oscal 0.1.1 → 0.2.0

data/lib/oscal/assessment_result.rb

@@ -0,0 +1,230 @@
+require_relative "assembly"
+require_relative "metadata_block"
+require_relative "datatypes"
+
+module Oscal
+  module AssessmentResult
+    class Activity < Assembly
+      attr_accessor(*(MANDATORY = %i(uuid).freeze),
+                    *(OPTIONAL = %i(title description props links steps
+                                    related_controls responsible_roles
+                                    remarks).freeze))
+    end
+
+    class Attestations < Assembly
+      # TODO: Define this. Punting for the time being
+    end
+
+    class AssessmentAssets < Assembly
+      attr_accessor(*(MANDATORY = %i(assessment_platforms).freeze),
+                    *(OPTIONAL = %i(components).freeze))
+    end
+
+    class AssessmentLog
+      attr_accessor(*(MANDATORY = %i(entries).freeze))
+    end
+
+    class AssessmentPlatform < Assembly
+      # TODO: Define this. Punting for the time being
+    end
+
+    class AssessmentTask < Assembly
+      attr_accessor(*(MANDATORY = %i(uuid type title).freeze),
+                    *(OPTIONAL = %i(description props links timing dependencies
+                                    tasks associated_activities subjects
+                                    responsible_roles remarks).freeze))
+    end
+
+    class AssociatedActivity < Assembly
+      attr_accessor(*(MANDATORY = %i(activity_uuid subjects).freeze),
+                    *(OPTIONAL = %i(props links responsible_roles
+                                    remarks).freeze))
+    end
+
+    class AssociatedRisk < Assembly
+      attr_accessor(*(MANDATORY = %i(risk_uuid).freeze))
+    end
+
+    class Attestation < Assembly
+      # TODO: Define this. Punting for the time being
+    end
+
+    class Component < Assembly
+      # TODO: Define this. Punting for the time being
+    end
+
+    class ControlObjectiveSelection < Assembly
+      attr_accessor(*(OPTIONAL = %i(description props links include_all
+                                    include_objectives exclude_objectives
+                                    remarks).freeze))
+    end
+
+    class ControlSelection < Assembly
+      attr_accessor(*(OPTIONAL = %i(description props links include_all
+                                    include_controls exclude_controls
+                                    remarks).freeze))
+    end
+
+    class Entry < Assembly
+      # TODO: Define this. Punting for the time being
+    end
+
+    class ExcludeControl
+      # TODO: Define this. Punting for the time being
+      # NOTE: This has the same name as profile/exclude-control, but a different
+      # definition!
+    end
+
+    class ExcludeObjective < Assembly
+      attr_accessor(*(MANDATORY = %i(objective_id).freeze))
+    end
+
+    class Finding < Assembly
+      attr_accessor(*(MANDATORY = %i(uuid title description target).freeze),
+                    *(OPTIONAL = %i(implementation_statement_uuid
+                                    related_observations related_risks
+                                    remarks).freeze))
+    end
+
+    class ImportAP < Assembly
+      attr_accessor(*(MANDATORY = %i(href).freeze),
+                    *(OPTIONAL = %i(remarks).freeze))
+    end
+
+    class IncludeAll < Assembly
+      # This is an Assembly that acts like a flag - it has no no contents
+    end
+
+    class IncludeControl < Assembly
+      attr_accessor(*(MANDATORY = %i(control_id).freeze),
+                    *(OPTIONAL = %i(statement_ids).freeze))
+    end
+
+    class IncludeObjective < Assembly
+      attr_accessor(*(MANDATORY = %i(objective_id).freeze))
+    end
+
+    class InventoryItem < Assembly
+      # TODO: Define this. Punting for the time being
+    end
+
+    class LocalDefinitions < Assembly
+      # NOTE we deviate fromt the spec here! local-definitions is defined twice
+      # with different attributes. All attributes are optional, so we merge it
+      # into one big back of optional attributes
+      attr_accessor(*(OPTIONAL = %i(objectives_and_methods activities
+                                    remarks components inventory_items users
+                                    assesssment_assets tasks).freeze))
+    end
+
