From 428a3d018a8243b007bc93ef343742d2c98aaedf Mon Sep 17 00:00:00 2001 From: Dave Waltermire Date: Thu, 20 Jun 2024 17:25:07 -0400 Subject: [PATCH] Add support for SARIF-based results production. --- .../secauto/oscal/tools/cli/core/CLI.java | 20 +++++++++++-------- .../AbstractOscalConvertSubcommand.java | 2 +- .../cli/core/commands/ConvertCommand.java | 2 +- .../assessmentplan/ConvertSubcommand.java | 2 +- .../assessmentresults/ConvertSubcommand.java | 2 +- .../commands/catalog/ConvertSubcommand.java | 2 +- .../ConvertSubcommand.java | 2 +- .../core/commands/poam/ConvertSubcommand.java | 2 +- .../commands/profile/ConvertSubcommand.java | 2 +- .../core/commands/ssp/ConvertSubcommand.java | 2 +- .../secauto/oscal/tools/cli/core/CLITest.java | 8 ++++++++ 11 files changed, 29 insertions(+), 17 deletions(-) diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/CLI.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/CLI.java index 31208f5..c48dab6 100644 --- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/CLI.java +++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/CLI.java @@ -46,7 +46,8 @@ import gov.nist.secauto.oscal.tools.cli.core.commands.profile.ProfileCommand; import gov.nist.secauto.oscal.tools.cli.core.commands.ssp.SystemSecurityPlanCommand; -import java.util.List; +import java.util.LinkedHashMap; +import java.util.Map; import edu.umd.cs.findbugs.annotations.NonNull; @@ -62,13 +63,16 @@ public static void main(String[] args) { @NonNull public static ExitStatus runCli(String... args) { - List versions = ObjectUtils.notNull( - List.of( - new OscalCliVersion(), - new LibOscalVersion(), - new OscalVersion(), - new MetaschemaJavaVersion(), - new MetaschemaVersion())); + @SuppressWarnings("serial") Map versions = ObjectUtils.notNull( + new LinkedHashMap<>() { + { + put(CLIProcessor.COMMAND_VERSION, new OscalCliVersion()); + put("https://github.com/usnistgov/liboscal-java", new LibOscalVersion()); + put("https://github.com/usnistgov/OSCAL", new OscalVersion()); + put("https://github.com/usnistgov/metaschema-java", new MetaschemaJavaVersion()); + put("https://github.com/usnistgov/metaschema", new MetaschemaVersion()); + } + }); CLIProcessor processor = new CLIProcessor("oscal-cli", versions); processor.addCommandHandler(new CatalogCommand()); processor.addCommandHandler(new ProfileCommand()); diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/AbstractOscalConvertSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/AbstractOscalConvertSubcommand.java index c9f5cef..729263c 100644 --- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/AbstractOscalConvertSubcommand.java +++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/AbstractOscalConvertSubcommand.java @@ -30,10 +30,10 @@ import gov.nist.secauto.metaschema.cli.processor.CLIProcessor.CallingContext; import gov.nist.secauto.metaschema.cli.processor.ExitStatus; import gov.nist.secauto.metaschema.cli.processor.command.ICommandExecutor; +import gov.nist.secauto.metaschema.core.model.IBoundObject; import gov.nist.secauto.metaschema.databind.IBindingContext; import gov.nist.secauto.metaschema.databind.io.Format; import gov.nist.secauto.metaschema.databind.io.IBoundLoader; -import gov.nist.secauto.metaschema.databind.model.IBoundObject; import gov.nist.secauto.oscal.lib.OscalBindingContext; import org.apache.commons.cli.CommandLine; diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ConvertCommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ConvertCommand.java index 3a69e81..d4ccfd6 100644 --- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ConvertCommand.java +++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ConvertCommand.java @@ -29,13 +29,13 @@ import gov.nist.secauto.metaschema.cli.commands.AbstractConvertSubcommand; import gov.nist.secauto.metaschema.cli.processor.CLIProcessor.CallingContext; import gov.nist.secauto.metaschema.cli.processor.command.ICommandExecutor; +import gov.nist.secauto.metaschema.core.model.IBoundObject; import gov.nist.secauto.metaschema.databind.IBindingContext; import gov.nist.secauto.metaschema.databind.io.Format; import gov.nist.secauto.metaschema.databind.io.FormatDetector; import gov.nist.secauto.metaschema.databind.io.IBoundLoader; import gov.nist.secauto.metaschema.databind.io.ISerializer; import gov.nist.secauto.metaschema.databind.io.ModelDetector; -import gov.nist.secauto.metaschema.databind.model.IBoundObject; import gov.nist.secauto.oscal.lib.OscalBindingContext; import org.apache.commons.cli.CommandLine; diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentplan/ConvertSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentplan/ConvertSubcommand.java index 2c9f51a..5081a81 100644 --- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentplan/ConvertSubcommand.java +++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentplan/ConvertSubcommand.java @@ -26,7 +26,7 @@ package gov.nist.secauto.oscal.tools.cli.core.commands.assessmentplan; -import gov.nist.secauto.metaschema.databind.model.IBoundObject; +import gov.nist.secauto.metaschema.core.model.IBoundObject; import gov.nist.secauto.oscal.lib.model.AssessmentPlan; import gov.nist.secauto.oscal.tools.cli.core.commands.AbstractOscalConvertSubcommand; diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentresults/ConvertSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentresults/ConvertSubcommand.java index eecff1c..667480f 100644 --- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentresults/ConvertSubcommand.java +++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentresults/ConvertSubcommand.java @@ -26,7 +26,7 @@ package gov.nist.secauto.oscal.tools.cli.core.commands.assessmentresults; -import gov.nist.secauto.metaschema.databind.model.IBoundObject; +import gov.nist.secauto.metaschema.core.model.IBoundObject; import gov.nist.secauto.oscal.lib.model.AssessmentResults; import gov.nist.secauto.oscal.tools.cli.core.commands.AbstractOscalConvertSubcommand; diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/catalog/ConvertSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/catalog/ConvertSubcommand.java index 39d328a..b1ec4fd 100644 --- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/catalog/ConvertSubcommand.java +++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/catalog/ConvertSubcommand.java @@ -26,7 +26,7 @@ package gov.nist.secauto.oscal.tools.cli.core.commands.catalog; -import gov.nist.secauto.metaschema.databind.model.IBoundObject; +import gov.nist.secauto.metaschema.core.model.IBoundObject; import gov.nist.secauto.oscal.lib.model.Catalog; import gov.nist.secauto.oscal.tools.cli.core.commands.AbstractOscalConvertSubcommand; diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/componentdefinition/ConvertSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/componentdefinition/ConvertSubcommand.java index f4ce7a6..ea54309 100644 --- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/componentdefinition/ConvertSubcommand.java +++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/componentdefinition/ConvertSubcommand.java @@ -26,7 +26,7 @@ package gov.nist.secauto.oscal.tools.cli.core.commands.componentdefinition; -import gov.nist.secauto.metaschema.databind.model.IBoundObject; +import gov.nist.secauto.metaschema.core.model.IBoundObject; import gov.nist.secauto.oscal.lib.model.ComponentDefinition; import gov.nist.secauto.oscal.tools.cli.core.commands.AbstractOscalConvertSubcommand; diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/poam/ConvertSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/poam/ConvertSubcommand.java index 0ba4dfd..50357e2 100644 --- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/poam/ConvertSubcommand.java +++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/poam/ConvertSubcommand.java @@ -26,7 +26,7 @@ package gov.nist.secauto.oscal.tools.cli.core.commands.poam; -import gov.nist.secauto.metaschema.databind.model.IBoundObject; +import gov.nist.secauto.metaschema.core.model.IBoundObject; import gov.nist.secauto.oscal.lib.model.PlanOfActionAndMilestones; import gov.nist.secauto.oscal.tools.cli.core.commands.AbstractOscalConvertSubcommand; diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/profile/ConvertSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/profile/ConvertSubcommand.java index 70a818e..60436e8 100644 --- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/profile/ConvertSubcommand.java +++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/profile/ConvertSubcommand.java @@ -26,7 +26,7 @@ package gov.nist.secauto.oscal.tools.cli.core.commands.profile; -import gov.nist.secauto.metaschema.databind.model.IBoundObject; +import gov.nist.secauto.metaschema.core.model.IBoundObject; import gov.nist.secauto.oscal.lib.model.Profile; import gov.nist.secauto.oscal.tools.cli.core.commands.AbstractOscalConvertSubcommand; diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ssp/ConvertSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ssp/ConvertSubcommand.java index a0d2cca..f233a69 100644 --- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ssp/ConvertSubcommand.java +++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ssp/ConvertSubcommand.java @@ -26,7 +26,7 @@ package gov.nist.secauto.oscal.tools.cli.core.commands.ssp; -import gov.nist.secauto.metaschema.databind.model.IBoundObject; +import gov.nist.secauto.metaschema.core.model.IBoundObject; import gov.nist.secauto.oscal.lib.model.SystemSecurityPlan; import gov.nist.secauto.oscal.tools.cli.core.commands.AbstractOscalConvertSubcommand; diff --git a/src/test/java/gov/nist/secauto/oscal/tools/cli/core/CLITest.java b/src/test/java/gov/nist/secauto/oscal/tools/cli/core/CLITest.java index 5fa0fd7..2ebe391 100644 --- a/src/test/java/gov/nist/secauto/oscal/tools/cli/core/CLITest.java +++ b/src/test/java/gov/nist/secauto/oscal/tools/cli/core/CLITest.java @@ -106,6 +106,8 @@ private static Stream providesValues() throws IOException { new String[] { cmd, "validate", + "-o", + "target/" + cmd + "-invalid-" + format.name().toLowerCase(Locale.ROOT) + "-sarif.json", Paths.get("src/test/resources/cli/example_" + cmd + "_invalid" + sourceExtension).toString() }, ExitCode.FAIL, @@ -115,6 +117,8 @@ private static Stream providesValues() throws IOException { new String[] { cmd, "validate", + "-o", + "target/" + cmd + "-valid-" + format.name().toLowerCase(Locale.ROOT) + "-sarif.json", Paths.get("src/test/resources/cli/example_" + cmd + "_valid" + sourceExtension).toString() }, ExitCode.OK, @@ -125,6 +129,8 @@ private static Stream providesValues() throws IOException { Arguments.of( new String[] { "validate", + "-o", + "target/" + cmd + "-invalid-" + format.name().toLowerCase(Locale.ROOT) + "-sarif.json", Paths.get("src/test/resources/cli/example_" + cmd + "_invalid" + sourceExtension).toString() }, ExitCode.FAIL, @@ -133,6 +139,8 @@ private static Stream providesValues() throws IOException { Arguments.of( new String[] { "validate", + "-o", + "target/" + cmd + "-valid-" + format.name().toLowerCase(Locale.ROOT) + "-sarif.json", Paths.get("src/test/resources/cli/example_" + cmd + "_valid" + sourceExtension).toString() }, ExitCode.OK,