use preview versions of oscal tools (GSA#1072)

* fix constraints (GSA#1070) * use preview versions of oscal tools * hotfix missing expect tag * Add the inter-boundary-component-has-information-type constraint (GSA#1066) * Add the inter-boundary-component-has-information-type constraint * clean up ssp-inter-boundary-component-has-information-type-INVALID.xml * Hotfix styles (GSA#1076) * style guide hotfix * Update fedramp-external-constraints.xml * use latest server build * Correct constraint message. (GSA#1085) * add additional sample content (GSA#1081) * Add new metapath target to 'security-level' constraint (GSA#1079) * make build (GSA#1080) * add inventory item constraints (GSA#1063) * add inventory item constraints * update example file Co-Authored-By: A.J. Stein <alexander.stein@gsa.gov> * improve scan type constraint * massage constraints * improve constraint content * Update src/validations/constraints/fedramp-external-constraints.xml Co-authored-by: Gabeblis <gabriel.rodriguez@gsa.gov> * Update src/validations/constraints/fedramp-external-constraints.xml Co-authored-by: Gabeblis <gabriel.rodriguez@gsa.gov> * Update fedramp-external-constraints.xml * Update fedramp-external-constraints.xml * Squashed commit of the following: commit d7b0623 Author: wandmagic <156969148+wandmagic@users.noreply.github.com> Date: Tue Jan 7 14:47:44 2025 -0500 fix constraints (GSA#1070) commit fc50a42 Author: wandmagic <156969148+wandmagic@users.noreply.github.com> Date: Fri Jan 3 14:21:47 2025 -0500 hotfix develop (GSA#1064) * Squashed commit of the following: commit 18a02c9 Author: wandmagic <156969148+wandmagic@users.noreply.github.com> Date: Wed Jan 8 09:37:15 2025 -0500 Hotfix styles (GSA#1076) * style guide hotfix * Update fedramp-external-constraints.xml commit 60b3c50 Author: DimitriZhurkin <dimitri.zhurkin@noblis.org> Date: Wed Jan 8 07:14:14 2025 -0700 Add the inter-boundary-component-has-information-type constraint (GSA#1066) * Add the inter-boundary-component-has-information-type constraint * clean up ssp-inter-boundary-component-has-information-type-INVALID.xml commit d7b0623 Author: wandmagic <156969148+wandmagic@users.noreply.github.com> Date: Tue Jan 7 14:47:44 2025 -0500 fix constraints (GSA#1070) commit fc50a42 Author: wandmagic <156969148+wandmagic@users.noreply.github.com> Date: Fri Jan 3 14:21:47 2025 -0500 hotfix develop (GSA#1064) * Squashed commit of the following: commit 8c1a343 Author: Gabeblis <gabriel.rodriguez@gsa.gov> Date: Thu Jan 9 11:45:37 2025 -0500 Add new metapath target to 'security-level' constraint (GSA#1079) commit 608080d Author: wandmagic <156969148+wandmagic@users.noreply.github.com> Date: Thu Jan 9 09:29:17 2025 -0500 add additional sample content (GSA#1081) commit 1f55a73 Author: Gabeblis <gabriel.rodriguez@gsa.gov> Date: Thu Jan 9 09:22:28 2025 -0500 Correct constraint message. (GSA#1085) commit 18a02c9 Author: wandmagic <156969148+wandmagic@users.noreply.github.com> Date: Wed Jan 8 09:37:15 2025 -0500 Hotfix styles (GSA#1076) * style guide hotfix * Update fedramp-external-constraints.xml commit 60b3c50 Author: DimitriZhurkin <dimitri.zhurkin@noblis.org> Date: Wed Jan 8 07:14:14 2025 -0700 Add the inter-boundary-component-has-information-type constraint (GSA#1066) * Add the inter-boundary-component-has-information-type constraint * clean up ssp-inter-boundary-component-has-information-type-INVALID.xml commit d7b0623 Author: wandmagic <156969148+wandmagic@users.noreply.github.com> Date: Tue Jan 7 14:47:44 2025 -0500 fix constraints (GSA#1070) commit fc50a42 Author: wandmagic <156969148+wandmagic@users.noreply.github.com> Date: Fri Jan 3 14:21:47 2025 -0500 hotfix develop (GSA#1064) --------- Co-authored-by: A.J. Stein <alexander.stein@gsa.gov> Co-authored-by: Gabeblis <gabriel.rodriguez@gsa.gov> * Add `inventory-item-has-software-version` constraint (GSA#1039) * Add 'inventory-item-has-software-version' constraint and tests * Add 'inventory-item-has-software-version' constraint and tests * Add 'inventory-item-has-software-name' constraint and tests (GSA#1038) * use preview versions of oscal tools * hotfix missing expect tag * use latest server build * fix order and missing expect closing tag * Update fedramp-external-constraints.xml * use versions matrix for snapshot testing This reverts commit 5679abd. * better action names * Update module.mk * Update .tool-versions --------- Co-authored-by: DimitriZhurkin <dimitri.zhurkin@noblis.org> Co-authored-by: Gabeblis <gabriel.rodriguez@gsa.gov> Co-authored-by: A.J. Stein <alexander.stein@gsa.gov>
wandmagic · Feb 3, 2025 · 651515f · 651515f
1 parent ca4990b
commit 651515f
Show file tree

Hide file tree

Showing 7 changed files with 127 additions and 10 deletions.
diff --git a/.github/workflows/run-lint.yml b/.github/workflows/run-lint.yml
@@ -17,7 +17,11 @@ jobs:
   # one job that runs tests
   run-tests:
     runs-on: ubuntu-20.04
-    # Checkout repository and its submodules
+    strategy:
+      matrix:
+        version: ['latest', 'snapshot']
+    name: Run style tests (${{ matrix.version }})
+        # Checkout repository and its submodules
     steps:
       # Check-out the repository under $GITHUB_WORKSPACE
       - name: Checkout repository
@@ -38,6 +42,8 @@ jobs:
         with:
           node-version: ${{ env.NODE_VERSION }}
       - name: Install OSCAL CLI 
+        env:
+          USE_SNAPSHOT: ${{ matrix.version == 'snapshot' && '1' || '' }}
         run: |
           make configure
       - name: Run Lint tests

diff --git a/.github/workflows/run-tests.yml b/.github/workflows/run-tests.yml
@@ -8,6 +8,7 @@ on:
     branches:
       - master
       - develop
+      - canary
       - 'feature/**'  # This will match any branch starting with "feature"
 
   pull_request:
@@ -20,7 +21,9 @@ jobs:
       fail-fast: false
       matrix:
         os: [ubuntu-20.04, windows-2022]
+        version: ['latest', 'snapshot']
     runs-on: ${{ matrix.os }}
+    name: Unit Tests (${{ matrix.os }}, ${{ matrix.version }})
     # Checkout repository and its submodules
     steps:
       # Check-out the repository under $GITHUB_WORKSPACE
@@ -42,6 +45,8 @@ jobs:
         with:
           node-version: ${{ steps.nvmrc.outputs.NODE_VERSION }}
       - name: Install OSCAL CLI
+        env:
+          USE_SNAPSHOT: ${{ matrix.version == 'snapshot' && '1' || '' }}
         run: |
           make init-validations
       - name: Run Cucumber tests

diff --git a/.tool-versions b/.tool-versions
@@ -1,2 +1,4 @@
 oscal-cli 2.4.0
-oscal-server v1.0.0-SNAPSHOT-6363f60-20241202160440
+oscal-cli-snapshot 2.5.0-SNAPSHOT
+oscal-server v1.0.0-SNAPSHOT-6363f60-20241202160440
+oscal-server-snapshot v1.0.0-SNAPSHOT-6773e8b-20250108155951
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -8,7 +8,7 @@
     "federalist": "make init-repo && npm run build:validation-ui && npm run link:validation-ui",
     "link:validation-ui": "ln -sf ./src/web/dist _site",
     "test": "cross-env-shell NODE_OPTIONS=\"--loader ts-node/esm --no-warnings --experimental-specifier-resolution=node\" cucumber-js",
-    "test:server": "cross-env-shell OSCAL_EXECUTOR='oscal-server' NODE_OPTIONS=\"--loader ts-node/esm --no-warnings --experimental-specifier-resolution=node\" cucumber-js",
+    "test:server": "cross-env-shell OSCAL_SERVER_PATH='${process.cwd()}' OSCAL_EXECUTOR='oscal-server' NODE_OPTIONS=\"--loader ts-node/esm --no-warnings --experimental-specifier-resolution=node\" cucumber-js",
     "test:parallel": "cross-env-shell NODE_OPTIONS=\"--loader ts-node/esm --no-warnings --experimental-specifier-resolution=node\" cucumber-js  --parallel 4 2>/dev/null 2>NUL",
     "test:failed": "cross-env NODE_OPTIONS=\"--loader ts-node/esm --no-warnings --experimental-specifier-resolution=node\" cucumber-js -p rerun",
     "test:constraints": "cross-env NODE_OPTIONS=\"--loader ts-node/esm --no-warnings --experimental-specifier-resolution=node\" cucumber-js --tags @constraints",
@@ -28,7 +28,7 @@
     "inquirer": "^10.1.8",
     "js-yaml": "^4.1.0",
     "jsdom": "^25.0.0",
-    "oscal": "2.0.7",
+    "oscal": "2.0.8-rc5",
     "ts-node": "^10.9.2",
     "xml-formatter": "^3.6.3",
     "xml2js": "^0.6.2"

