feat: updates content and git submodule for FedRAMP Rev5 validation (#22

) * feat: updates content from FedRAMP Rev4 to Rev5 Updates FedRAMP submodule to the latest commit The location of the XSLT has changed from the repository to the OSCAL release so the NIST submodule was removed and the download_oscal_converters script was added BREAKING CHANGE: This drops support for Rev4 validation Signed-off-by: Jennifer Power <[email protected]> --------- Signed-off-by: Jennifer Power <[email protected]> * test: adds assertions to validate command unit tests Signed-off-by: Jennifer Power <[email protected]> --------- Signed-off-by: Jennifer Power <[email protected]>
oscal-compass · Feb 8, 2024 · d09c742 · d09c742
1 parent 3c8ed8c
commit d09c742
Show file tree

Hide file tree

Showing 39 changed files with 202,656 additions and 154,072 deletions.
diff --git a/.gitmodules b/.gitmodules
@@ -1,6 +1,4 @@
-[submodule "nist-source"]
-	path = nist-source
-	url = https://github.com/usnistgov/OSCAL
 [submodule "fedramp-source"]
 	path = fedramp-source
 	url = https://github.com/GSA/fedramp-automation
+	branch = master
diff --git a/Makefile b/Makefile
@@ -14,6 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+OSCAL_RELEASE_TAG := "v1.0.6"
 
 submodules: 
 	git submodule update --init
@@ -70,17 +71,18 @@ mdformat:
 	pre-commit run mdformat --all-files
 
 
-fedramp-copy:
-	mkdir -p trestle_fedramp/resources/fedramp-source/content/baselines/rev4
-	cp -R fedramp-source/dist/content/baselines/rev4/xml trestle_fedramp/resources/fedramp-source/content/baselines/rev4/
+
+download_release_artifacts:
+	@./scripts/download_oscal_converters.sh $(OSCAL_RELEASE_TAG) trestle_fedramp/resources/nist-source/xml/convert/
+
+fedramp-copy: download_release_artifacts
+	mkdir -p trestle_fedramp/resources/fedramp-source/content/baselines/rev5
+	cp -R fedramp-source/dist/content/rev5/baselines/xml/ trestle_fedramp/resources/fedramp-source/content/baselines/rev5/
 	mkdir -p trestle_fedramp/resources/fedramp-source/content/resources
-	cp -R fedramp-source/dist/content/resources/xml trestle_fedramp/resources/fedramp-source/content/resources/
+	cp -R fedramp-source/dist/content/rev5/resources/xml/ trestle_fedramp/resources/fedramp-source/content/resources/
 	mkdir -p trestle_fedramp/resources/fedramp-source/vendor
-	cp ssp.xsl trestle_fedramp/resources/fedramp-source/
+	cp ssp.sch.xsl trestle_fedramp/resources/fedramp-source/ssp.xsl
 	cp fedramp-source/vendor/svrl2html.xsl trestle_fedramp/resources/fedramp-source/vendor/
-	mkdir -p trestle_fedramp/resources/nist-source/xml
-	cp -R nist-source/xml/convert trestle_fedramp/resources/nist-source/xml/
-	cp oscal_ssp_json-to-xml-converter-new.xsl trestle_fedramp/resources/nist-source/xml/convert/
 
 
 # POSIX ONLY

diff --git a/fedramp-source b/fedramp-source
diff --git a/nist-source b/nist-source
diff --git a/scripts/download_oscal_converters.sh b/scripts/download_oscal_converters.sh
@@ -0,0 +1,48 @@
+#!/bin/bash
+
+# Copyright (c) 2024 IBM Corp. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# download_oscal_converters.sh
+# Download OSCAL XML to JSON converters from the OSCAL GitHub repo
+
+
+if [ -z "$1" ]; then
+    echo "Please provide a tag name for the OSCAL release"
+    exit 1
+fi
+
+if [ -z "$2" ]; then
+    directory="oscal-converters"
+else
+    directory="$2"
+fi
+
+echo "Downloading OSCAL converters from release $1 to $directory"
+
+# Create the directory if it doesn't exist
+mkdir -p "$directory"
+pushd ./"$directory" || exit 1
+
+# Store the long command in another variable to make it easier to read
+oscal_release_url="https://api.github.com/repos/usnistgov/OSCAL/releases/tags/${1}"
+assets_url=$(curl -sL "$oscal_release_url" | jq -r '.assets[] | select(.name | test("oscal_.*_json-to-xml-converter.xsl")) | .browser_download_url')
+mapfile -t release_artifacts < <(echo "$assets_url")
+
+for asset_url in "${release_artifacts[@]}"; do \
+        echo "Downloading $asset_url..."; \
+        curl -sLJO "$asset_url"; \
+done
+
+popd || exit 1
diff --git a/ssp.xsl → ssp.sch.xsl b/ssp.xsl → ssp.sch.xsl
diff --git a/tests/test_utils.py b/tests/test_utils.py
@@ -17,9 +17,9 @@
 
 import pathlib
 
-JSON_FEDRAMP_SAR_PATH = pathlib.Path('fedramp-source/dist/content/templates/sar/json/').resolve()
+JSON_FEDRAMP_SAR_PATH = pathlib.Path('fedramp-source/dist/content/rev5/templates/sar/json/').resolve()
 JSON_FEDRAMP_SAR_NAME = 'FedRAMP-SAR-OSCAL-Template.json'
-JSON_FEDRAMP_SSP_PATH = pathlib.Path('fedramp-source/dist/content/templates/ssp/json/').resolve()
+JSON_FEDRAMP_SSP_PATH = pathlib.Path('fedramp-source/dist/content/rev5/templates/ssp/json/').resolve()
 JSON_FEDRAMP_SSP_NAME = 'FedRAMP-SSP-OSCAL-Template.json'
-XML_FEDRAMP_SSP_PATH = pathlib.Path('fedramp-source/dist/content/templates/ssp/xml/').resolve()
+XML_FEDRAMP_SSP_PATH = pathlib.Path('fedramp-source/dist/content/rev5/templates/ssp/xml/').resolve()
 XML_FEDRAMP_SSP_NAME = 'FedRAMP-SSP-OSCAL-Template.xml'
diff --git a/tests/trestle_fedramp/commands/validate_test.py b/tests/trestle_fedramp/commands/validate_test.py
@@ -16,12 +16,17 @@
 """Testing fedramp validation command functionality."""
 
 import argparse
+import logging
 import pathlib
+from typing import Any
 
 from tests import test_utils
 
 from trestle_fedramp.commands.validate import ValidateCmd
 
+xml_report = 'fedramp-validation-report.xml'
+html_report = 'fedramp-validation-report.html'
+
 
 def test_validate_ssp(tmp_path: pathlib.Path, tmp_trestle_dir: pathlib.Path) -> None:
     """Test Fedramp SSP validation command."""
@@ -30,23 +35,35 @@ def test_validate_ssp(tmp_path: pathlib.Path, tmp_trestle_dir: pathlib.Path) ->
     rc = ValidateCmd()._run(args)
     assert rc != 0
 
+    assert (tmp_path / xml_report).exists()
+    assert (tmp_path / html_report).exists()
+
+
+def test_validate_ssp_unsupported_format(tmp_path: pathlib.Path, tmp_trestle_dir: pathlib.Path, caplog: Any) -> None:
+    """Test Fedramp SSP validation command with unsupported format."""
     file_path = pathlib.Path(test_utils.XML_FEDRAMP_SSP_PATH) / test_utils.XML_FEDRAMP_SSP_NAME
     args = argparse.Namespace(file=str(file_path), output_dir=str(tmp_path), trestle_root=tmp_trestle_dir, verbose=1)
     rc = ValidateCmd()._run(args)
     assert rc != 0
 
+    expected_message = 'Unsupported file extension .xml'
+    assert any(record.levelno == logging.ERROR and expected_message in record.message for record in caplog.records)
+
 
-def test_validate_wrong_model(tmp_path: pathlib.Path, tmp_trestle_dir: pathlib.Path) -> None:
+def test_validate_wrong_model(tmp_path: pathlib.Path, tmp_trestle_dir: pathlib.Path, caplog: Any) -> None:
     """Test fails with wrong model file."""
     file_path = pathlib.Path(test_utils.JSON_FEDRAMP_SAR_PATH) / test_utils.JSON_FEDRAMP_SAR_NAME
     args = argparse.Namespace(file=str(file_path), output_dir=str(tmp_path), trestle_root=tmp_trestle_dir, verbose=1)
     rc = ValidateCmd()._run(args)
     assert rc != 0
 
+    expected_message = 'Validation for assessment-results is not supported'
+    assert any(record.levelno == logging.WARNING and expected_message in record.message for record in caplog.records)
 
-def test_validate_invalid_trestle_root(tmp_path: pathlib.Path, tmp_trestle_dir: pathlib.Path) -> None:
-    """Test fails with wrong model file."""
-    file_path = pathlib.Path(test_utils.JSON_FEDRAMP_SAR_PATH) / test_utils.JSON_FEDRAMP_SAR_NAME
+
+def test_validate_invalid_trestle_root(tmp_path: pathlib.Path, tmp_trestle_dir: pathlib.Path, caplog: Any) -> None:
+    """Test fails with an invalid trestle root."""
+    file_path = pathlib.Path(test_utils.JSON_FEDRAMP_SSP_PATH) / test_utils.JSON_FEDRAMP_SSP_NAME
     args = argparse.Namespace(file=str(file_path), output_dir=str(tmp_path), trestle_root=tmp_path, verbose=1)
     rc = ValidateCmd()._run(args)
     assert rc != 0
diff --git a/trestle_fedramp/const.py b/trestle_fedramp/const.py
@@ -16,7 +16,7 @@
 """Core constants module containing all constants."""
 
 # FedRAMP related files and directories
-FEDRAM_BASELINE = 'fedramp-source/content/baselines/rev4/xml'
+FEDRAM_BASELINE = 'fedramp-source/content/baselines/rev5/xml'
 FEDRAMP_REGISTRY = 'fedramp-source/content/resources/xml'
 FEDRAM__SVRL_XSL = 'fedramp-source/vendor/svrl2html.xsl'
 FEDRAMP_SSP_XSL = 'fedramp-source/ssp.xsl'