Constraint for "asset-type" on implemented-components

Question

Constraint for "asset-type" on implemented-components

Rene2mt opened this issue a year ago · 1 comments

Describe the bug

CLI is generating validation errors if <prop name="asset-id" value="..." /> is not specified within the ``implemented-component, however the asset-id prop is already set in the containing inventory-item``` so this seems duplicative.

Who is the bug affecting?

FedRAMP

What is affected by this bug?

Generated SSPs might unnecessarily have large amounts of validation errors

When does this occur?

See /system-security-plan/system-implementation/inventory-item/implemented-component in the attached file. Error happens if ``implemented-componentdoesn't have a childasset-id``` prop

How do we replicate the issue?

Do this...run OSCAL-CLI v0.3.3 on the attached SSP template
See errors below
FedRAMP-SSP-OSCAL-Template.txt

[ERROR] [/system-security-plan/system-implementation[1]/inventory-item[1]/implemented-component[1]] The cardinality '0' is below the required minimum '1' for items matching the expression 'prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='asset-id']'.
[ERROR] [/system-security-plan/system-implementation[1]/inventory-item[3]/implemented-component[1]] The cardinality '0' is below the required minimum '1' for items matching the expression 'prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='asset-id']'.
[ERROR] [/system-security-plan/system-implementation[1]/inventory-item[4]/implemented-component[1]] The cardinality '0' is below the required minimum '1' for items matching the expression 'prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='asset-id']'.
[ERROR] [/system-security-plan/system-implementation[1]/inventory-item[5]/implemented-component[1]] The cardinality '0' is below the required minimum '1' for items matching the expression 'prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='asset-id']'.
[ERROR] [/system-security-plan/system-implementation[1]/inventory-item[6]/implemented-component[1]] The cardinality '0' is below the required minimum '1' for items matching the expression 'prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='asset-id']'.
[ERROR] [/system-security-plan/system-implementation[1]/inventory-item[7]/implemented-component[1]] The cardinality '0' is below the required minimum '1' for items matching the expression 'prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='asset-id']'.
[ERROR] [/system-security-plan/system-implementation[1]/inventory-item[8]/implemented-component[1]] The cardinality '0' is below the required minimum '1' for items matching the expression 'prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='asset-id']'.
[ERROR] [/system-security-plan/system-implementation[1]/inventory-item[9]/implemented-component[1]] The cardinality '0' is below the required minimum '1' for items matching the expression 'prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='asset-id']'.

If applicable, add screenshots to help explain your problem.}

Expected behavior (i.e. solution)

{A clear and concise description of what you expected to happen.}

Other Comments

{Add any other context about the problem here.}

Answer 1 · 2023-07-03T14:46:07.000Z

This will be resolved when usnistgov/OSCAL#1797 is completed in a tag release and the updated OSCAL models are updated in a release of liboscal-java.