Compose single Schematron and XSpec documents #108

GaryGapinski · 2021-06-22T18:17:12Z

resources/validations/src/ssp.sch has Schematron
resources/validations/test/ssp.xspec has XSpec

- resources/validations/src/ssp.sch has Schematron - resources/validations/test/ssp.xspec has XSpec

- and apply XML formatting

- use global $fedramp-values variable - change some assertion messages to affirmative - attempt to minimize HTML Tidy's erroneous whitespace handling - remove OBE TODOs

@pending

- use @pending rather than x:pending for system inventory unit tests - make pending "when the media-type attribute lacks an allowed value " XSpec test

- change occurrences of SHOULD to should - change "FIPS 140 validated products" to "FIPS 140 validated modules"

- Change assertion statements to have a positive statement of the constraint - Comment out dysfuntional doc-available() "resource-rlink-required" rule. - Change sch:report role from "positive" to "information". - Comment out informational sch:report items.

ohsh6o

@GaryGapinski, do we know what is going on with these test failures?

This will simplify the options in the UI.

- improve base64 regex - add checklist references

- correct XSpec base64 context to be valid base64 encoded content

resources/validations/src/ssp.sch

ohsh6o

One last comment, the rules look generally solid, and I will more thoroughly review the tests (having looked at many of them briefly; I know some got supressed reasons), but can you confirmed you worked in the wording recommendations given by @rrkane10x? It seems maybe or maybe not. I spent a good time looking for obvious signs, but not sure these made it in.

https://docs.google.com/document/d/1vZLOEBSD9HL4LkEp1H_8yHfm1ON-kLLjG9LgPc_Xl0U/edit

We also have a follow up story to look into this in a more focused way in #97 anyway, but it is something we are going to need to be mindful of moving forward.

- Use indefinite article ahead of element/attribute names - End assertion messages witha period. - Correct typos. - Remove "Section B" prefixes. - Expand initialisms and acornyms

- fix one regex - ensure sibling validation-reference and validation-details cite the same CMVP certificate

ohsh6o

I have one minor issue fixed, but other than that, this is good for now. Nice work.

ohsh6o · 2021-06-30T18:07:06Z

resources/validations/src/ssp.sch

+        <sch:rule context="oscal:base | oscal:selected">
+            <sch:let name="fips-levels"
+                     value="('fips-199-low', 'fips-199-moderate', 'fips-199-high')" />
+            <sch:assert diagnostics="cia-impact-has-approved-fips-categorization-diagnostic"
+                        id="cia-impact-has-approved-fips-categorization"
+                        role="error"
+                        test=". = $fips-levels">A FedRAMP OSCAL SSP information-type confidentiality-, integrity-, or availability-impact base or
+                        select element must have an approved value.</sch:assert>
+        </sch:rule>


Should we not be loading these from the FedRAMP values file?

Yes. I may have done this when looking at another L/M/H that was just low|moderate|high with and without initial capitalization. The most recent commit uses the external document.

- fix typos

github-actions · 2021-07-01T03:03:14Z

XSpec Test Results

    1 files ±0     9 suites ±0 0s ⏱️ ±0s
298 tests ±0 206 ✔️ ±0 92 💤 ±0 0 ❌ ±0
300 runs ±0 206 ✔️ ±0 94 💤 ±0 0 ❌ ±0

Results for commit b55dade. ± Comparison against base commit b55dade.

GaryGapinski added 3 commits June 22, 2021 12:14

Consolidate Schematron and XSpec documents

3b0ea75

- resources/validations/src/ssp.sch has Schematron - resources/validations/test/ssp.xspec has XSpec

Correct build-relative document references

7c3ff9c

Add Digital Identity Determination validations

03d2331

- and apply XML formatting

GaryGapinski self-assigned this Jun 22, 2021

Add media-types

eb9f893