+    class ObjectivesAndMethods < Assembly
+      attr_accessor(*(MANDATORY = %i(control_id parts).freeze),
+                    *(OPTIONAL = %i(description props links remarks).freeze))
+    end
+
+    class Observation < Assembly
+      attr_accessor(*(MANDATORY = %i(uuid description methods collected).freeze),
+                    *(OPTIONAL = %i(title props links methods types origins
+                                    subjects relevent_evidence expires
+                                    remarks).freeze))
+    end
+
+    class RelatedControls < Assembly
+      attr_accessor(*(MANDATORY = %i(control_selections).freeze),
+                    *(OPTIONAL = %i(description props links
+                                    control_objective_selections
+                                    remarks).freeze))
+    end
+
+    class RelatedObservation < Assembly
+      attr_accessor(*(MANDATORY = %i(observation_uuid).freeze),
+                    *(OPTIONAL = %i().freeze))
+    end
+
+    class ResponsibleRole < Assembly
+      attr_accessor(*(MANDATORY = %i(role_id).freeze),
+                    *(OPTIONAL = %i(props links party_uuids remarks).freeze))
+    end
+
+    class Result < Assembly
+      attr_accessor(*(MANDATORY = %i(uuid title description start).freeze),
+                    *(OPTIONAL = %i(end props links local_definitions
+                                    reviewed_controls attestations
+                                    assessment_log observations risks findings
+                                    remarks).freeze))
+    end
+
+    class ReviewedControls < Assembly
+      attr_accessor(*(MANDATORY = %i(control_selections).freeze),
+                    *(OPTIONAL = %i(description props links
+                                    control_objective_selections
+                                    remarks).freeze))
+    end
+
+    class Risk < Assembly
+      attr_accessor(*(MANDATORY = %i(uuid title description statement
+                                     status).freeze),
+                    *(OPTIONAL = %i(propse links origins threat_ids
+                                    characterizations mitigating_factors
+                                    deadline remediations risk_log
+                                    related_observations).freeze))
+    end
+
+    class Status
+      # Status is defined twice, once as a datatype, once as an assembly
+      # this class figures out which is which
+      def initialize(input)
+        if input.instance_of? String
+          StatusString.new(input)
+        elsif input.instance_of? Hash
+          StatusAssembly.new(input)
+        else
+          raise Oscal::InvalidTypeError, "status must be a string or assembly"
+        end
+      end
+    end
+
+    class StatusString < TokenDataType
+    end
+
+    class StatusAssembly < Assembly
+      attr_accessor(*(MANDATORY = %i(state).freeze),
+                    *(OPTIONAL = %i(reason remarks).freeze))
+    end
+
+    class Step < Assembly
+      attr_accessor(*(MANDATORY = %i(uuid).freeze),
+                    *(OPTIONAL = %i(title description props links
+                                    reviewed_controls responsible_roles
+                                    remarks).freeze))
+    end
+
+    class Subject < Assembly
+      attr_accessor(*(OPTIONAL = %i(subject_uuid type
+                                    description props links include_all
+                                    include_subjects exclude_subjects
+                                    remarks).freeze))
+    end
+
+    class Target < Assembly
+      attr_accessor(*(MANDATORY = %i(type target_id status).freeze),
+                    *(OPTIONAL = %i(title description props links
+                                    implementation_status remarks).freeze))
+    end
+
+    class Task < Assembly
+      # TODO: Define this. Punting for the time being
+    end
+
+    class User < Assembly
+      # TODO: Define this. Punting for the time being
+    end
+
+    ##########################################
+
+    class AssessmentResult < Assembly
+      attr_accessor(*(MANDATORY = %i(uuid metadata import_ap results).freeze),
+                    *(OPTIONAL = %i(local_definitions back_matter).freeze))
+    end
+  end
+end