diff --git a/src/content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml b/src/content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml
@@ -1859,6 +1859,10 @@ compliance (e.g., Module in Process).</p>
       <prop name="direction" value="outgoing" ns="http://fedramp.gov/ns/oscal"/>
       <prop ns="http://fedramp.gov/ns/oscal" name="information-type" class="incoming" value="C.3.5.1"/>
       <prop ns="http://fedramp.gov/ns/oscal" name="information-type" class="outgoing" value="C.3.5.8"/>
+
+      <prop ns="http://fedramp.gov/ns/oscal" name="information-type" class="incoming" value="C.3.5.1"/>
+      <prop ns="http://fedramp.gov/ns/oscal" name="information-type" class="outgoing" value="C.3.5.8"/>
+
       <prop ns="http://fedramp.gov/ns/oscal" name="authentication-method" value="yes">
         <remarks>
           <p>If 'yes', describe the authentication method.</p>
@@ -2709,6 +2713,99 @@ SSP authors must add implmentations for all required controls.
                     </responsible-role>
         </by-component>
       </statement>
+      <statement statement-id="ac-1_smt.a.1" uuid="11111111-2222-4000-8000-013000000001">
+        <by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8880-014000000001">
+          <description>
+            <p>Describe how Part a is satisfied within the system.</p>
+            <p>Legacy approach. If no policy component is defined, describe here how the policy satisfies part a.</p>
+            <p>In this case, a link must be provided to the policy.</p>
+            <p>FedRAMP prefers all policies and procedures be attached as a resource in the back-matter. The link points to a resource.</p>
+          </description>
+          <link href="#11111111-2222-4000-8000-001000000005" rel="policy"/>
+          <link href="#11111111-2222-4000-8000-001000000023" rel="procedure"/>
+          <implementation-status state="operational"/>
+                    <responsible-role role-id="system-admin">
+                        <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+                    </responsible-role>
+          <remarks>
+            <p>The specified component is the system itself.</p>
+            <p>Any control implementation response that can not be associated with another component is associated with the component representing the system.</p>
+          </remarks>
+        </by-component>
+        <by-component component-uuid="11111111-2222-4000-8000-009000000012" uuid="11111111-2222-4000-8000-014000000012">
+          <description>
+            <p>Describe how this policy component satisfies part a.</p>
+            <p>Component approach. This links to a component representing the Identity Management and Access Control Policy.</p>
+            <p>That component contains a link to the policy, so it does not have to be linked here too.</p>
+          </description>
+          <implementation-status state="implemented"/>
+                    <responsible-role role-id="system-admin">
+                        <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+                    </responsible-role>
+        </by-component>
+      </statement>
+      <statement statement-id="ac-1_smt.a.1" uuid="11111111-2222-4000-8000-013000000001">
+        <by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8880-014000000001">
+          <description>
+            <p>Describe how Part a is satisfied within the system.</p>
+            <p>Legacy approach. If no policy component is defined, describe here how the policy satisfies part a.</p>
+            <p>In this case, a link must be provided to the policy.</p>
+            <p>FedRAMP prefers all policies and procedures be attached as a resource in the back-matter. The link points to a resource.</p>
+          </description>
+          <link href="#11111111-2222-4000-8000-001000000005" rel="policy"/>
+          <link href="#11111111-2222-4000-8000-001000000023" rel="procedure"/>
+          <implementation-status state="implemented"/>
+                    <responsible-role role-id="system-admin">
+                        <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+                    </responsible-role>
+          <remarks>
+            <p>The specified component is the system itself.</p>
+            <p>Any control implementation response that can not be associated with another component is associated with the component representing the system.</p>
+          </remarks>
+        </by-component>
+        <by-component component-uuid="11111111-2222-4000-8000-009000000012" uuid="11111111-2222-4000-8000-014000000012">
+          <description>
+            <p>Describe how this policy component satisfies part a.</p>
+            <p>Component approach. This links to a component representing the Identity Management and Access Control Policy.</p>
+            <p>That component contains a link to the policy, so it does not have to be linked here too.</p>
+          </description>
+          <implementation-status state="implemented"/>
+                    <responsible-role role-id="system-admin">
+                        <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+                    </responsible-role>
+        </by-component>
+      </statement>
+      <statement statement-id="ac-1_smt.a.1" uuid="11111111-2222-4000-8000-013000000001">
+        <by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8880-014000000001">
+          <description>
+            <p>Describe how Part a is satisfied within the system.</p>
+            <p>Legacy approach. If no policy component is defined, describe here how the policy satisfies part a.</p>
+            <p>In this case, a link must be provided to the policy.</p>
+            <p>FedRAMP prefers all policies and procedures be attached as a resource in the back-matter. The link points to a resource.</p>
+          </description>
+          <link href="#11111111-2222-4000-8000-001000000005" rel="policy"/>
+          <link href="#11111111-2222-4000-8000-001000000023" rel="procedure"/>
+          <implementation-status state="operational"/>
+                    <responsible-role role-id="system-admin">
+                        <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+                    </responsible-role>
+          <remarks>
+            <p>The specified component is the system itself.</p>
+            <p>Any control implementation response that can not be associated with another component is associated with the component representing the system.</p>
+          </remarks>
+        </by-component>
+        <by-component component-uuid="11111111-2222-4000-8000-009000000012" uuid="11111111-2222-4000-8000-014000000012">
+          <description>
+            <p>Describe how this policy component satisfies part a.</p>
+            <p>Component approach. This links to a component representing the Identity Management and Access Control Policy.</p>
+            <p>That component contains a link to the policy, so it does not have to be linked here too.</p>
+          </description>
+          <implementation-status state="operational"/>
+                    <responsible-role role-id="system-admin">
+                        <party-uuid>11111111-0000-4000-9000-000000000001</party-uuid>
+                    </responsible-role>
+        </by-component>
+      </statement>
       <statement statement-id="ac-1_smt.a.2" uuid="11111111-2222-4000-8000-013000000002">
         <by-component component-uuid="11111111-2222-4000-8000-009000000000" uuid="11111111-2222-4000-8000-014000000003">
           <description>

