Skip to content

Commit

Permalink
Fix the boolean check for GSA#833 that held it up
Browse files Browse the repository at this point in the history 
Shout out to @kyhu65867 for trying to warn me about this during a long
pairing session, but me missing the hint.
  • Loading branch information
@aj-stein-gsa
aj-stein-gsa committed Nov 19, 2024
1 parent d23248a commit e1ecf0f
Showing 1 changed file with 24 additions and 0 deletions.
24 changes: 24 additions & 0 deletions src/validations/constraints/fedramp-external-constraints.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -189,6 +189,7 @@
<context>
<metapath target="/system-security-plan/metadata"/>
<constraints>
<<<<<<< HEAD
<let var="prepared-by-responsible-party-party-uuid" expression="responsible-party[@role-id eq 'prepared-by']/party-uuid"/>
<let var="prepared-by-party" expression="//party[@uuid eq $prepared-by-responsible-party-party-uuid]"/>
<let var="prepared-by-party-location-uuid" expression="//party[@uuid eq $prepared-by-responsible-party-party-uuid]/location-uuid"/>
Expand All @@ -197,6 +198,29 @@
<let var="prepared-for-party" expression="//party[@uuid eq $prepared-for-responsible-party-party-uuid]"/>
<let var="prepared-for-party-location-uuid" expression="//party[@uuid eq $prepared-for-responsible-party-party-uuid]/location-uuid"/>
<let var="prepared-for-location" expression="//location[@uuid eq $prepared-for-party-location-uuid]"/>
=======
<let var="preferred-version" expression="'3.0.0-rc1'"/>
<let var="fedramp-minimum-oscal-versions" expression="map{'3.0.0-rc1': '1.1.2'}"/>
<let var="doc-fedramp-version" expression="prop[@name='fedramp-version'][@ns='https://fedramp.gov/ns/oscal']"/>
<let var="fedramp-required-minimum-version"
expression="if (empty($doc-fedramp-version/@value))
then map:get($fedramp-minimum-oscal-versions, $preferred-version)
else map:get($fedramp-minimum-oscal-versions, $doc-fedramp-version/@value)"/>
<let var="required-doc-oscal-version-parts" expression="tokenize($fedramp-required-minimum-version, '\.')"/>
<let var="doc-oscal-version-parts" expression="tokenize(oscal-version, '\.')"/>
<let var="major-version-valid" expression="$doc-oscal-version-parts[1] = $required-doc-oscal-version-parts[1]">
<remarks>
<p>FedRAMP considers every major version as a possible source of backwards-compatible changes. FedRAMP only accepts versions with the same major version, but not newer.</p>
</remarks>
</let>
<let var="minor-version-valid" expression="$doc-oscal-version-parts[2] >= $required-doc-oscal-version-parts[2]"/>
<let var="patch-version-valid" expression="$doc-oscal-version-parts[3] >= $required-doc-oscal-version-parts[3]"/>
<expect id="oscal-version-matches-fedramp-version" target="oscal-version" level="WARNING"
test="$major-version-valid and $minor-version-valid and $patch-version-valid">
<prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://docs.oasis-open.org/sarif/sarif/v2.1.0"/>
<message>A FedRAMP document SHOULD have an OSCAL version that matches the minimally required version for FedRAMP packages ({$fedramp-required-minimum-version} not {.}).</message>
</expect>
>>>>>>> d37d0dd0 (Fix the boolean check for #833 that held it up)
<expect id="data-center-alternate" target="." test="count(/location/prop[@name eq 'type'][@value eq 'data-center'][@class eq 'alternate']) &gt; 0">
<formal-name>Data Center Alternate</formal-name>
<prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#data-centers"/>
Expand Down

0 comments on commit e1ecf0f

Please sign in to comment.