data/lib/oscal/attribute_type_hash.rb

@@ -0,0 +1,80 @@
+require_relative("datatypes")
+require_relative("list")
+
+module Oscal
+  ATTRIBUTE_TYPE_HASH = {
+    activities: AssessmentResult::ActivityArray,
+    activity_uuid: Uuid,
+    assessment_plan: AssessmentPlan::AssessmentPlan,
+    assessment_platforms: AssessmentResult::AssessmentPlatformArray,
+    assessment_results: AssessmentResult::AssessmentResult,
+    assessment_log: AssessmentResult::AssessmentLog,
+    associated_activities: AssessmentResult::AssociatedActivityArray,
+    attestations: AssessmentResult::AttestationArray,
+    collected: DateTimeWithTimezoneDataType,
+    components: AssessmentResult::ComponentArray,
+    control_id: TokenDataType,
+    control_objective_selections: AssessmentResult::ControlObjectiveSelectionArray,
+    control_selections: AssessmentResult::ControlSelectionArray,
+    description: MarkupMultilineDataType,
+    end: DateTimeWithTimezoneDataType,
+    entries: AssessmentResult::EntryArray,
+    exclude_controls: AssessmentResult::ExcludeControlArray,
+    exclude_objectives: AssessmentResult::ExcludeObjectiveArray,
+    expires: DateTimeWithTimezoneDataType,
+    findings: AssessmentResult::FindingArray,
+    href: UriReference,
+    implementation_statement_uuid: Uuid,
+    import_ap: AssessmentResult::ImportAP,
+    import_ssp: AssessmentPlan::ImportSSP,
+    include_all: AssessmentResult::IncludeAll,
+    include_controls: AssessmentResult::IncludeControlArray,
+    inventory_items: AssessmentResult::InventoryItemArray,
+    links: AssessmentResult::LinkArray,
+    local_definitions: AssessmentResult::LocalDefinitions,
+    metadata: MetadataBlockWrapper,
+    methods: AssessmentResult::MethodArray,
+    objective_id: TokenDataType,
+    objectives_and_methods: AssessmentResult::ObjectivesAndMethodsArray,
+    observations: AssessmentResult::ObservationArray,
+    observation_uuid: Uuid,
+    parts: AssessmentResult::PartArray,
+    party_uuids: AssessmentResult::PartyUuidArray,
+    props: AssessmentResult::PropArray,
+    related_controls: AssessmentResult::RelatedControls,
+    related_observations: AssessmentResult::RelatedObservationArray,
+    related_risks: AssessmentResult::RelatedRiskArray,
+    remarks: MarkupMultilineDataType,
+    responsible_roles: AssessmentResult::ResponsibleRoleArray,
+    results: AssessmentResult::ResultArray,
+    reviewed_controls: AssessmentResult::ReviewedControls,
+    risks: AssessmentResult::RiskArray,
+    risk_uuid: Uuid,
+    role_id: TokenDataType,
+    start: DateTimeWithTimezoneDataType,
+    state: TokenDataType,
+    status: AssessmentResult::Status,
+    statement: MarkupMultilineDataType,
+    statement_ids: AssessmentResult::StatementIdArray,
+    steps: AssessmentResult::StepArray,
+    subjects: AssessmentResult::SubjectArray,
+    subject_uuid: Uuid,
+    target: AssessmentResult::Target,
+    target_id: TokenDataType,
+    tasks: AssessmentResult::AssessmentTaskArray,
+    title: MarkupMultilineDataType,
+    type: TokenDataType,
+    types: AssessmentResult::TypeArray,
+    uuid: Uuid,
+    users: AssessmentResult::UserArray,
+  }.freeze
+
+  def self.get_type_of_attribute(attribute_name)
+    klass = Oscal::ATTRIBUTE_TYPE_HASH[attribute_name.to_sym]
+    if klass == nil
+      raise InvalidTypeError, "No type found for #{attribute_name}"
+    else
+      klass
+    end
+  end
+end

data/lib/oscal/back_matter.rb

@@ -5,11 +5,12 @@ module Oscal
     KEY = %i(resources)
 
     attr_accessor *KEY
+
     attr_serializable *KEY
 
     def set_value(key_name, val)
       case key_name
-      when 'resources'
+      when "resources"
         Resource.wrap(val)
       else
         val

data/lib/oscal/base64_object.rb

@@ -5,6 +5,7 @@ module Oscal
     KEY = %i(filename media_type value)
 
     attr_accessor *KEY
+
     attr_serializable *KEY
   end
 end

data/lib/oscal/base_class.rb

@@ -7,6 +7,7 @@ module Oscal
     KEY = %i(val)
 
     attr_accessor *KEY
+
     attr_serializable *KEY
 
     def self.wrap(obj)
@@ -23,16 +24,16 @@ module Oscal
       klass = self.class
 
       unless options.is_a? Hash
-        options = {klass::KEY.first.to_s => options}
+        options = { klass::KEY.first.to_s => options }
       end
 
       options.each_pair.each do |key, val|
         key_name = key.gsub("-", "_")
-        key_name = 'klass' if key == 'class'
+        key_name = "klass" if key == "class"
 
         unless klass::KEY.include?(key_name.to_sym)
           raise UnknownAttributeError.new(
-            "Unknown key `#{key}` in #{klass.name}"
+            "Unknown key `#{key}` in #{klass.name}",
           )
         end
 
