Add support for SARIF-based results production.

pom.xml

@@ -212,6 +212,12 @@
 	</dependencyManagement>
 
 	<dependencies>
+		<dependency>
+			<groupId>gov.nist.secauto.metaschema</groupId>
+			<artifactId>metaschema-core</artifactId>
+			<version>${dependency.metaschema-framework.version}</version>
+		</dependency>
+
 		<dependency>
 			<groupId>gov.nist.secauto.metaschema</groupId>
 			<artifactId>metaschema-databind</artifactId>

src/main/java/gov/nist/secauto/oscal/lib/model/metadata/AbstractProperty.java

@@ -115,7 +115,7 @@ public Builder uuid(@NonNull UUID uuid) {
     @SuppressWarnings("PMD.NullAssignment") // needed
     @NonNull
     public Builder namespace(@NonNull URI namespace) {
-      if (IProperty.OSCAL_NAMESPACE.equals(namespace)) {
+      if (OSCAL_NAMESPACE.equals(namespace)) {
         this.namespace = null;
       } else {
         this.namespace = Objects.requireNonNull(namespace);

src/main/java/gov/nist/secauto/oscal/lib/profile/resolver/ProfileResolver.java

@@ -39,13 +39,13 @@
 import gov.nist.secauto.metaschema.core.metapath.item.node.INodeItem;
 import gov.nist.secauto.metaschema.core.metapath.item.node.INodeItemFactory;
 import gov.nist.secauto.metaschema.core.metapath.item.node.IRootAssemblyNodeItem;
+import gov.nist.secauto.metaschema.core.model.IBoundObject;
 import gov.nist.secauto.metaschema.core.util.CollectionUtil;
 import gov.nist.secauto.metaschema.core.util.ObjectUtils;
 import gov.nist.secauto.metaschema.databind.io.BindingException;
 import gov.nist.secauto.metaschema.databind.io.DeserializationFeature;
 import gov.nist.secauto.metaschema.databind.io.IBoundLoader;
 import gov.nist.secauto.metaschema.databind.model.IBoundDefinitionModelAssembly;
-import gov.nist.secauto.metaschema.databind.model.IBoundObject;
 import gov.nist.secauto.oscal.lib.OscalBindingContext;
 import gov.nist.secauto.oscal.lib.OscalModelConstants;
 import gov.nist.secauto.oscal.lib.OscalUtils;

src/main/java/gov/nist/secauto/oscal/lib/profile/resolver/alter/AddVisitor.java

@@ -75,15 +75,15 @@ public enum TargetType {
     static {
       {
         Map<Class<?>, TargetType> map = new ConcurrentHashMap<>();
-        for (TargetType type : TargetType.values()) {
+        for (TargetType type : values()) {
           map.put(type.getClazz(), type);
         }
         CLASS_TO_TYPE = CollectionUtil.unmodifiableMap(map);
       }
 
       {
         Map<String, TargetType> map = new ConcurrentHashMap<>();
-        for (TargetType type : TargetType.values()) {
+        for (TargetType type : values()) {
           map.put(type.fieldName(), type);
         }
         NAME_TO_TYPE = CollectionUtil.unmodifiableMap(map);
@@ -157,7 +157,7 @@ public enum Position {
 
     static {
       Map<String, Position> map = new ConcurrentHashMap<>();
-      for (Position position : Position.values()) {
+      for (Position position : values()) {
         map.put(position.name().toLowerCase(Locale.ROOT), position);
       }
       NAME_TO_POSITION = CollectionUtil.unmodifiableMap(map);
@@ -731,7 +731,7 @@ public boolean appliesTo(@NonNull Object obj) {
         }
         case PART: {
           ControlPart part = (ControlPart) obj;
-          actualId = part.getId() == null ? null : part.getId().toString();
+          actualId = part.getId() == null ? null : part.getId();
           break;
         }
         default:

src/main/java/gov/nist/secauto/oscal/lib/profile/resolver/alter/RemoveVisitor.java

@@ -73,15 +73,15 @@ public enum TargetType {
     static {
       {
         Map<Class<?>, TargetType> map = new ConcurrentHashMap<>();
-        for (TargetType type : TargetType.values()) {
+        for (TargetType type : values()) {
           map.put(type.getClazz(), type);
         }
         CLASS_TO_TYPE = CollectionUtil.unmodifiableMap(map);
       }
 
       {
         Map<String, TargetType> map = new ConcurrentHashMap<>();
-        for (TargetType type : TargetType.values()) {
+        for (TargetType type : values()) {
           map.put(type.fieldName(), type);
         }
         NAME_TO_TYPE = CollectionUtil.unmodifiableMap(map);
@@ -184,11 +184,7 @@ private static <T> boolean handle(
         }
       }
     } else if (handleChildren && handler != null) {
-      // if the child item type is applicable and there is a handler, iterate over
-      // children
-      Iterator<T> iter = supplier.get().iterator();
-      while (iter.hasNext()) {
-        T item = iter.next();
+      for (T item : supplier.get()) {
         if (item != null) {
           retval = retval || handler.apply(item);
         }
@@ -265,14 +261,11 @@ public Boolean visitControl(Control control, Context context) {
         null,
         context);
 
