Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Content Upgraders for Conversion from RC2 to 1.0.0 Do Not Upgrade Profile Flag Updates #958

Closed
ohsh6o opened this issue Jun 10, 2021 · 0 comments · Fixed by #960
Closed
Labels
Milestone

Comments

@ohsh6o
Copy link
Contributor

ohsh6o commented Jun 10, 2021

Describe the bug

Key changes in flags OSCAL profile flags in #928, as indicated in the 1.0.0 release notes converted `oscal:profile was not wrapped into the content upgrader transforms.

https://github.com/usnistgov/OSCAL/blob/367b23d97582a6a0aad7399da67974ffd1698a90/src/release/content-upgrade/oscal-rc2-v1-0-0-update.xsl

Who is the bug affecting?

Anyone upgrading OSCAL profiles from oscal-version 1.0.0-rc2 to 1.0.0.

What is affected by this bug?

Validation and proper usage of profiles for profile resolution post-upgrade.

When does this occur?

Always, discovered during GSA/fedramp-automation#106 to complete work for GSA/fedramp-automation#105.

How do we replicate the issue?

  1. Load the GSA/fedramp-automation in the OxygenXML IDE, and update the git submodules.
  2. Upgrade any of the four FedRAMP baselines with the current upgrader script
  3. Review and validate the profile using
  4. See errors from XSD validation with the complete or SSP schema. Example below:
/home/runner/work/fedramp-automation/fedramp-automation/git-content/src/baselines/rev4/xml/FedRAMP_rev4_MODERATE-baseline_profile.xml:10840: element add: Schemas validity error : Element '{http://csrc.nist.gov/ns/oscal/1.0}add', attribute 'id-ref': The attribute 'id-ref' is not allowed.

From the past CI/CD pass in Github Actions.

Expected behavior (i.e. solution)

Proper content upgrades for profile modifications so they are compatible with current standards.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants