtils.java:53) ~[dev.metaschema.java.metaschema-core-2.0.1.jar:?]
at gov.nist.secauto.metaschema.databind.model.IBoundDefinitionModelFieldComplex.getFieldValue(IBoundDefinitionModelFieldComplex.java:77) ~[dev.metaschema.java.metaschema-databind-2.0.1.jar:?]
at gov.nist.secauto.metaschema.core.metapath.item.node.FieldInstanceNodeItemImpl.getAtomicValue(FieldInstanceNodeItemImpl.java:68) ~[dev.metaschema.java.metaschema-core-2.0.1.jar:?]
at gov.nist.secauto.metaschema.core.metapath.item.node.IFeatureAtomicValuedItem.newAtomicItem(IFeatureAtomicValuedItem.java:22) ~[dev.metaschema.java.metaschema-core-2.0.1.jar:?]
at nl.talsmasoftware.lazy4j.Lazy.forceEagerEvaluation(Lazy.java:85) ~[nl.talsmasoftware.lazy4j-2.0.0.jar:?]
at nl.talsmasoftware.lazy4j.Lazy.get(Lazy.java:101) ~[nl.talsmasoftware.lazy4j-2.0.0.jar:?]
at gov.nist.secauto.metaschema.core.metapath.item.node.FieldInstanceNodeItemImpl.toAtomicItem(FieldInstanceNodeItemImpl.java:73) ~[dev.metaschema.java.metaschema-core-2.0.1.jar:?]
at gov.nist.secauto.metaschema.core.metapath.function.library.FnData.fnDataItem(FnData.java:131) ~[dev.metaschema.java.metaschema-core-2.0.1.jar:?]
at gov.nist.secauto.metaschema.core.model.constraint.DefaultConstraintValidator.validateMatchesItem(DefaultConstraintValidator.java:544) ~[dev.metaschema.java.metaschema-core-2.0.1.jar:?]
at gov.nist.secauto.metaschema.core.model.constraint.DefaultConstraintValidator.lambda$validateMatches$2(DefaultConstraintValidator.java:534) ~[dev.metaschema.java.metaschema-core-2.0.1.jar:?]
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:184) ~[?:?]
at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197) ~[?:?]
at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179) ~[?:?]
at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197) ~[?:?]
at java.base/java.util.stream.Streams$StreamBuilderImpl.forEachRemaining(Streams.java:411) ~[?:?]
at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509) ~[?:?]
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499) ~[?:?]
at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:151) ~[?:?]
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:174) ~[?:?]
at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?]
at java.base/java.util.stream.ReferencePipeline.forEachOrdered(ReferencePipeline.java:601) ~[?:?]
at gov.nist.secauto.metaschema.core.model.constraint.DefaultConstraintValidator.validateMatches(DefaultConstraintValidator.java:531) [dev.metaschema.java.metaschema-core-2.0.1.jar:?]
at gov.nist.secauto.metaschema.core.model.constraint.DefaultConstraintValidator.validateMatches(DefaultConstraintValidator.java:505) [dev.metaschema.java.metaschema-core-2.0.1.jar:?]
at gov.nist.secauto.metaschema.core.model.constraint.DefaultConstraintValidator.validateField(DefaultConstraintValidator.java:188) [dev.metaschema.java.metaschema-core-2.0.1.jar:?]
at gov.nist.secauto.metaschema.core.model.constraint.DefaultConstraintValidator$Visitor.visitField(DefaultConstraintValidator.java:995) [dev.metaschema.java.metaschema-core-2.0.1.jar:?]
at gov.nist.secauto.metaschema.core.model.constraint.DefaultConstraintValidator$Visitor.visitField(DefaultConstraintValidator.java:945) [dev.metaschema.java.metaschema-core-2.0.1.jar:?]
at gov.nist.secauto.metaschema.core.metapath.item.node.IFieldNodeItem.accept(IFieldNodeItem.java:45) [dev.metaschema.java.metaschema-core-2.0.1.jar:?]
at gov.nist.secauto.metaschema.core.metapath.item.node.AbstractNodeItemVisitor.visitModelChildren(AbstractNodeItemVisitor.java:73) [dev.metaschema.java.metaschema-core-2.0.1.jar:?]
