Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Profile resolution does not maintain parties and related nodes #17

Closed
Tracked by #1282
david-waltermire opened this issue May 10, 2022 · 1 comment · Fixed by #36
Closed
Tracked by #1282

Profile resolution does not maintain parties and related nodes #17

david-waltermire opened this issue May 10, 2022 · 1 comment · Fixed by #36
Assignees
@david-waltermire
Labels
bug Something isn't working
Milestone
v1.0.4 Release

Comments

@david-waltermire
Copy link
Collaborator

david-waltermire commented May 10, 2022
edited
Loading

Describe the bug

Profile resolution does not maintain parties and related nodes.

Who is the bug affecting?

Users with profiles with role or party or responsible-party nodes.

What is affected by this bug?

Resolved profiles do not include role or party or responsible-party information.

When does this occur?

On profile resolution.

How do we replicate the issue?

Resolve the below profile, modified from \src\specifications\profile-resolution\profile-resolution-examples\base-test_profile.xml.

Given:

<?xml version="1.0" encoding="UTF-8"?>
<?xml-model href="../example-checkup.sch" type="application/xml" schematypens="http://purl.oclc.org/dsdl/schematron"?>
<!-- Modified by conversion XSLT 2021-04-05T11:22:07.701-04:00 - RC2 OSCAL becomes RC3 OSCAL -->
<profile xmlns="http://csrc.nist.gov/ns/oscal/1.0"
         uuid="cb1ec926-3441-458f-8cce-ea11308c9d37">
   <metadata>
      <title>Test Profile</title>
      <last-modified>2020-05-30T14:39:35.84-04:00</last-modified>
      <version>1.0</version>
      <oscal-version>1.0.0</oscal-version>
      <role id="creator">
         <title>Document Creator</title>
      </role>
      <role id="contact">
         <title>Contact</title>
      </role>
      <party uuid="c748c806-1d77-4695-bb40-e117b2afa82e" type="organization">
         <name>Joint Task Force, Transformation Initiative</name>
         <email-address>sec-cert@nist.gov</email-address>
         <address>
            <addr-line>National Institute of Standards and Technology</addr-line>
            <addr-line>Attn: Computer Security Division</addr-line>
            <addr-line>Information Technology Laboratory</addr-line>
            <addr-line>100 Bureau Drive (Mail Stop 8930)</addr-line>
            <city>Gaithersburg</city>
            <state>MD</state>
            <postal-code>20899-8930</postal-code>
         </address>
      </party>
      <responsible-party role-id="creator">
         <party-uuid>c748c806-1d77-4695-bb40-e117b2afa82e</party-uuid>
      </responsible-party>
      <responsible-party role-id="contact">
         <party-uuid>c748c806-1d77-4695-bb40-e117b2afa82e</party-uuid>
      </responsible-party>
   </metadata>
   <import href="catalogs/abc-simple_catalog.xml">
      <include-controls with-child-controls="yes">
         <with-id>a1</with-id>
         <with-id>b1</with-id>
         <with-id>c1</with-id>
         <with-id>c3</with-id>
      </include-controls>
   </import>
</profile>

Actual:

<?xml version='1.0' encoding='UTF-8'?>
<catalog xmlns="http://csrc.nist.gov/ns/oscal/1.0" uuid="70cf716e-8e35-456c-b87e-757ca1f2140f">
  <metadata>
    <title>Test Profile</title>
    <last-modified>2022-05-10T11:54:33.6670243Z</last-modified>
    <version>1.0</version>
    <oscal-version>1.0.0</oscal-version>
    <prop name="resolution-tool" value="libOSCAL-Java"/>
    <link href="file:/***/base-test_profile.xml" rel="source-profile"/>
  </metadata>
  <control id="a1">
    <title>Control A1</title>
    <prop name="label" value="first"/>
    <part id="a1-stmt" name="statement">
      <p>A1 aaaaa aaaaaaaaaa</p>
    </part>
  </control>
  <control id="b1">
    <title>Control B1</title>
    <prop name="label" value="fourth"/>
    <part id="b1-stmt" name="statement">
      <p>B1 bbbb bbbbbbb.</p>
    </part>
  </control>
  <control id="c1">
    <title>Control C1</title>
    <prop name="label" value="seventh"/>
    <part id="c1-stmt" name="statement">
      <p>C1 ccccc ccc ccccccccccccccccc.</p>
    </part>
  </control>
  <control id="c3">
    <title>Control C3</title>
    <prop name="label" value="ninth"/>
    <part id="c3-stmt" name="statement">
      <p>C3 ccccc cccccccccccccc.</p>
    </part>
  </control>
  <control id="c3.a">
    <title>Control C3-A</title>
    <prop name="label" value="tenth"/>
    <part id="c3-stmt" name="statement">
      <p>C3 A ccccc cccccccccccccc.</p>
    </part>
  </control>
  <control id="c3.a-1">
    <title>Control C3-A-1</title>
    <prop name="label" value="eleventh"/>
    <part id="c3-stmt" name="statement">
      <p>C3 A-1 ccccc cccccccccccccc.</p>
    </part>
  </control>
</catalog>

