Added support for OSCAL profile alter statements supporting `set-para…

…meter`, `add`, and `remove` functions. Refactored build to eliminate extraneous dependencies. Updated to latest OSCAL development build. Setup auto-service generation for OSCAL Metapath function extensions.
usnistgov · Aug 17, 2022 · 41a3188 · 41a3188
1 parent f61ccc3
commit 41a3188
Show file tree

Hide file tree

Showing 80 changed files with 3,300 additions and 1,201 deletions.
diff --git a/pom.xml b/pom.xml
diff --git a/spotbugs-exclude.xml b/spotbugs-exclude.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<FindBugsFilter
+	xmlns="https://github.com/spotbugs/filter/3.0.0"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="https://github.com/spotbugs/filter/3.0.0 https://raw.githubusercontent.com/spotbugs/spotbugs/3.1.0/spotbugs/etc/findbugsfilter.xsd">
+	<Match>
+		<Or>
+			<Package name="gov.nist.secauto.oscal.lib.model" />
+			<Package name="~gov\.nist\.secauto\.oscal\.lib\.model\..*" />
+		</Or>
+		<Or>
+			<Bug pattern="EI_EXPOSE_REP" />
+			<Bug pattern="EI_EXPOSE_REP2" />
+		</Or>
+	</Match>
+	<Match>
+		<Bug pattern="RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT" />
+	</Match>
+</FindBugsFilter>
diff --git a/src/main/java/gov/nist/secauto/oscal/lib/OscalBindingContext.java b/src/main/java/gov/nist/secauto/oscal/lib/OscalBindingContext.java
@@ -33,12 +33,11 @@
 import gov.nist.secauto.oscal.lib.model.AssessmentResults;
 import gov.nist.secauto.oscal.lib.model.Catalog;
 import gov.nist.secauto.oscal.lib.model.ComponentDefinition;
+import gov.nist.secauto.oscal.lib.model.MappingCollection;
 import gov.nist.secauto.oscal.lib.model.PlanOfActionAndMilestones;
 import gov.nist.secauto.oscal.lib.model.Profile;
 import gov.nist.secauto.oscal.lib.model.SystemSecurityPlan;
 
-import javax.annotation.Nonnull;
-
 import java.io.File;
 import java.io.IOException;
 import java.net.URISyntaxException;
@@ -48,14 +47,16 @@
 
 import javax.xml.namespace.QName;
 
+import edu.umd.cs.findbugs.annotations.NonNull;
+
 public class OscalBindingContext
     extends DefaultBindingContext {
-  @Nonnull
-  private static final OscalBindingContext INSTANCE = new OscalBindingContext();
+  @NonNull
+  private static final OscalBindingContext SINGLETON = new OscalBindingContext();
 
-  @Nonnull
+  @NonNull
   public static OscalBindingContext instance() {
-    return INSTANCE;
+    return SINGLETON;
   }
 
   /**
@@ -64,7 +65,7 @@ public static OscalBindingContext instance() {
    * @param constraintSets
    *          a set of additional constraints to apply
    */
-  public OscalBindingContext(@Nonnull Set<@Nonnull IConstraintSet> constraintSets) {
+  public OscalBindingContext(@NonNull Set<IConstraintSet> constraintSets) {
     super(constraintSets);
     registerBindingMatcher(new Matcher());
   }
@@ -76,115 +77,128 @@ protected OscalBindingContext() {
     registerBindingMatcher(new Matcher());
   }
 
-  @Nonnull
-  public Catalog loadCatalog(@Nonnull URL url) throws IOException, URISyntaxException {
+  @NonNull
+  public Catalog loadCatalog(@NonNull URL url) throws IOException, URISyntaxException {
     return newBoundLoader().load(Catalog.class, url);
   }
 
-  @Nonnull
-  public Catalog loadCatalog(@Nonnull Path path) throws IOException {
+  @NonNull
+  public Catalog loadCatalog(@NonNull Path path) throws IOException {
     return newBoundLoader().load(Catalog.class, path);
   }
 
-  @SuppressWarnings("null")
-  @Nonnull
-  public Catalog loadCatalog(@Nonnull File file) throws IOException {
-    return loadCatalog(file.toPath());
+  @NonNull
+  public Catalog loadCatalog(@NonNull File file) throws IOException {
+    return newBoundLoader().load(Catalog.class, file);
   }
 
-  @Nonnull
-  public Profile loadProfile(@Nonnull URL url) throws IOException, URISyntaxException {
+  @NonNull
+  public Profile loadProfile(@NonNull URL url) throws IOException, URISyntaxException {
     return newBoundLoader().load(Profile.class, url);
   }
 
-  @Nonnull
-  public Profile loadProfile(@Nonnull Path path) throws IOException {
+  @NonNull
+  public Profile loadProfile(@NonNull Path path) throws IOException {
     return newBoundLoader().load(Profile.class, path);
   }
 
-  @Nonnull
-  public Profile loadProfile(@Nonnull File file) throws IOException {
+  @NonNull
+  public Profile loadProfile(@NonNull File file) throws IOException {
     return newBoundLoader().load(Profile.class, file);
   }
 
-  @Nonnull
-  public SystemSecurityPlan loadSystemSecurityPlan(@Nonnull URL url) throws IOException, URISyntaxException {
+  @NonNull
+  public MappingCollection loadMapping(@NonNull URL url) throws IOException, URISyntaxException {
+    return newBoundLoader().load(MappingCollection.class, url);
+  }
+
+  @NonNull
+  public MappingCollection loadMapping(@NonNull Path path) throws IOException {
+    return newBoundLoader().load(MappingCollection.class, path);
+  }
+
+  @NonNull
+  public MappingCollection loadMapping(@NonNull File file) throws IOException {
+    return newBoundLoader().load(MappingCollection.class, file);
+  }
+
+  @NonNull
+  public SystemSecurityPlan loadSystemSecurityPlan(@NonNull URL url) throws IOException, URISyntaxException {
     return newBoundLoader().load(SystemSecurityPlan.class, url);
   }
 
-  @Nonnull
-  public SystemSecurityPlan loadSystemSecurityPlan(@Nonnull Path path) throws IOException {
+  @NonNull
+  public SystemSecurityPlan loadSystemSecurityPlan(@NonNull Path path) throws IOException {
     return newBoundLoader().load(SystemSecurityPlan.class, path);
   }
 
-  @Nonnull
-  public SystemSecurityPlan loadSystemSecurityPlan(@Nonnull File file) throws IOException {
+  @NonNull
+  public SystemSecurityPlan loadSystemSecurityPlan(@NonNull File file) throws IOException {
     return newBoundLoader().load(SystemSecurityPlan.class, file);
   }
 
-  @Nonnull
-  public ComponentDefinition loadComponentDefinition(@Nonnull URL url) throws IOException, URISyntaxException {
+  @NonNull
+  public ComponentDefinition loadComponentDefinition(@NonNull URL url) throws IOException, URISyntaxException {
     return newBoundLoader().load(ComponentDefinition.class, url);
   }
 
-  @Nonnull
-  public ComponentDefinition loadComponentDefinition(@Nonnull Path path) throws IOException {
+  @NonNull
+  public ComponentDefinition loadComponentDefinition(@NonNull Path path) throws IOException {
     return newBoundLoader().load(ComponentDefinition.class, path);
   }
 
-  @Nonnull
-  public ComponentDefinition loadComponentDefinition(@Nonnull File file) throws IOException {
+  @NonNull
+  public ComponentDefinition loadComponentDefinition(@NonNull File file) throws IOException {
     return newBoundLoader().load(ComponentDefinition.class, file);
   }
 
-  @Nonnull
-  public AssessmentPlan loadAssessmentPlan(@Nonnull URL url) throws IOException, URISyntaxException {
+  @NonNull
+  public AssessmentPlan loadAssessmentPlan(@NonNull URL url) throws IOException, URISyntaxException {
     return newBoundLoader().load(AssessmentPlan.class, url);
   }
 
