Squashed commit of the following:

commit f010473 Author: wandmagic <[email protected]> Date: Tue Dec 10 15:08:00 2024 -0500 re-introduce implemented-requirements constraints (GSA#981) * re-introduce implemented-requirements constraints * add doc available check for health url * fix spacing * Update src/validations/constraints/fedramp-external-constraints.xml Co-authored-by: Gabeblis <[email protected]> * Update src/validations/constraints/fedramp-external-constraints.xml Co-authored-by: Gabeblis <[email protected]> --------- Co-authored-by: Gabeblis <[email protected]> commit c0ad00e Author: Gabeblis <[email protected]> Date: Mon Dec 9 17:17:47 2024 -0500 Adjust link for all profiles (GSA#979) commit 8561600 Author: Gabeblis <[email protected]> Date: Mon Dec 9 11:27:48 2024 -0500 Add Components To `information-type-800-60-v2r1` Allowed Values (GSA#973) * Add Leveraged Authorizations and External, Interconnected, and Unauthorized Systems components to information-type allowed values * Adjust constraint target commit 788b67e Author: Gabeblis <[email protected]> Date: Mon Dec 9 09:32:35 2024 -0500 Fix constraint targets (GSA#974) commit 9d7946c Author: A.J. Stein <[email protected]> Date: Fri Dec 6 17:10:04 2024 -0500 [chore] Update container image to cli v2.4.0 (GSA#971) commit b2c9712 Author: Gabeblis <[email protected]> Date: Fri Dec 6 15:26:04 2024 -0500 Add `used-by-link-references-component` constraint (GSA#972) * Add 'used-by-link-references-component' constraint * Fix message Co-authored-by: Kylie Hunter <[email protected]> * fix message Co-authored-by: DimitriZhurkin <[email protected]> --------- Co-authored-by: Kylie Hunter <[email protected]> Co-authored-by: DimitriZhurkin <[email protected]> commit 3dac668 Author: Gabeblis <[email protected]> Date: Fri Dec 6 13:43:16 2024 -0500 Add `component-has-used-by-link` constraint (GSA#970) * Add constraint 'protocol-has-used-by-link' * Fix message * Change constraint id * Fix message (last time) * Update src/validations/constraints/content/ssp-component-has-used-by-link-INVALID.xml Co-authored-by: A.J. Stein <[email protected]> --------- Co-authored-by: A.J. Stein <[email protected]> commit c3db2b2 Author: DimitriZhurkin <[email protected]> Date: Thu Dec 5 13:07:39 2024 -0700 Add inter-boundary-component-has-direction constraint (GSA#930) (GSA#968) commit 5d6710f Author: Gabeblis <[email protected]> Date: Thu Dec 5 13:32:28 2024 -0500 Fix dev-constraint.js bug (GSA#967) commit a7f9022 Author: Gabeblis <[email protected]> Date: Thu Dec 5 13:23:21 2024 -0500 Add exists() to tests and remove duplicate constraint and fix system-implementation context (GSA#966) Remove duplicate constraint and fix system-implementation context commit 780b38a Author: wandmagic <[email protected]> Date: Thu Dec 5 12:50:29 2024 -0500 Hotfix/deprecate all valid (GSA#960) * deprecate ssp-all-valid * Update src/validations/constraints/content/ssp-has-network-architecture-diagram-link-href-target-VALID-1.xml Co-authored-by: A.J. Stein <[email protected]> * Update src/validations/constraints/content/ssp-has-authorization-boundary-diagram-link-href-target-VALID-1.xml Co-authored-by: A.J. Stein <[email protected]> * Update src/validations/constraints/content/ssp-has-data-flow-diagram-link-href-target-VALID-1.xml Co-authored-by: A.J. Stein <[email protected]> * Update src/validations/constraints/content/ssp-has-network-architecture-diagram-link-href-target-VALID-1.xml Co-authored-by: A.J. Stein <[email protected]> * Update fedramp-ssp-example.oscal.xml --------- Co-authored-by: A.J. Stein <[email protected]> commit 2c0e4de Author: Gabeblis <[email protected]> Date: Thu Dec 5 10:21:00 2024 -0500 Change cia-has-selected test (GSA#965) commit 9a8e155 Author: wandmagic <[email protected]> Date: Wed Dec 4 15:30:29 2024 -0500 Update fedramp-ssp-example.oscal.xml (GSA#959) commit 5f7ce81 Author: Gabeblis <[email protected]> Date: Tue Dec 3 23:38:31 2024 +0000 change example ssp location commit 56f399e Author: Gabeblis <[email protected]> Date: Tue Dec 3 23:23:59 2024 +0000 Edit content to make constraints pass commit d521a22 Author: Gabeblis <[email protected]> Date: Tue Dec 3 19:12:01 2024 +0000 Delete extra ssp commit 8cfb601 Author: Gabeblis <[email protected]> Date: Tue Dec 3 17:39:38 2024 +0000 Add example ssp to content file and edit constraint script to point yaml pass file to example ssp commit ff8f812 Author: ~ . ~ <[email protected]> Date: Tue Dec 3 13:50:22 2024 -0500 fix ssp to pass tests commit 85ec424 Author: Gabeblis <[email protected]> Date: Tue Dec 3 17:17:18 2024 +0000 Add example ssp to content file and edit constraint script to point yaml pass file to example ssp commit 7312686 Author: Kylie Hunter <[email protected]> Date: Mon Nov 25 16:15:01 2024 -0700 Add connection-security prop constraint for GSA#931 commit 6ccb539 Author: Gabeblis <[email protected]> Date: Tue Dec 3 16:39:47 2024 -0500 Add `issue-893` Constraints (GSA#949) * Add component-has-non-provider-responsible-role and tests * Add constraints and tests * Edit message commit dd3be5f Author: wandmagic <[email protected]> Date: Tue Dec 3 16:39:32 2024 -0500 remove rev4 constraints (GSA#954) commit 113c4f5 Author: Gabeblis <[email protected]> Date: Tue Dec 3 15:42:43 2024 -0500 Fix Bug Issue GSA#940 (GSA#951) commit c6f8e8f Author: wandmagic <[email protected]> Date: Tue Dec 3 13:08:35 2024 -0500 implementation point constraint (GSA#936) * implementation point constraint * add help uri * improve constraint * add extra fail content * Update src/validations/constraints/content/ssp-all-VALID.xml Co-authored-by: DimitriZhurkin <[email protected]> * Update fedramp-external-constraints.xml Co-authored-by: Rene Tshiteya <[email protected]> * implementation point constraint * add help uri * improve constraint * add extra fail content * Update src/validations/constraints/content/ssp-all-VALID.xml Co-authored-by: DimitriZhurkin <[email protected]> * Update fedramp-external-constraints.xml Co-authored-by: Rene Tshiteya <[email protected]> * add needed props to all valid * rebase Co-Authored-By: A.J. Stein <[email protected]> * Update src/validations/constraints/fedramp-external-constraints.xml Co-authored-by: A.J. Stein <[email protected]> --------- Co-authored-by: DimitriZhurkin <[email protected]> Co-authored-by: Rene Tshiteya <[email protected]> Co-authored-by: A.J. Stein <[email protected]> commit 1377478 Author: Gabeblis <[email protected]> Date: Tue Dec 3 08:57:37 2024 -0500 Add `component-responsible-role-references-party` constraint (GSA#945) * Add constraint 'component-responsible-role-references-party' and tests * correct test * Rename constraint and adjust help-url * Edit message Co-authored-by: A.J. Stein <[email protected]> --------- Co-authored-by: A.J. Stein <[email protected]> commit a8461fb Author: ~ . ~ <[email protected]> Date: Mon Dec 2 11:09:13 2024 -0500 pin server + update oscal-js version commit b82c417 Author: Gabeblis <[email protected]> Date: Mon Dec 2 14:07:05 2024 -0500 Add `leveraged-authorization-has-valid-impact-level` Constraint (GSA#913) * Add leveraged-authorization constraint * rename constraint * fix constraint test * correct constraint test * Change 'http' to 'https' * Add level commit 1db5f97 Author: Gabeblis <[email protected]> Date: Mon Dec 2 13:13:17 2024 -0500 Constraints/cleanup constraints file (GSA#946) * clean up fedramp-external-constraints.xml * fix * Add message to fully-operational-date-type
wandmagic · Dec 11, 2024 · d5f6fc4 · d5f6fc4
1 parent 3dac868
commit d5f6fc4
Show file tree

Hide file tree

Showing 175 changed files with 10,939 additions and 88,937 deletions.
diff --git a/.tool-versions b/.tool-versions
@@ -1 +1,2 @@
-oscal-cli 2.4.0
+oscal-cli 2.4.0
+oscal-server v1.0.0-SNAPSHOT-6363f60-20241202160440
diff --git a/Dockerfile b/Dockerfile
@@ -10,7 +10,7 @@ ARG TEMURIN_APK_KEY_URL=https://packages.adoptium.net/artifactory/api/security/k
 ARG TEMURIN_APK_REPO_URL=https://packages.adoptium.net/artifactory/apk/alpine/main
 ARG TEMURIN_APK_VERSION=temurin-22-jdk
 ARG MAVEN_DEP_PLUGIN_VERSION=3.8.0
-ARG OSCAL_CLI_VERSION=2.3.1
+ARG OSCAL_CLI_VERSION=2.4.0
 # Current public key ID for [email protected] releases of oscal-cli
 # Static analysis from docker build and push warns this is a secret, it is not
 # and is necessary to cross-ref the Maven GPG key for checking build signatures.

diff --git a/features/fedramp_extensions.feature b/features/fedramp_extensions.feature
@@ -6,12 +6,11 @@ Scenario Outline: Validating OSCAL constraints with metaschema constraints
 
 @integration
 Scenario Outline: Documents that should be valid are pass
+  Given I have loaded all Metaschema extensions documents
   Then I should have valid results "<valid_file>"
 Examples:
 | valid_file     |
-| ssp-all-VALID.xml |
-# | ../../../content/awesome-cloud/xml/AwesomeCloudSSP1.xml |
-# | ../../../content/awesome-cloud/xml/AwesomeCloudSSP2.xml |
+| ../../../content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml |
 
 @full-coverage
 Scenario: Preparing constraint coverage analysis
@@ -36,6 +35,9 @@ Examples:
   | cia-impact-has-selected |
   | cloud-service-model |
   | component-has-authentication-method |
+  | component-has-non-provider-responsible-role |
+  | component-has-provider-responsible-role |
+  | component-has-used-by-link |
   | component-type |
   | control-implementation-status |
   | data-center-alternate |
@@ -46,6 +48,7 @@ Examples:
   | deployment-model |
   | external-system-nature-of-agreement |
   | fedramp-citations-has-correct-link |
+  | extraneous-implemented-requirements |
   | fedramp-version |
   | fully-operational-date-is-valid |
   | fully-operational-date-type |
@@ -100,11 +103,13 @@ Examples:
   | has-user-guide |
   | import-profile-has-available-document |
   | import-profile-resolves-to-fedramp-content |
+  | incomplete-implemented-requirements |
   | information-type-800-60-v2r1 |
   | information-type-has-availability-impact |
   | information-type-has-confidentiality-impact |
   | information-type-has-integrity-impact |
   | information-type-system |
+  | inter-boundary-component-has-direction |
   | interconnection-direction |
   | interconnection-security |
   | inventory-item-allows-authenticated-scan |
@@ -113,9 +118,13 @@ Examples:
   | leveraged-authorization-has-authorization-type |
   | leveraged-authorization-has-impact-level |
   | leveraged-authorization-has-system-identifier |
+  | leveraged-authorization-has-valid-impact-level |
   | leveraged-authorization-nature-of-agreement |
   | marking |
   | missing-response-components |
+  | network-component-has-connection-security-prop |
+  | network-component-has-implementation-point |
+  | non-provider-responsible-role-references-user |
   | party-has-name |
   | privilege-level |
   | prop-response-point-has-cardinality-one |
@@ -136,11 +145,10 @@ Examples:
   | security-level |
   | security-sensitivity-level-matches-security-impact-level |
   | unique-inventory-item-asset-id |
+  | used-by-link-references-component |
   | user-authentication |
   | user-has-authorized-privilege |
-  | user-has-privilege-level |
   | user-has-role-id |
-  | user-has-sensitivity-level |
   | user-has-user-type |
   | user-privilege-level |
   | user-sensitivity-level |
@@ -182,6 +190,12 @@ Examples:
   | cloud-service-model-PASS.yaml |
   | component-has-authentication-method-FAIL.yaml |
   | component-has-authentication-method-PASS.yaml |
+  | component-has-non-provider-responsible-role-FAIL.yaml |
+  | component-has-non-provider-responsible-role-PASS.yaml |
+  | component-has-used-by-link-FAIL.yaml |
+  | component-has-used-by-link-PASS.yaml |
+  | component-responsible-role-references-party-FAIL.yaml |
+  | component-responsible-role-references-party-PASS.yaml |
   | component-type-FAIL.yaml |
   | component-type-PASS.yaml |
   | control-implementation-status-FAIL.yaml |
@@ -202,6 +216,8 @@ Examples:
   | external-system-nature-of-agreement-PASS.yaml |
   | fedramp-citations-has-correct-link-FAIL.yaml |
   | fedramp-citations-has-correct-link-PASS.yaml |
+  | extraneous-implemented-requirements-FAIL.yaml |
+  | extraneous-implemented-requirements-PASS.yaml |
   | fedramp-version-FAIL.yaml |
   | fedramp-version-PASS.yaml |
   | fully-operational-date-is-valid-FAIL.yaml |
@@ -310,6 +326,8 @@ Examples:
   | import-profile-has-available-document-PASS.yaml |
   | import-profile-resolves-to-fedramp-content-FAIL.yaml |
   | import-profile-resolves-to-fedramp-content-PASS.yaml |
+  | incomplete-implemented-requirements-FAIL.yaml |
+  | incomplete-implemented-requirements-PASS.yaml |
   | information-type-has-availability-impact-FAIL.yaml |
   | information-type-has-availability-impact-PASS.yaml |
   | information-type-has-confidentiality-impact-FAIL.yaml |
@@ -320,6 +338,8 @@ Examples:
   | information-type-id-PASS.yaml |
   | information-type-system-FAIL.yaml |
   | information-type-system-PASS.yaml |
+  | inter-boundary-component-has-direction-FAIL.yaml |
+  | inter-boundary-component-has-direction-PASS.yaml |
   | interconnection-direction-FAIL.yaml |
   | interconnection-direction-PASS.yaml |
   | interconnection-security-FAIL.yaml |
@@ -336,12 +356,20 @@ Examples:
   | leveraged-authorization-has-impact-level-PASS.yaml |
   | leveraged-authorization-has-system-identifier-FAIL.yaml |
   | leveraged-authorization-has-system-identifier-PASS.yaml |
+  | leveraged-authorization-has-valid-impact-level-FAIL.yaml |
+  | leveraged-authorization-has-valid-impact-level-PASS.yaml |
   | leveraged-authorization-nature-of-agreement-FAIL.yaml |
   | leveraged-authorization-nature-of-agreement-PASS.yaml |
   | marking-FAIL.yaml |
   | marking-PASS.yaml |
   | missing-response-components-FAIL.yaml |
   | missing-response-components-PASS.yaml |
+  | network-component-has-connection-security-prop-FAIL.yaml |
+  | network-component-has-connection-security-prop-PASS.yaml |
+  | network-component-has-implementation-point-FAIL.yaml |
+  | network-component-has-implementation-point-PASS.yaml |
+  | non-provider-responsible-role-references-user-FAIL.yaml |
+  | non-provider-responsible-role-references-user-PASS.yaml |
   | party-has-name-FAIL.yaml |
   | party-has-name-PASS.yaml |
   | privilege-level-FAIL.yaml |
@@ -382,16 +410,14 @@ Examples:
   | security-sensitivity-level-matches-security-impact-level-PASS.yaml |
   | unique-inventory-item-asset-id-FAIL.yaml |
   | unique-inventory-item-asset-id-PASS.yaml |
+  | used-by-link-references-component-FAIL.yaml |
+  | used-by-link-references-component-PASS.yaml |
   | user-authentication-FAIL.yaml |
   | user-authentication-PASS.yaml |
   | user-has-authorized-privilege-FAIL.yaml |
   | user-has-authorized-privilege-PASS.yaml |
-  | user-has-privilege-level-FAIL.yaml |
-  | user-has-privilege-level-PASS.yaml |
   | user-has-role-id-FAIL.yaml |
   | user-has-role-id-PASS.yaml |
-  | user-has-sensitivity-level-FAIL.yaml |
-  | user-has-sensitivity-level-PASS.yaml |
   | user-has-user-type-FAIL.yaml |
   | user-has-user-type-PASS.yaml |
   | user-privilege-level-FAIL.yaml |

diff --git a/features/steps/fedramp_extensions_steps.ts b/features/steps/fedramp_extensions_steps.ts
@@ -16,7 +16,7 @@ import { Exception, Log, Result } from "sarif";
 import { fileURLToPath } from "url";
 import { parseString } from "xml2js";
 import { promisify } from "util";
-import {formatSarifOutput,fedrampValidationOptions} from 'oscal'
+import {formatSarifOutput} from 'oscal'
 let executor: 'oscal-cli'|'oscal-server' = process.env.OSCAL_EXECUTOR as 'oscal-cli'|'oscal-server' || 'oscal-cli'
 const quiet = process.env.OSCAL_TEST_QUIET === 'true'
 
@@ -678,7 +678,8 @@ Then('I should have valid results {string}', async function (fileToValidate) {
     "src",
     "validations","constraints","content",fileToValidate
   );
-  const {isValid,log}=await validateDocument(fullPath,{quiet,...fedrampValidationOptions},executor);
+  const {isValid,log}=await validateDocument(fullPath,{quiet,
+    extensions:metaschemaDocuments.flatMap((x) => resolve(x))},executor);
   expect(isValid,formatSarifOutput(log)).to.be.true;
 });
 

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -28,7 +28,7 @@
     "inquirer": "^10.1.8",
     "js-yaml": "^4.1.0",
     "jsdom": "^25.0.0",
-    "oscal": "2.0.6",
+    "oscal": "2.0.7",
     "ts-node": "^10.9.2",
     "xml-formatter": "^3.6.3",
     "xml2js": "^0.6.2"

diff --git a/src/content/rev5/baselines/xml/FedRAMP_rev5_HIGH-baseline_profile.xml b/src/content/rev5/baselines/xml/FedRAMP_rev5_HIGH-baseline_profile.xml
@@ -12698,7 +12698,7 @@
 		<resource uuid="051a77c1-b61d-4995-8275-dacfe688d510">
 			<title>NIST Special Publication (SP) 800-53 revision 5</title>
 			<prop name="version" value="5.1.1"/>
-			<rlink media-type="application/oscal+xml" href="https://raw.githubusercontent.com/usnistgov/oscal-content/v1.2.0/nist.gov/SP800-53/rev5/xml/NIST_SP-800-53_rev5_catalog.xml"/>
+			<rlink media-type="application/oscal+xml" href="https://raw.githubusercontent.com/usnistgov/oscal-content/refs/tags/v1.3.0/nist.gov/SP800-53/rev5/xml/NIST_SP-800-53_rev5_catalog.xml"/>
 		</resource>
 	</back-matter>
 </profile>
diff --git a/src/content/rev5/baselines/xml/FedRAMP_rev5_LI-SaaS-baseline_profile.xml b/src/content/rev5/baselines/xml/FedRAMP_rev5_LI-SaaS-baseline_profile.xml
@@ -2958,7 +2958,7 @@
         <resource uuid="051a77c1-b61d-4995-8275-dacfe688d510">
             <title>NIST Special Publication (SP) 800-53 revision 5</title>
             <prop name="version" value="5.1.1"/>
-            <rlink media-type="application/oscal+xml" href="NIST_SP-800-53_rev5_catalog.xml"/>
+            <rlink media-type="application/oscal+xml" href="https://raw.githubusercontent.com/usnistgov/oscal-content/refs/tags/v1.3.0/nist.gov/SP800-53/rev5/xml/NIST_SP-800-53_rev5_catalog.xml"/>
         </resource>
     </back-matter>
 </profile>
diff --git a/src/content/rev5/baselines/xml/FedRAMP_rev5_LOW-baseline_profile.xml b/src/content/rev5/baselines/xml/FedRAMP_rev5_LOW-baseline_profile.xml
@@ -7259,7 +7259,7 @@
         <resource uuid="051a77c1-b61d-4995-8275-dacfe688d510">
             <title>NIST Special Publication (SP) 800-53 revision 5</title>
             <prop name="version" value="5.1.1"/>
-            <rlink media-type="application/oscal+xml" href="NIST_SP-800-53_rev5_catalog.xml"/>
+            <rlink media-type="application/oscal+xml" href="https://raw.githubusercontent.com/usnistgov/oscal-content/refs/tags/v1.3.0/nist.gov/SP800-53/rev5/xml/NIST_SP-800-53_rev5_catalog.xml"/>
         </resource>
     </back-matter>
 </profile>
diff --git a/src/content/rev5/baselines/xml/FedRAMP_rev5_MODERATE-baseline_profile.xml b/src/content/rev5/baselines/xml/FedRAMP_rev5_MODERATE-baseline_profile.xml
@@ -11217,7 +11217,7 @@
 		<resource uuid="051a77c1-b61d-4995-8275-dacfe688d510">
 			<title>NIST Special Publication (SP) 800-53 revision 5</title>
 			<prop name="version" value="5.1.1"/>
-			<rlink media-type="application/oscal+xml" href="https://raw.githubusercontent.com/usnistgov/oscal-content/v1.2.0/nist.gov/SP800-53/rev5/xml/NIST_SP-800-53_rev5_catalog.xml"/>
+			<rlink media-type="application/oscal+xml" href="https://raw.githubusercontent.com/usnistgov/oscal-content/refs/tags/v1.3.0/nist.gov/SP800-53/rev5/xml/NIST_SP-800-53_rev5_catalog.xml"/>
 		</resource>
 	</back-matter>
 </profile>