@@ -42,7 +43,7 @@ module Oscal
       end
     end
 
-    def set_value(key_name, val)
+    def set_value(_key_name, val)
       val
     end
   end

data/lib/oscal/catalog.rb

@@ -9,6 +9,7 @@ module Oscal
 
     KEY = %i(uuid metadata params controls groups back_matter)
     attr_accessor *KEY
+
     attr_serializable *KEY
 
     def initialize(uuid, metadata, params, controls, groups, back_matter)
@@ -26,12 +27,12 @@ module Oscal
       yaml_data     = safe_load_yaml(path)
       yaml_catalog  = yaml_data["catalog"]
 
-      uuid          = yaml_catalog['uuid']
-      metadata      = yaml_catalog['metadata']
-      params        = yaml_catalog['params']
-      controls      = yaml_catalog['controls']
-      groups        = yaml_catalog['groups']
-      back_matter   = yaml_catalog['back-matter']
+      uuid          = yaml_catalog["uuid"]
+      metadata      = yaml_catalog["metadata"]
+      params        = yaml_catalog["params"]
+      controls      = yaml_catalog["controls"]
+      groups        = yaml_catalog["groups"]
+      back_matter   = yaml_catalog["back-matter"]
 
       Catalog.new(uuid, metadata, params, controls, groups, back_matter)
     end
@@ -42,7 +43,7 @@ module Oscal
     end
 
     def append_all_control_group(obj)
-      if obj.to_s.match(/Oscal::Control/)
+      if /Oscal::Control/.match?(obj.to_s)
         @all_controls << obj
       end
 

data/lib/oscal/choice.rb

@@ -5,6 +5,7 @@ module Oscal
     KEY = %i(val)
 
     attr_accessor *KEY
+
     attr_serializable *KEY
   end
 end

data/lib/oscal/citation.rb

@@ -5,13 +5,14 @@ module Oscal
     KEY = %i(text props links)
 
     attr_accessor *KEY
+
     attr_serializable *KEY
 
     def set_value(key_name, val)
       case key_name
-      when 'props'
+      when "props"
         Property.wrap(val)
-      when 'links'
+      when "links"
         Link.wrap(val)
       else
         val

data/lib/oscal/combine.rb

@@ -5,6 +5,7 @@ module Oscal
     KEY = %i(method)
 
     attr_accessor *KEY
+
     attr_serializable *KEY
   end
 end

data/lib/oscal/common_utils.rb

@@ -8,7 +8,7 @@ module Oscal
       res = nil
 
       obj.instance_variables.each do |ins_var|
-        val = obj.send(ins_var.to_s.delete('@').to_sym)
+        val = obj.send(ins_var.to_s.delete("@").to_sym)
 
         if val.is_a? Array
           val.each do |v|

data/lib/oscal/constraint.rb

@@ -5,11 +5,12 @@ module Oscal
     KEY = %i(description tests)
 
     attr_accessor *KEY
+
     attr_serializable *KEY
 
     def set_value(key_name, val)
       case key_name
-      when 'test'
+      when "test"
         Test.wrap(val)
       else
         val

data/lib/oscal/control.rb

@@ -5,19 +5,20 @@ module Oscal
     KEY = %i(id klass title params props links parts controls)
 
     attr_accessor *KEY
+
     attr_serializable *KEY
 
     def set_value(key_name, val)
       case key_name
-      when 'params'
+      when "params"
         Parameter.wrap(val)
-      when 'props'
+      when "props"
         Property.wrap(val)
-      when 'links'
+      when "links"
         Link.wrap(val)
-      when 'parts'
+      when "parts"
         Part.wrap(val)
-      when 'controls'
+      when "controls"
         Control.wrap(val)
       else
         val

data/lib/oscal/custom.rb

@@ -5,13 +5,14 @@ module Oscal
     KEY = %i(groups insert_controls)
 
     attr_accessor *KEY
+
     attr_serializable *KEY
 
     def set_value(key_name, val)
       case key_name
-      when 'groups'
+      when "groups"
         Group.wrap(val)
-      when 'insert_controls'
+      when "insert_controls"
         InsertControl.wrap(val)
       else
         val