-  @Nonnull
-  public AssessmentPlan loadAssessmentPlan(@Nonnull Path path) throws IOException {
+  @NonNull
+  public AssessmentPlan loadAssessmentPlan(@NonNull Path path) throws IOException {
     return newBoundLoader().load(AssessmentPlan.class, path);
   }
 
-  @Nonnull
-  public AssessmentPlan loadAssessmentPlan(@Nonnull File file) throws IOException {
+  @NonNull
+  public AssessmentPlan loadAssessmentPlan(@NonNull File file) throws IOException {
     return newBoundLoader().load(AssessmentPlan.class, file);
   }
 
-  @Nonnull
-  public AssessmentResults loadAssessmentResults(@Nonnull URL url) throws IOException, URISyntaxException {
+  @NonNull
+  public AssessmentResults loadAssessmentResults(@NonNull URL url) throws IOException, URISyntaxException {
     return newBoundLoader().load(AssessmentResults.class, url);
   }
 
-  @Nonnull
-  public AssessmentResults loadAssessmentResults(@Nonnull Path path) throws IOException {
+  @NonNull
+  public AssessmentResults loadAssessmentResults(@NonNull Path path) throws IOException {
     return newBoundLoader().load(AssessmentResults.class, path);
   }
 
-  @Nonnull
-  public AssessmentResults loadAssessmentResults(@Nonnull File file) throws IOException {
+  @NonNull
+  public AssessmentResults loadAssessmentResults(@NonNull File file) throws IOException {
     return newBoundLoader().load(AssessmentResults.class, file);
   }
 
-  @Nonnull
-  public PlanOfActionAndMilestones loadPlanOfActionAndMilestones(@Nonnull URL url)
+  @NonNull
+  public PlanOfActionAndMilestones loadPlanOfActionAndMilestones(@NonNull URL url)
       throws IOException, URISyntaxException {
     return newBoundLoader().load(PlanOfActionAndMilestones.class, url);
   }
 
-  @Nonnull
-  public PlanOfActionAndMilestones loadPlanOfActionAndMilestones(@Nonnull Path path) throws IOException {
+  @NonNull
+  public PlanOfActionAndMilestones loadPlanOfActionAndMilestones(@NonNull Path path) throws IOException {
     return newBoundLoader().load(PlanOfActionAndMilestones.class, path);
   }
 
-  @Nonnull
-  public PlanOfActionAndMilestones loadPlanOfActionAndMilestones(@Nonnull File file) throws IOException {
+  @NonNull
+  public PlanOfActionAndMilestones loadPlanOfActionAndMilestones(@NonNull File file) throws IOException {
     return newBoundLoader().load(PlanOfActionAndMilestones.class, file);
   }
 
-  private class Matcher implements IBindingMatcher {
-
+  private static class Matcher implements IBindingMatcher {
     @Override
     public Class<?> getBoundClassForXmlQName(QName startElementQName) {
       Class<?> clazz = null;
@@ -196,6 +210,9 @@ public Class<?> getBoundClassForXmlQName(QName startElementQName) {
         case "profile":
           clazz = Profile.class;
           break;
+        case "mapping-collection":
+          clazz = MappingCollection.class;
+          break;
         case "system-security-plan":
           clazz = SystemSecurityPlan.class;
           break;

diff --git a/src/main/java/gov/nist/secauto/oscal/lib/OscalUtils.java b/src/main/java/gov/nist/secauto/oscal/lib/OscalUtils.java
@@ -33,8 +33,7 @@
 import gov.nist.secauto.oscal.lib.model.BackMatter.Resource.Base64;
 import gov.nist.secauto.oscal.lib.model.BackMatter.Resource.Rlink;
 
-import javax.annotation.Nonnull;
-import org.jetbrains.annotations.Nullable;
+import edu.umd.cs.findbugs.annotations.Nullable;
 import org.xml.sax.EntityResolver;
 import org.xml.sax.InputSource;
 import org.xml.sax.SAXException;
@@ -47,6 +46,8 @@
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
+import edu.umd.cs.findbugs.annotations.NonNull;
+
 public final class OscalUtils {
   public static final String OSCAL_VERSION = "1.0.4";
   private static final Pattern INTERNAL_REFERENCE_FRAGMENT_PATTERN = Pattern.compile("^#(.+)$");
@@ -55,24 +56,41 @@ private OscalUtils() {
     // disable construction
   }
 
