def test_multiple_components_multiple_implementations(self):
metadata = Metadata(title="Testing", version="1.0")
component_def = ComponentDefinition(metadata=metadata)
for name in ["component 1", "component 2", "component 3"]:
component = self.component(name)
for source in ["NIST 800-53rev4", "NIST 800-171rev1"]:
impl = ControlImplementation(
source=source, description=f"{source} controls for {name}")
for control in ["AC-1", "AC-2(1)", "RA-1.b", "PE-2(1).a"]:
req = ImplementedRequirement(
control_id=control,
description=f"About {control} in component {name}",
)
req.add_statement(
Statement(
statement_id="S1",
description=f"Statement 1 about {control}",
))
req.add_statement(
Statement(
statement_id="S2",
description=f"Statement 2 about {control}",
))
impl.implemented_requirements.append(req)
component.control_implementations.append(impl)
component_def.add_component(component)
root = Root(component_definition=component_def)
oscal = root.json(indent=2)
assert self.is_valid(oscal)
def test_empty_component(self):
metadata = Metadata(title="Testing", version="1.0")
component_def = ComponentDefinition(metadata=metadata)
component = self.component("test")
component_def.add_component(component)
root = Root(component_definition=component_def)
oscal = root.json(indent=2)
assert self.is_valid(oscal)
def test_links(self):
links = [
Link(text="Google", href="https://google.com"),
Link(text="Picture", href="#photo_1", rel=LinkRelEnum.photograph),
]
metadata = Metadata(title="Testing", version="1.0", links=links)
component_def = ComponentDefinition(metadata=metadata)
root = Root(component_definition=component_def)
oscal = root.json(indent=2)
assert self.is_valid(oscal)
def test_parties(self):
parties = [
Party(type=PartyTypeEnum.person, name="Harry Potter"),
Party(
type=PartyTypeEnum.organization,
name="Hogwarts School of Magic",
short_name="Hogwarts",
email_addresses=[Email("*****@*****.**")],
),
]
metadata = Metadata(title="Testing", version="1.0", parties=parties)
component_def = ComponentDefinition(metadata=metadata)
root = Root(component_definition=component_def)
oscal = root.json(indent=2)
assert self.is_valid(oscal)
def test_revision_history(self):
# oddly, spec says empty revisions are OK
revisions = [
Revision(title="Revision 2", published=datetime.now(timezone.utc)),
Revision(
title="Revision 1",
published=datetime.now(timezone.utc),
version="1.2.3",
),
Revision(),
]
metadata = Metadata(title="Testing",
version="1.0",
revisions=revisions)
component_def = ComponentDefinition(metadata=metadata)
root = Root(component_definition=component_def)
oscal = root.json(indent=2)
assert self.is_valid(oscal)
def test_one_component(self):
metadata = Metadata(title="Testing", version="1.0")
component_def = ComponentDefinition(metadata=metadata)
component = self.component("test")
impl = ControlImplementation(source="NIST 800-53rev4",
description="Testing")
req = ImplementedRequirement(control_id="AC-1",
description="About AC-1")
req.add_statement(
Statement(statement_id="1",
description="First statement about AC-1"))
req.add_statement(
Statement(statement_id="2",
description="Second statement about AC-1"))
impl.implemented_requirements.append(req)
component.control_implementations.append(impl)
component_def.add_component(component)
root = Root(component_definition=component_def)
oscal = root.json(indent=2)
assert self.is_valid(oscal)
def oscalify(components: Dict, title: str):
now = datetime.now(timezone.utc)
revision = Revision(title="Initial revision", published=now)
metadata = Metadata(
title=title,
version="1.0",
published=now,
last_modified=now,
properties=[Property(name="generated-by", value="oscal.py")],
revision_history=[revision],
)
component_def = ComponentDefinition(metadata=metadata)
for component_name, catalogs in components["components"].items():
component = Component(
name=component_name, title=component_name, description=component_name
)
component_def.add_component(component)
for catalog_name, controls in catalogs.items():
control_implementation = ControlImplementation(
source=catalog_name, description=catalog_name
)
component.control_implementations.append(control_implementation)
# collect statements by OSCAL control id
by_control_id = defaultdict(list)
for control_key, control_descs in controls.items():
oscal_control_id = oscalize_control_id(control_key)
by_control_id[oscal_control_id].append((control_key, control_descs))
# emit an implemented_requirement for each control
for control_id in sorted(by_control_id.keys()):
description = "Statements related to {}".format(control_id)
implemented_requirement = ImplementedRequirement(
control_id=control_id, description=description
)
control_implementation.implemented_requirements.append(
implemented_requirement
)
# emit statements found in this control
for control_key, control_descs in by_control_id[control_id]:
statement_id = control_to_statement_id(control_key)
# we may have multiple statements that map to the same
# statement_id, so we will collect and concatenate
# the statements texts and ssp sources
texts = []
ssp_sources = []
for control_desc in control_descs:
texts.append(control_desc["text"])
ssp_sources.append(control_desc["source"])
description = "\n".join(texts)
remarks = "From " + ", ".join(ssp_sources)
statement = Statement(
statement_id=statement_id,
description=description,
remarks=remarks,
)
implemented_requirement.add_statement(statement)
return Root(component_definition=component_def)