data/lib/oscal/datatypes.rb

@@ -0,0 +1,50 @@
+module Oscal
+  class OscalDatatype < String
+    include ParsingLogger
+
+    def validate(value)
+      @logger.debug("validating against pattern #{self.class::PATTERN}")
+      unless self.class::PATTERN.match?(value)
+        raise Oscal::InvalidTypeError,
+              "#{value.to_s[0, 25]} does not match Pattern for #{self.class}"
+      end
+    end
+
+    def initialize(input)
+      super
+      @logger = get_logger
+      @logger.debug("#{self.class}.new called with #{input.to_s[0, 25]}")
+      validate(input) # Will raise an Error if invalid
+      @logger.debug("validation successful.")
+    end
+
+    def to_s
+      @value
+    end
+  end
+
+  class DateTimeWithTimezoneDataType < OscalDatatype
+    PATTERN = /(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\.[0-9]+)?(Z|(-((0[0-9]|1[0-2]):00|0[39]:30)|\+((0[0-9]|1[0-4]):00|(0[34569]|10):30|(0[58]|12):45)))/
+  end
+
+  class MarkupMultilineDataType < OscalDatatype
+    # Note that there are complex rules for MarkupMultilineDataType that we are ignoring
+    PATTERN = /.*/
+  end
+
+  class StringDataType < OscalDatatype
+    PATTERN = /\S(.*\S)?/
+  end
+
+  class TokenDataType < OscalDatatype
+    PATTERN = /(\p{L}|_)(\p{L}|\p{N}|[.\-_])*/
+  end
+
+  class UriReference < OscalDatatype
+    PATTERN = %r{^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\?([^#]*))?(#(.*))?}
+  end
+
+  class Uuid < OscalDatatype
+    PATTERN = /^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$/
+  end
+end

data/lib/oscal/document_id.rb

@@ -5,6 +5,7 @@ module Oscal
     KEY = %i(schema identifier)
 
     attr_accessor *KEY
+
     attr_serializable *KEY
   end
 end

data/lib/oscal/email_address.rb

@@ -5,6 +5,7 @@ module Oscal
     KEY = %i(val)
 
     attr_accessor *KEY
+
     attr_serializable *KEY
   end
 end

data/lib/oscal/exclude_control.rb

@@ -5,13 +5,14 @@ module Oscal
     KEY = %i(with_child_controls with_ids matching)
 
     attr_accessor *KEY
+
     attr_serializable *KEY
 
     def set_value(key_name, val)
       case key_name
-      when 'with_ids'
+      when "with_ids"
         WithId.wrap(val)
-      when 'matching'
+      when "matching"
         Matching.wrap(val)
       else
         val

data/lib/oscal/external_id.rb

@@ -5,6 +5,7 @@ module Oscal
     KEY = %i(schema id)
 
     attr_accessor *KEY
+
     attr_serializable *KEY
   end
 end

data/lib/oscal/group.rb

@@ -3,26 +3,27 @@ require_relative "base_class"
 module Oscal
   class Group < Oscal::BaseClass
     KEY = %i(id klass title params props links parts groups
-      controls insert_controls)
+             controls insert_controls)
 
     attr_accessor *KEY
+
     attr_serializable *KEY
 
     def set_value(key_name, val)
       case key_name
-      when 'params'
+      when "params"
         Parameter.wrap(val)
-      when 'props'
+      when "props"
         Property.wrap(val)
-      when 'links'
+      when "links"
         Link.wrap(val)
-      when 'parts'
+      when "parts"
         Part.wrap(val)
-      when 'groups'
+      when "groups"
         Group.wrap(val)
-      when 'controls'
+      when "controls"
         Control.wrap(val)
-      when 'insert_controls'
+      when "insert_controls"
         InsertControl.wrap(val)
       else
         val

data/lib/oscal/guideline.rb

@@ -5,6 +5,7 @@ module Oscal
     KEY = %i(prose)
 
     attr_accessor *KEY
+
     attr_serializable *KEY
   end
 end

data/lib/oscal/hash_object.rb

@@ -5,6 +5,7 @@ module Oscal
     KEY = %i(algorithm value)
 
     attr_accessor *KEY
+
     attr_serializable *KEY
   end
 end

data/lib/oscal/import_object.rb

@@ -5,13 +5,14 @@ module Oscal
     KEY = %i(href include_all include_controls exclude_controls)
 
     attr_accessor *KEY
+
     attr_serializable *KEY
 
     def set_value(key_name, val)
       case key_name
-      when 'include_controls'
+      when "include_controls"
         IncludeControl.wrap(val)
-      when 'exclude_controls'
+      when "exclude_controls"
         ExcludeControl.wrap(val)
       else
         val