-  public static boolean isInternalReference(@Nonnull URI uri) {
+  public static boolean isInternalReference(@NonNull URI uri) {
     if (uri.isAbsolute()) {
-      return false;
+      return false; // NOPMD - readability
     }
 
     String schemeSpecificPart = uri.getSchemeSpecificPart();
     return uri.getScheme() == null && (schemeSpecificPart == null || schemeSpecificPart.isEmpty())
         && uri.getFragment() != null;
   }
 
-  @SuppressWarnings("null")
-  @Nonnull
-  public static String internalReferenceFragmentToId(@Nonnull URI fragment) throws IllegalArgumentException {
+  /**
+   * Get the id based on a URI's fragment.
+   * 
+   * @param fragment
+   *          the URI to extract the identifier from
+   * @return the identifier
+   * @throws IllegalArgumentException
+   *           if the fragment does not contain an identifier
+   */
+  @NonNull
+  public static String internalReferenceFragmentToId(@NonNull URI fragment) {
     return internalReferenceFragmentToId(fragment.toString());
   }
 
-  @Nonnull
-  public static String internalReferenceFragmentToId(@Nonnull String fragment) throws IllegalArgumentException {
+  /**
+   * Get the id based on a URI's fragment.
+   * 
+   * @param fragment
+   *          the URI to extract the identifier from
+   * @return the identifier
+   * @throws IllegalArgumentException
+   *           if the fragment does not contain an identifier
+   */
+  @NonNull
+  public static String internalReferenceFragmentToId(@NonNull String fragment) {
     Matcher matcher = INTERNAL_REFERENCE_FRAGMENT_PATTERN.matcher(fragment);
     String retval;
     if (matcher.matches()) {
@@ -84,12 +102,12 @@ public static String internalReferenceFragmentToId(@Nonnull String fragment) thr
     return retval;
   }
 
-  public static boolean hasBase64Data(@Nonnull Resource resource) {
+  public static boolean hasBase64Data(@NonNull Resource resource) {
     return resource.getBase64() != null;
   }
 
   @Nullable
-  public static ByteBuffer getBase64Data(@Nonnull Resource resource) {
+  public static ByteBuffer getBase64Data(@NonNull Resource resource) {
     Base64 base64 = resource.getBase64();
 
     ByteBuffer retval = null;
@@ -100,7 +118,7 @@ public static ByteBuffer getBase64Data(@Nonnull Resource resource) {
   }
 
   @Nullable
-  public static URI getResourceURI(@Nonnull Resource resource, @Nullable String preferredMediaType) {
+  public static URI getResourceURI(@NonNull Resource resource, @Nullable String preferredMediaType) {
     URI retval;
     if (hasBase64Data(resource)) {
       UUID uuid = resource.getUuid();
@@ -116,7 +134,7 @@ public static URI getResourceURI(@Nonnull Resource resource, @Nullable String pr
   }
 
   @Nullable
-  public static Rlink findMatchingRLink(@Nonnull Resource resource, @Nullable String preferredMediaType) {
+  public static Rlink findMatchingRLink(@NonNull Resource resource, @Nullable String preferredMediaType) {
     // find a suitable rlink reference
     List<Rlink> rlinks = resource.getRlinks();
 
@@ -136,7 +154,7 @@ public static Rlink findMatchingRLink(@Nonnull Resource resource, @Nullable Stri
   }
 
   @Nullable
-  public static InputSource newInputSource(@Nonnull Resource resource, @Nonnull EntityResolver resolver,
+  public static InputSource newInputSource(@NonNull Resource resource, @NonNull EntityResolver resolver,
       @Nullable String preferredMediaType) throws IOException {
     URI uri = getResourceURI(resource, null);
     if (uri == null) {