feat: updates content from FedRAMP Rev4 to Rev5

Updates FedRAMP submodule to the latest commit The location of the XSLT has changed from the repository to the OSCAL release so the NIST submodule was removed and the download_oscal_converters script was added BREAKING CHANGE: This drops support for Rev4 validation Signed-off-by: Jennifer Power <[email protected]> --------- Signed-off-by: Jennifer Power <[email protected]>
oscal-compass · Jan 24, 2024 · cb479c1 · cb479c1
1 parent bd89e71
commit cb479c1
Show file tree

Hide file tree

Showing 38 changed files with 202,635 additions and 154,068 deletions.
diff --git a/.gitmodules b/.gitmodules
@@ -1,6 +1,4 @@
-[submodule "nist-source"]
-	path = nist-source
-	url = https://github.com/usnistgov/OSCAL
 [submodule "fedramp-source"]
 	path = fedramp-source
 	url = https://github.com/GSA/fedramp-automation
+	branch = master
diff --git a/Makefile b/Makefile
@@ -14,6 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+OSCAL_RELEASE_TAG := "v1.0.6"
 
 submodules: 
 	git submodule update --init
@@ -70,17 +71,18 @@ mdformat:
 	pre-commit run mdformat --all-files
 
 
-fedramp-copy:
-	mkdir -p trestle_fedramp/resources/fedramp-source/content/baselines/rev4
-	cp -R fedramp-source/dist/content/baselines/rev4/xml trestle_fedramp/resources/fedramp-source/content/baselines/rev4/
+
+download_release_artifacts:
+	@./scripts/download_oscal_converters.sh $(OSCAL_RELEASE_TAG) trestle_fedramp/resources/nist-source/xml/convert/
+
+fedramp-copy: download_release_artifacts
+	mkdir -p trestle_fedramp/resources/fedramp-source/content/baselines/rev5
+	cp -R fedramp-source/dist/content/rev5/baselines/xml/ trestle_fedramp/resources/fedramp-source/content/baselines/rev5/
 	mkdir -p trestle_fedramp/resources/fedramp-source/content/resources
-	cp -R fedramp-source/dist/content/resources/xml trestle_fedramp/resources/fedramp-source/content/resources/
+	cp -R fedramp-source/dist/content/rev5/resources/xml/ trestle_fedramp/resources/fedramp-source/content/resources/
 	mkdir -p trestle_fedramp/resources/fedramp-source/vendor
-	cp ssp.xsl trestle_fedramp/resources/fedramp-source/
+	cp ssp.sch.xsl trestle_fedramp/resources/fedramp-source/ssp.xsl
 	cp fedramp-source/vendor/svrl2html.xsl trestle_fedramp/resources/fedramp-source/vendor/
-	mkdir -p trestle_fedramp/resources/nist-source/xml
-	cp -R nist-source/xml/convert trestle_fedramp/resources/nist-source/xml/
-	cp oscal_ssp_json-to-xml-converter-new.xsl trestle_fedramp/resources/nist-source/xml/convert/
 
 
 # POSIX ONLY

diff --git a/fedramp-source b/fedramp-source
diff --git a/nist-source b/nist-source
diff --git a/scripts/download_oscal_converters.sh b/scripts/download_oscal_converters.sh
@@ -0,0 +1,48 @@
+#!/bin/bash
+
+# Copyright (c) 2024 IBM Corp. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# download_oscal_converters.sh
+# Download OSCAL XML to JSON converters from the OSCAL GitHub repo
+
+
+if [ -z "$1" ]; then
+    echo "Please provide a tag name for the OSCAL release"
+    exit 1
+fi
+
+if [ -z "$2" ]; then
+    directory="oscal-converters"
+else
+    directory="$2"
+fi
+
+echo "Downloading OSCAL converters from release $1 to $directory"
+
+# Create the directory if it doesn't exist
+mkdir -p "$directory"
+pushd ./"$directory" || exit 1
+
+# Store the long command in another variable to make it easier to read
+oscal_release_url="https://api.github.com/repos/usnistgov/OSCAL/releases/tags/${1}"
+assets_url=$(curl -sL "$oscal_release_url" | jq -r '.assets[] | select(.name | test("oscal_.*_json-to-xml-converter.xsl")) | .browser_download_url')
+mapfile -t release_artifacts < <(echo "$assets_url")
+
+for asset_url in "${release_artifacts[@]}"; do \
+        echo "Downloading $asset_url..."; \
+        curl -sLJO "$asset_url"; \
+done
+
+popd || exit 1
diff --git a/ssp.xsl → ssp.sch.xsl b/ssp.xsl → ssp.sch.xsl
diff --git a/tests/test_utils.py b/tests/test_utils.py
@@ -17,9 +17,9 @@
 
 import pathlib
 
-JSON_FEDRAMP_SAR_PATH = pathlib.Path('fedramp-source/dist/content/templates/sar/json/').resolve()
+JSON_FEDRAMP_SAR_PATH = pathlib.Path('fedramp-source/dist/content/rev5/templates/sar/json/').resolve()
 JSON_FEDRAMP_SAR_NAME = 'FedRAMP-SAR-OSCAL-Template.json'
-JSON_FEDRAMP_SSP_PATH = pathlib.Path('fedramp-source/dist/content/templates/ssp/json/').resolve()
+JSON_FEDRAMP_SSP_PATH = pathlib.Path('fedramp-source/dist/content/rev5/templates/ssp/json/').resolve()
 JSON_FEDRAMP_SSP_NAME = 'FedRAMP-SSP-OSCAL-Template.json'
-XML_FEDRAMP_SSP_PATH = pathlib.Path('fedramp-source/dist/content/templates/ssp/xml/').resolve()
+XML_FEDRAMP_SSP_PATH = pathlib.Path('fedramp-source/dist/content/rev5/templates/ssp/xml/').resolve()
 XML_FEDRAMP_SSP_NAME = 'FedRAMP-SSP-OSCAL-Template.xml'
diff --git a/trestle_fedramp/const.py b/trestle_fedramp/const.py
@@ -16,7 +16,7 @@
 """Core constants module containing all constants."""
 
 # FedRAMP related files and directories
-FEDRAM_BASELINE = 'fedramp-source/content/baselines/rev4/xml'
+FEDRAM_BASELINE = 'fedramp-source/content/baselines/rev5/xml'
 FEDRAMP_REGISTRY = 'fedramp-source/content/resources/xml'
 FEDRAM__SVRL_XSL = 'fedramp-source/vendor/svrl2html.xsl'
 FEDRAMP_SSP_XSL = 'fedramp-source/ssp.xsl'