Expected behavior (i.e. solution)

<?xml version='1.0' encoding='UTF-8'?>
<catalog xmlns="http://csrc.nist.gov/ns/oscal/1.0" uuid="70cf716e-8e35-456c-b87e-757ca1f2140f">
  <metadata>
    <title>Test Profile</title>
    <last-modified>2022-05-10T11:54:33.6670243Z</last-modified>
    <version>1.0</version>
    <oscal-version>1.0.0</oscal-version>
    <prop name="resolution-tool" value="libOSCAL-Java"/>
    <link href="file:/***/base-test_profile.xml" rel="source-profile"/>
          <role id="creator">
         <title>Document Creator</title>
      </role>
      <role id="contact">
         <title>Contact</title>
      </role>
      <party uuid="c748c806-1d77-4695-bb40-e117b2afa82e" type="organization">
         <name>Joint Task Force, Transformation Initiative</name>
         <email-address>sec-cert@nist.gov</email-address>
         <address>
            <addr-line>National Institute of Standards and Technology</addr-line>
            <addr-line>Attn: Computer Security Division</addr-line>
            <addr-line>Information Technology Laboratory</addr-line>
            <addr-line>100 Bureau Drive (Mail Stop 8930)</addr-line>
            <city>Gaithersburg</city>
            <state>MD</state>
            <postal-code>20899-8930</postal-code>
         </address>
      </party>
      <responsible-party role-id="creator">
         <party-uuid>c748c806-1d77-4695-bb40-e117b2afa82e</party-uuid>
      </responsible-party>
      <responsible-party role-id="contact">
         <party-uuid>c748c806-1d77-4695-bb40-e117b2afa82e</party-uuid>
      </responsible-party>
  </metadata>
  <control id="a1">
    <title>Control A1</title>
    <prop name="label" value="first"/>
    <part id="a1-stmt" name="statement">
      <p>A1 aaaaa aaaaaaaaaa</p>
    </part>
  </control>
  <control id="b1">
    <title>Control B1</title>
    <prop name="label" value="fourth"/>
    <part id="b1-stmt" name="statement">
      <p>B1 bbbb bbbbbbb.</p>
    </part>
  </control>
  <control id="c1">
    <title>Control C1</title>
    <prop name="label" value="seventh"/>
    <part id="c1-stmt" name="statement">
      <p>C1 ccccc ccc ccccccccccccccccc.</p>
    </part>
  </control>
  <control id="c3">
    <title>Control C3</title>
    <prop name="label" value="ninth"/>
    <part id="c3-stmt" name="statement">
      <p>C3 ccccc cccccccccccccc.</p>
    </part>
  </control>
  <control id="c3.a">
    <title>Control C3-A</title>
    <prop name="label" value="tenth"/>
    <part id="c3-stmt" name="statement">
      <p>C3 A ccccc cccccccccccccc.</p>
    </part>
  </control>
  <control id="c3.a-1">
    <title>Control C3-A-1</title>
    <prop name="label" value="eleventh"/>
    <part id="c3-stmt" name="statement">
      <p>C3 A-1 ccccc cccccccccccccc.</p>
    </part>
  </control>
</catalog>

Other Comments

None
@david-waltermire david-waltermire added the bug Something isn't working label May 10, 2022
@david-waltermire david-waltermire self-assigned this May 10, 2022
@david-waltermire david-waltermire added this to the v1.0.3 Release milestone May 10, 2022
@david-waltermire david-waltermire mentioned this issue May 20, 2022
Closed
12 tasks
@david-waltermire
Copy link
Collaborator Author

According to the current Profile resolution specification, this behavior is not defined. Using the property metadata/prop[@name="source-profile"], it should be possible to access the original profile to get this information.

After reviewing this issue, it looks like the profile resolver is following the specification and this is not a defect.

@david-waltermire david-waltermire linked a pull request Jun 23, 2022 that will close this issue
Refactor profile resolver #36
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@david-waltermire david-waltermire

Labels
bug Something isn't working
Projects
None yet
Milestone
v1.0.4 Release
Development

Successfully merging a pull request may close this issue.

Refactor profile resolver david-waltermire/liboscal-java
1 participant
@david-waltermire