Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add iventory-item-or-component-has-virtual Constraint #1055

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Add iventory-item-or-component-has-virtual Constraint #1055

wants to merge 1 commit into from

Conversation

Gabeblis
Copy link
Contributor

Committer Notes

Purpose

This PR aims to add the iventory-item-or-component-has-virtual constraint which ensures that every inventory item, or it's linked component, is virtual or not by checking for the existence and value of the "virtual" prop.

Changes

Added constraint:

  • iventory-item-or-component-has-virtual

Added valid/invalid test content:

  • ssp-iventory-item-or-component-has-virtual-INVALID.xml
  • Edited fedramp-ssp-example.oscal.xml to align with constraint

Added yaml files for testing:

  • Pass/fail yaml tests added for each of the above constraints.

All Submissions:

By submitting a pull request, you are agreeing to provide this contribution under the CC0 1.0 Universal public domain dedication.

@Gabeblis Gabeblis self-assigned this Dec 31, 2024
@Gabeblis Gabeblis requested a review from a team as a code owner December 31, 2024 14:47
@Gabeblis Gabeblis linked an issue Dec 31, 2024 that may be closed by this pull request
Inventory - Virtual Asset #1027
Open
14 tasks
Rene2mt
Rene2mt requested changes Dec 31, 2024
View reviewed changes
src/validations/constraints/fedramp-external-constraints.xml Outdated
@@ -651,6 +651,11 @@
<prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/5-attachments/#system-inventory-approach"/>
<message>In a FedRAMP SSP, each inventory item MUST include the vendor name in the inventory item itself or within the linked component.</message>
</expect>
<expect id="iventory-item-or-component-has-virtual" target="." test="count(prop[@name='virtual']) = 1 or count(../component[@uuid=$component-uuid]/prop[@name='virtual']) = 1" level="ERROR">
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

BLOCKING: The constraint itself is fine / works as intended, but there's a minor typo in the constraint ID. Same goes for the content file, and unit tests.

Suggested change
<expect id="iventory-item-or-component-has-virtual" target="." test="count(prop[@name='virtual']) = 1 or count(../component[@uuid=$component-uuid]/prop[@name='virtual']) = 1" level="ERROR">
<expect id="inventory-item-or-component-has-virtual" target="." test="count(prop[@name='virtual']) = 1 or count(../component[@uuid=$component-uuid]/prop[@name='virtual']) = 1" level="ERROR">

features/fedramp_extensions.feature
Comment on lines +375 to 389
| iventory-item-or-component-has-virtual-FAIL.yaml |
| iventory-item-or-component-has-virtual-PASS.yaml |
| last-accessed-is-datetime-FAIL.yaml |
Copy link
Member

@Rene2mt Rene2mt Dec 31, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
| iventory-item-or-component-has-virtual-FAIL.yaml |
| iventory-item-or-component-has-virtual-PASS.yaml |
| last-accessed-is-datetime-FAIL.yaml |
| inventory-item-or-component-has-virtual-FAIL.yaml |
| inventory-item-or-component-has-virtual-PASS.yaml |
| last-accessed-is-datetime-FAIL.yaml |

src/validations/constraints/content/ssp-iventory-item-or-component-has-virtual-INVALID.xml Outdated
@@ -0,0 +1,12 @@
<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0" uuid="11111111-2222-4000-8000-000000000000">
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Recommend renaming file to "ssp-inventory-item-or-component-has-virtual-INVALID.xml"

src/validations/constraints/unit-tests/iventory-item-or-component-has-virtual-FAIL.yaml Outdated
Comment on lines 1 to 9
test-case:
name: Negative Test for iventory-item-or-component-has-virtual
description: >-
This test case validates the behavior of constraint
iventory-item-or-component-has-virtual
content: ../content/ssp-iventory-item-or-component-has-virtual-INVALID.xml
expectations:
- constraint-id: iventory-item-or-component-has-virtual
result: fail
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

recommend renaming file to "inventory-item-or-component-has-virtual-FAIL.yaml", and making the following changes:

Suggested change
test-case:
name: Negative Test for iventory-item-or-component-has-virtual
description: >-
This test case validates the behavior of constraint
iventory-item-or-component-has-virtual
content: ../content/ssp-iventory-item-or-component-has-virtual-INVALID.xml
expectations:
- constraint-id: iventory-item-or-component-has-virtual
result: fail
name: Negative Test for inventory-item-or-component-has-virtual
description: >-
This test case validates the behavior of constraint
inventory-item-or-component-has-virtual
content: ../content/ssp-inventory-item-or-component-has-virtual-INVALID.xml
expectations:
- constraint-id: inventory-item-or-component-has-virtual
result: fail

src/validations/constraints/unit-tests/iventory-item-or-component-has-virtual-PASS.yaml Outdated
Comment on lines 1 to 9
test-case:
name: Positive Test for iventory-item-or-component-has-virtual
description: >-
This test case validates the behavior of constraint
iventory-item-or-component-has-virtual
content: ../../../content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml
expectations:
- constraint-id: iventory-item-or-component-has-virtual
result: pass
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Recommend renaming file to "inventory-item-or-component-has-virtual-PASS.yaml" and making the following changes:

Suggested change
test-case:
name: Positive Test for iventory-item-or-component-has-virtual
description: >-
This test case validates the behavior of constraint
iventory-item-or-component-has-virtual
content: ../../../content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml
expectations:
- constraint-id: iventory-item-or-component-has-virtual
result: pass
test-case:
name: Positive Test for inventory-item-or-component-has-virtual
description: >-
This test case validates the behavior of constraint
inventory-item-or-component-has-virtual
content: ../../../content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml
expectations:
- constraint-id: inventory-item-or-component-has-virtual
result: pass

@Gabeblis Gabeblis force-pushed the constraints/issue-1027 branch from 4850875 to be0c369 Compare January 6, 2025 12:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Rene2mt Rene2mt Rene2mt requested changes

Requested changes must be addressed to merge this pull request.

Assignees

@Gabeblis Gabeblis

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Inventory - Virtual Asset
2 participants
@Gabeblis @Rene2mt