at gov.nist.secauto.metaschema.core.metapath.item.node.AbstractNodeItemVisitor.visitAssembly(AbstractNodeItemVisitor.java:173) [dev.metaschema.java.metaschema-core-2.0.1.jar:?]
at gov.nist.secauto.metaschema.core.model.constraint.DefaultConstraintValidator$Visitor.visitAssembly(DefaultConstraintValidator.java:1009) [dev.metaschema.java.metaschema-core-2.0.1.jar:?]
at gov.nist.secauto.metaschema.core.model.constraint.DefaultConstraintValidator$Visitor.visitAssembly(DefaultConstraintValidator.java:945) [dev.metaschema.java.metaschema-core-2.0.1.jar:?]
at gov.nist.secauto.metaschema.core.metapath.item.node.IAssemblyNodeItem.accept(IAssemblyNodeItem.java:41) [dev.metaschema.java.metaschema-core-2.0.1.jar:?]
at gov.nist.secauto.metaschema.core.metapath.item.node.AbstractNodeItemVisitor.visitModelChildren(AbstractNodeItemVisitor.java:73) [dev.metaschema.java.metaschema-core-2.0.1.jar:?]
at gov.nist.secauto.metaschema.core.metapath.item.node.AbstractNodeItemVisitor.visitAssembly(AbstractNodeItemVisitor.java:173) [dev.metaschema.java.metaschema-core-2.0.1.jar:?]
at gov.nist.secauto.metaschema.core.model.constraint.DefaultConstraintValidator$Visitor.visitAssembly(DefaultConstraintValidator.java:1009) [dev.metaschema.java.metaschema-core-2.0.1.jar:?]
at gov.nist.secauto.metaschema.core.model.constraint.DefaultConstraintValidator$Visitor.visitAssembly(DefaultConstraintValidator.java:945) [dev.metaschema.java.metaschema-core-2.0.1.jar:?]
at gov.nist.secauto.metaschema.core.metapath.item.node.IAssemblyNodeItem.accept(IAssemblyNodeItem.java:41) [dev.metaschema.java.metaschema-core-2.0.1.jar:?]
at gov.nist.secauto.metaschema.core.metapath.item.node.AbstractNodeItemVisitor.visitModelChildren(AbstractNodeItemVisitor.java:73) [dev.metaschema.java.metaschema-core-2.0.1.jar:?]
at gov.nist.secauto.metaschema.core.metapath.item.node.AbstractNodeItemVisitor.visitAssembly(AbstractNodeItemVisitor.java:173) [dev.metaschema.java.metaschema-core-2.0.1.jar:?]
at gov.nist.secauto.metaschema.core.model.constraint.DefaultConstraintValidator$Visitor.visitAssembly(DefaultConstraintValidator.java:1009) [dev.metaschema.java.metaschema-core-2.0.1.jar:?]
at gov.nist.secauto.metaschema.core.model.constraint.DefaultConstraintValidator$Visitor.visitAssembly(DefaultConstraintValidator.java:945) [dev.metaschema.java.metaschema-core-2.0.1.jar:?]
at gov.nist.secauto.metaschema.core.metapath.item.node.IAssemblyNodeItem.accept(IAssemblyNodeItem.java:41) [dev.metaschema.java.metaschema-core-2.0.1.jar:?]
at gov.nist.secauto.metaschema.core.metapath.item.node.AbstractNodeItemVisitor.visitModelChildren(AbstractNodeItemVisitor.java:73) [dev.metaschema.java.metaschema-core-2.0.1.jar:?]
at gov.nist.secauto.metaschema.core.metapath.item.node.AbstractNodeItemVisitor.visitAssembly(AbstractNodeItemVisitor.java:173) [dev.metaschema.java.metaschema-core-2.0.1.jar:?]
at gov.nist.secauto.metaschema.core.model.constraint.DefaultConstraintValidator$Visitor.visitAssembly(DefaultConstraintValidator.java:1009) [dev.metaschema.java.metaschema-core-2.0.1.jar:?]
at gov.nist.secauto.metaschema.core.model.constraint.DefaultConstraintValidator$Visitor.visitAssembly(DefaultConstraintValidator.java:945) [dev.metaschema.java.metaschema-core-2.0.1.jar:?]
at gov.nist.secauto.metaschema.core.metapath.item.node.IAssemblyNodeItem.accept(IAssemblyNodeItem.java:41) [dev.metaschema.java.metaschema-core-2.0.1.jar:?]
at gov.nist.secauto.metaschema.core.model.constraint.DefaultConstraintValidator.validate(DefaultConstraintValidator.java:142) [dev.metaschema.java.metaschema-core-2.0.1.jar:?]
at gov.nist.secauto.metaschema.databind.IBindingContext.validate(IBindingContext.java:502) [dev.metaschema.java.metaschema-databind-2.0.1.jar:?]
at gov.nist.secauto.metaschema.databind.IBindingContext.validate(IBindingContext.java:474) [dev.metaschema.java.metaschema-databind-2.0.1.jar:?]
at gov.nist.secauto.metaschema.databind.IBindingContext.validateWithConstraints(IBindingContext.java:558) [dev.metaschema.java.metaschema-databind-2.0.1.jar:?]
at gov.nist.secauto.metaschema.cli.commands.AbstractValidateContentCommand$AbstractValidationCommandExecutor.validate(AbstractValidateContentCommand.java:267) [dev.metaschema.java.metaschema-cli-2.0.1.jar:?]
at gov.nist.secauto.metaschema.cli.commands.AbstractValidateContentCommand$AbstractValidationCommandExecutor.execute(AbstractValidateContentCommand.java:223) [dev.metaschema.java.metaschema-cli-2.0.1.jar:?]
at gov.nist.secauto.metaschema.cli.processor.CLIProcessor$CallingContext.invokeCommand(CLIProcessor.java:435) [dev.metaschema.java.cli-processor-2.0.1.jar:?]
at gov.nist.secauto.metaschema.cli.processor.CLIProcessor$CallingContext.processCommand(CLIProcessor.java:418) [dev.metaschema.java.cli-processor-2.0.1.jar:?]
at gov.nist.secauto.metaschema.cli.processor.CLIProcessor.parseCommand(CLIProcessor.java:184) [dev.metaschema.java.cli-processor-2.0.1.jar:?]
at gov.nist.secauto.metaschema.cli.processor.CLIProcessor.process(CLIProcessor.java:160) [dev.metaschema.java.cli-processor-2.0.1.jar:?]
at gov.nist.secauto.oscal.tools.cli.core.CLI.runCli(CLI.java:67) [dev.metaschema.oscal.oscal-cli-enhanced-2.3.1.jar:?]
at gov.nist.secauto.oscal.tools.cli.core.CLI.main(CLI.java:39) [dev.metaschema.oscal.oscal-cli-enhanced-2.3.1.jar:?]
Validation identified the following issues:
FATAL: [CRITICAL] [/system-security-plan/back-matter[1]/resource[10]/rlink[1]/hash[1]] A gov.nist.secauto.metaschema.core.model.constraint.impl.DefaultMatchesConstraint constraint targeting the metapath '.[@algorithm=('SHA-256','SHA3-256')]', matching the item at path '/system-security-plan/back-matter[1]/resource[10]/rlink[1]/hash[1]', resulted in an unexpected error. The error was: null If the CLI does not work on your SSP similarly, we may want to schedule an office hours and then we can reopen and troubleshoot this issue accordingly. |
This is a ...
improvement - something could be better
This relates to ...
User Story
When validating an OSCAL SSP using the enhanced oscal-cli (v2.2.0), if there is no 'value' element provided in an 'hashes' object then a runtime error occurs:
Example rlinks>hashes structure causing the runtime error:
Runtime error with stack trace:
This is only an issue with the enhanced oscal-cli (I used v2.2.0). This doesn't occur with the base oscal-cli from NIST (v1.0.3). Here is the error message output when using the base oscal-cli (v1.0.3):
Goals
Modify enhanced oscal-cli validation to yield an error message for missing hashes>value rather than causing a runtime error.
Dependencies
No response
Acceptance Criteria
Other information
No response
The text was updated successfully, but these errors were encountered: