Add 'inventory-item-or-component-has-virtual' constraint and tests (#…

…1055)
GSA · Jan 14, 2025 · 2b00ff6 · 2b00ff6
1 parent 35fe9a3
commit 2b00ff6
Show file tree

Hide file tree

Showing 5 changed files with 43 additions and 5 deletions.
diff --git a/features/fedramp_extensions.feature b/features/fedramp_extensions.feature
@@ -131,6 +131,7 @@ Examples:
   | inventory-item-has-valid-mac-address |
   | inventory-item-has-vendor-name |
   | inventory-item-or-component-has-asset-id |
+  | inventory-item-or-component-has-virtual |
   | inventory-item-public |
   | inventory-item-virtual |
   | last-accessed-is-datetime |
@@ -408,6 +409,8 @@ Examples:
   | inventory-item-public-PASS.yaml |
   | inventory-item-virtual-FAIL.yaml |
   | inventory-item-virtual-PASS.yaml |
+  | iventory-item-or-component-has-virtual-FAIL.yaml |
+  | iventory-item-or-component-has-virtual-PASS.yaml |
   | last-accessed-is-datetime-FAIL.yaml |
   | last-accessed-is-datetime-PASS.yaml |
   | leveraged-authorization-has-authorization-type-FAIL.yaml |

diff --git a/src/validations/constraints/content/ssp-inventory-item-or-component-has-virtual-INVALID.xml b/src/validations/constraints/content/ssp-inventory-item-or-component-has-virtual-INVALID.xml
@@ -0,0 +1,12 @@
+<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0" uuid="11111111-2222-4000-8000-000000000000">
+  <system-implementation>
+    <component uuid="11111111-2222-4000-8000-009000000007" type="process-procedure">
+      <!-- <prop name="virtual" value="no"/> The linked component is missing the "virtual" prop.-->
+    </component>
+    <inventory-item uuid="11111111-2222-4000-8000-011000000001">
+      <!-- <prop name="virtual" value="no"/> Iventory item itself is missing the "virtual" prop.-->
+      <implemented-component component-uuid="11111111-2222-4000-8000-009000000007">
+      </implemented-component>
+    </inventory-item>
+  </system-implementation>
+</system-security-plan>
diff --git a/src/validations/constraints/fedramp-external-constraints.xml b/src/validations/constraints/fedramp-external-constraints.xml
@@ -719,11 +719,16 @@
                 <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/5-attachments/#system-inventory-approach"/>
                 <message>In a FedRAMP SSP, each inventory item MUST include the vendor name in the inventory item itself or within the linked component.</message>
             </expect>
-<expect id="scan-type-has-remarks" target="..//prop[@name='scan-type' and @ns='http://fedramp.gov/ns/oscal' and @value=('other','not-applicable')]" test="exists(remarks)" level="ERROR">
-    <formal-name>Scan Type Has Remarks</formal-name>
-    <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/5-attachments/#system-inventory-approach"/>
-    <message>When scan-type is 'other' or 'not-applicable', remarks MUST be provided to explain the selection.</message>
-</expect>
+            <expect id="inventory-item-or-component-has-virtual" target="." test="count(prop[@name='virtual']) = 1 or count(../component[@uuid=$component-uuid]/prop[@name='virtual']) = 1" level="ERROR">
+                <formal-name>Inventory Item or Component Has Virtual</formal-name>
+                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/5-attachments/#system-inventory-approach"/>
+                <message>In a FedRAMP SSP, each inventory item MUST state if it is virtual in the inventory item itself or the linked component.</message>
+            </expect>
+            <expect id="scan-type-has-remarks" target="..//prop[@name='scan-type' and @ns='http://fedramp.gov/ns/oscal' and @value=('other','not-applicable')]" test="exists(remarks)" level="ERROR">
+                <formal-name>Scan Type Has Remarks</formal-name>
+                <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/5-attachments/#system-inventory-approach"/>
+                <message>When scan-type is 'other' or 'not-applicable', remarks MUST be provided to explain the selection.</message>
+            </expect>
         </constraints>
     </context>
 

diff --git a/src/validations/constraints/unit-tests/iventory-item-or-component-has-virtual-FAIL.yaml b/src/validations/constraints/unit-tests/iventory-item-or-component-has-virtual-FAIL.yaml
@@ -0,0 +1,9 @@
+test-case:
+  name: Negative Test for inventory-item-or-component-has-virtual
+  description: >-
+    This test case validates the behavior of constraint
+    inventory-item-or-component-has-virtual
+  content: ../content/ssp-inventory-item-or-component-has-virtual-INVALID.xml
+  expectations:
+    - constraint-id: inventory-item-or-component-has-virtual
+      result: fail
diff --git a/src/validations/constraints/unit-tests/iventory-item-or-component-has-virtual-PASS.yaml b/src/validations/constraints/unit-tests/iventory-item-or-component-has-virtual-PASS.yaml
@@ -0,0 +1,9 @@
+test-case:
+  name: Positive Test for inventory-item-or-component-has-virtual
+  description: >-
+    This test case validates the behavior of constraint
+    inventory-item-or-component-has-virtual
+  content: ../../../content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml
+  expectations:
+    - constraint-id: inventory-item-or-component-has-virtual
+      result: pass