diff --git a/src/validations/module.mk b/src/validations/module.mk
@@ -1,8 +1,6 @@
 
 # Get tool versions using Node script
 OSCAL_VERSION := $(shell node src/scripts/ci-get-version.js package oscal)
-OSCAL_CLI_VERSION := $(shell node src/scripts/ci-get-version.js tool oscal-cli) 
-OSCAL_SERVER_VERSION := $(shell node src/scripts/ci-get-version.js tool oscal-server)
 OSCAL_SERVER_PATH := $(shell node -e "console.log(process.cwd())")
 
 # Optional: Add version checking targets
@@ -12,6 +10,15 @@ check-versions:
 	@echo "OSCAL Server: $(OSCAL_SERVER_VERSION)"
 	@echo "OSCAL JS: $(OSCAL_VERSION)"
 	@echo "OSCAL SERVER ALLOWED DIR: $(OSCAL_SERVER_PATH)"
+# Variables
+OSCAL_VERSION = $(shell jq -r .dependencies.oscal package.json)
+ifdef USE_SNAPSHOT
+OSCAL_CLI_VERSION := $(shell node src/scripts/ci-get-version.js tool oscal-cli-snapshot) 
+OSCAL_SERVER_VERSION := $(shell node src/scripts/ci-get-version.js tool oscal-server-snapshot)
+else
+OSCAL_CLI_VERSION := $(shell node src/scripts/ci-get-version.js tool oscal-cli) 
+OSCAL_SERVER_VERSION := $(shell node src/scripts/ci-get-version.js tool oscal-server)
+endif
 OSCAL_CLI = npx oscal@$(OSCAL_VERSION)
 SRC_DIR = ./src
 DIST_DIR = ./dist