Add support for SARIF-based results production.

metaschema-framework · Jun 20, 2024 · 428a3d0 · 428a3d0
1 parent cab2042
commit 428a3d0
Show file tree

Hide file tree

Showing 11 changed files with 29 additions and 17 deletions.
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/CLI.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/CLI.java
@@ -46,7 +46,8 @@
 import gov.nist.secauto.oscal.tools.cli.core.commands.profile.ProfileCommand;
 import gov.nist.secauto.oscal.tools.cli.core.commands.ssp.SystemSecurityPlanCommand;
 
-import java.util.List;
+import java.util.LinkedHashMap;
+import java.util.Map;
 
 import edu.umd.cs.findbugs.annotations.NonNull;
 
@@ -62,13 +63,16 @@ public static void main(String[] args) {
 
   @NonNull
   public static ExitStatus runCli(String... args) {
-    List<IVersionInfo> versions = ObjectUtils.notNull(
-        List.of(
-            new OscalCliVersion(),
-            new LibOscalVersion(),
-            new OscalVersion(),
-            new MetaschemaJavaVersion(),
-            new MetaschemaVersion()));
+    @SuppressWarnings("serial") Map<String, IVersionInfo> versions = ObjectUtils.notNull(
+        new LinkedHashMap<>() {
+          {
+            put(CLIProcessor.COMMAND_VERSION, new OscalCliVersion());
+            put("https://github.com/usnistgov/liboscal-java", new LibOscalVersion());
+            put("https://github.com/usnistgov/OSCAL", new OscalVersion());
+            put("https://github.com/usnistgov/metaschema-java", new MetaschemaJavaVersion());
+            put("https://github.com/usnistgov/metaschema", new MetaschemaVersion());
+          }
+        });
     CLIProcessor processor = new CLIProcessor("oscal-cli", versions);
     processor.addCommandHandler(new CatalogCommand());
     processor.addCommandHandler(new ProfileCommand());

diff --git a/...n/java/gov/nist/secauto/oscal/tools/cli/core/commands/AbstractOscalConvertSubcommand.java b/...n/java/gov/nist/secauto/oscal/tools/cli/core/commands/AbstractOscalConvertSubcommand.java
@@ -30,10 +30,10 @@
 import gov.nist.secauto.metaschema.cli.processor.CLIProcessor.CallingContext;
 import gov.nist.secauto.metaschema.cli.processor.ExitStatus;
 import gov.nist.secauto.metaschema.cli.processor.command.ICommandExecutor;
+import gov.nist.secauto.metaschema.core.model.IBoundObject;
 import gov.nist.secauto.metaschema.databind.IBindingContext;
 import gov.nist.secauto.metaschema.databind.io.Format;
 import gov.nist.secauto.metaschema.databind.io.IBoundLoader;
-import gov.nist.secauto.metaschema.databind.model.IBoundObject;
 import gov.nist.secauto.oscal.lib.OscalBindingContext;
 
 import org.apache.commons.cli.CommandLine;

diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ConvertCommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ConvertCommand.java
@@ -29,13 +29,13 @@
 import gov.nist.secauto.metaschema.cli.commands.AbstractConvertSubcommand;
 import gov.nist.secauto.metaschema.cli.processor.CLIProcessor.CallingContext;
 import gov.nist.secauto.metaschema.cli.processor.command.ICommandExecutor;
+import gov.nist.secauto.metaschema.core.model.IBoundObject;
 import gov.nist.secauto.metaschema.databind.IBindingContext;
 import gov.nist.secauto.metaschema.databind.io.Format;
 import gov.nist.secauto.metaschema.databind.io.FormatDetector;
 import gov.nist.secauto.metaschema.databind.io.IBoundLoader;
 import gov.nist.secauto.metaschema.databind.io.ISerializer;
 import gov.nist.secauto.metaschema.databind.io.ModelDetector;
-import gov.nist.secauto.metaschema.databind.model.IBoundObject;
 import gov.nist.secauto.oscal.lib.OscalBindingContext;
 
 import org.apache.commons.cli.CommandLine;

diff --git a/...java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentplan/ConvertSubcommand.java b/...java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentplan/ConvertSubcommand.java
@@ -26,7 +26,7 @@
 
 package gov.nist.secauto.oscal.tools.cli.core.commands.assessmentplan;
 
-import gov.nist.secauto.metaschema.databind.model.IBoundObject;
+import gov.nist.secauto.metaschema.core.model.IBoundObject;
 import gov.nist.secauto.oscal.lib.model.AssessmentPlan;
 import gov.nist.secauto.oscal.tools.cli.core.commands.AbstractOscalConvertSubcommand;
 

diff --git a/...a/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentresults/ConvertSubcommand.java b/...a/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentresults/ConvertSubcommand.java
@@ -26,7 +26,7 @@
 
 package gov.nist.secauto.oscal.tools.cli.core.commands.assessmentresults;
 
-import gov.nist.secauto.metaschema.databind.model.IBoundObject;
+import gov.nist.secauto.metaschema.core.model.IBoundObject;
 import gov.nist.secauto.oscal.lib.model.AssessmentResults;
 import gov.nist.secauto.oscal.tools.cli.core.commands.AbstractOscalConvertSubcommand;
 

diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/catalog/ConvertSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/catalog/ConvertSubcommand.java
@@ -26,7 +26,7 @@
 
 package gov.nist.secauto.oscal.tools.cli.core.commands.catalog;
 
-import gov.nist.secauto.metaschema.databind.model.IBoundObject;
+import gov.nist.secauto.metaschema.core.model.IBoundObject;
 import gov.nist.secauto.oscal.lib.model.Catalog;
 import gov.nist.secauto.oscal.tools.cli.core.commands.AbstractOscalConvertSubcommand;
 

diff --git a/...gov/nist/secauto/oscal/tools/cli/core/commands/componentdefinition/ConvertSubcommand.java b/...gov/nist/secauto/oscal/tools/cli/core/commands/componentdefinition/ConvertSubcommand.java
@@ -26,7 +26,7 @@
 
 package gov.nist.secauto.oscal.tools.cli.core.commands.componentdefinition;
 
-import gov.nist.secauto.metaschema.databind.model.IBoundObject;
+import gov.nist.secauto.metaschema.core.model.IBoundObject;
 import gov.nist.secauto.oscal.lib.model.ComponentDefinition;
 import gov.nist.secauto.oscal.tools.cli.core.commands.AbstractOscalConvertSubcommand;
 

diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/poam/ConvertSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/poam/ConvertSubcommand.java
@@ -26,7 +26,7 @@
 
 package gov.nist.secauto.oscal.tools.cli.core.commands.poam;
 
-import gov.nist.secauto.metaschema.databind.model.IBoundObject;
+import gov.nist.secauto.metaschema.core.model.IBoundObject;
 import gov.nist.secauto.oscal.lib.model.PlanOfActionAndMilestones;
 import gov.nist.secauto.oscal.tools.cli.core.commands.AbstractOscalConvertSubcommand;
 

diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/profile/ConvertSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/profile/ConvertSubcommand.java
@@ -26,7 +26,7 @@
 
 package gov.nist.secauto.oscal.tools.cli.core.commands.profile;
 
-import gov.nist.secauto.metaschema.databind.model.IBoundObject;
+import gov.nist.secauto.metaschema.core.model.IBoundObject;
 import gov.nist.secauto.oscal.lib.model.Profile;
 import gov.nist.secauto.oscal.tools.cli.core.commands.AbstractOscalConvertSubcommand;
 

diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ssp/ConvertSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ssp/ConvertSubcommand.java
@@ -26,7 +26,7 @@
 
 package gov.nist.secauto.oscal.tools.cli.core.commands.ssp;
 
-import gov.nist.secauto.metaschema.databind.model.IBoundObject;
+import gov.nist.secauto.metaschema.core.model.IBoundObject;
 import gov.nist.secauto.oscal.lib.model.SystemSecurityPlan;
 import gov.nist.secauto.oscal.tools.cli.core.commands.AbstractOscalConvertSubcommand;
 

diff --git a/src/test/java/gov/nist/secauto/oscal/tools/cli/core/CLITest.java b/src/test/java/gov/nist/secauto/oscal/tools/cli/core/CLITest.java
@@ -106,6 +106,8 @@ private static Stream<Arguments> providesValues() throws IOException {
                 new String[] {
                     cmd,
                     "validate",
+                    "-o",
+                    "target/" + cmd + "-invalid-" + format.name().toLowerCase(Locale.ROOT) + "-sarif.json",
                     Paths.get("src/test/resources/cli/example_" + cmd + "_invalid" + sourceExtension).toString()
                 },
                 ExitCode.FAIL,
@@ -115,6 +117,8 @@ private static Stream<Arguments> providesValues() throws IOException {
                 new String[] {
                     cmd,
                     "validate",
+                    "-o",
+                    "target/" + cmd + "-valid-" + format.name().toLowerCase(Locale.ROOT) + "-sarif.json",
                     Paths.get("src/test/resources/cli/example_" + cmd + "_valid" + sourceExtension).toString()
                 },
                 ExitCode.OK,
@@ -125,6 +129,8 @@ private static Stream<Arguments> providesValues() throws IOException {
             Arguments.of(
                 new String[] {
                     "validate",
+                    "-o",
+                    "target/" + cmd + "-invalid-" + format.name().toLowerCase(Locale.ROOT) + "-sarif.json",
                     Paths.get("src/test/resources/cli/example_" + cmd + "_invalid" + sourceExtension).toString()
                 },
                 ExitCode.FAIL,
@@ -133,6 +139,8 @@ private static Stream<Arguments> providesValues() throws IOException {
             Arguments.of(
                 new String[] {
                     "validate",
+                    "-o",
+                    "target/" + cmd + "-valid-" + format.name().toLowerCase(Locale.ROOT) + "-sarif.json",
                     Paths.get("src/test/resources/cli/example_" + cmd + "_valid" + sourceExtension).toString()
                 },
                 ExitCode.OK,