-    // visit parts
-    retval = retval || handle(
+    return retval || handle(
         TargetType.PART,
         () -> CollectionUtil.listOrEmpty(control.getParts()),
         child -> visitPart(child, context),
         context);
-
-    return retval;
   }
 
   @Override
@@ -286,13 +279,11 @@ public Boolean visitParameter(Parameter parameter, Context context) {
         null,
         context);
 
-    // visit links
-    retval = retval || handle(
+    return retval || handle(
         TargetType.LINK,
         () -> CollectionUtil.listOrEmpty(parameter.getLinks()),
         null,
         context);
-    return retval;
   }
 
   /**
@@ -321,13 +312,11 @@ public boolean visitPart(ControlPart part, Context context) {
         null,
         context);
 
-    // visit parts
-    retval = retval || handle(
+    return retval || handle(
         TargetType.PART,
         () -> CollectionUtil.listOrEmpty(part.getParts()),
         child -> visitPart(child, context),
         context);
-    return retval;
   }
 
   static final class Context {
@@ -482,7 +471,7 @@ public boolean isApplicableTo(@NonNull Object obj) {
           ControlPart part = (ControlPart) obj;
           actualName = part.getName();
           actualClass = part.getClazz();
-          actualId = part.getId() == null ? null : part.getId().toString();
+          actualId = part.getId() == null ? null : part.getId();
           actualNamespace = part.getNs() == null ? IProperty.OSCAL_NAMESPACE.toString() : part.getNs().toString();
           break;
         }

src/main/java/gov/nist/secauto/oscal/lib/profile/resolver/selection/DefaultControlSelectionFilter.java

@@ -103,7 +103,7 @@ protected Pair<Boolean, Boolean> match(String id) {
             boolean withChild = first.getLeft() && first.getRight() || second.getLeft() && second.getRight();
             result = Pair.of(true, withChild);
           } else {
-            result = IControlSelectionFilter.NON_MATCH;
+            result = NON_MATCH;
           }
           return result;
         })

src/main/java/gov/nist/secauto/oscal/lib/profile/resolver/selection/IControlSelectionFilter.java

@@ -46,10 +46,10 @@ public interface IControlSelectionFilter extends Function<IControl, Pair<Boolean
   Pair<Boolean, Boolean> MATCH = ObjectUtils.notNull(Pair.of(true, true));
 
   @NonNull
-  IControlSelectionFilter ALL_MATCH = control -> IControlSelectionFilter.MATCH;
+  IControlSelectionFilter ALL_MATCH = control -> MATCH;
 
   @NonNull
-  IControlSelectionFilter NONE_MATCH = control -> IControlSelectionFilter.NON_MATCH;
+  IControlSelectionFilter NONE_MATCH = control -> NON_MATCH;
 
   @NonNull
   static IControlSelectionFilter matchIds(@NonNull String... identifiers) {

src/main/java/gov/nist/secauto/oscal/lib/profile/resolver/support/IIndexer.java

@@ -63,16 +63,9 @@ enum SelectionStatus {
       "prop[@name='keep' and has-oscal-namespace('" + IProperty.OSCAL_NAMESPACE + "')]/@value = 'always'",
       OscalBindingContext.OSCAL_STATIC_METAPATH_CONTEXT);
 
-  Predicate<IEntityItem> KEEP_ENTITY_PREDICATE = new Predicate<>() {
-
-    @Override
-    public boolean test(IEntityItem entity) {
-      return entity.getReferenceCount() > 0
-          || (Boolean) ObjectUtils
-              .notNull(IIndexer.HAS_PROP_KEEP_METAPATH.evaluateAs(entity.getInstance(), ResultType.BOOLEAN));
-    }
-
-  };
+  Predicate<IEntityItem> KEEP_ENTITY_PREDICATE = entity -> entity.getReferenceCount() > 0
+      || (Boolean) ObjectUtils
+          .notNull(HAS_PROP_KEEP_METAPATH.evaluateAs(entity.getInstance(), ResultType.BOOLEAN));
 
   static boolean isReferencedEntity(@NonNull IEntityItem entity) {
     return KEEP_ENTITY_PREDICATE.test(entity);

src/main/metaschema-bindings/oscal-metaschema-bindings.xml

@@ -159,5 +159,4 @@
 			</java>
 		</define-assembly-binding>
 	</metaschema-binding>
-
 </metaschema-bindings>

src/test/java/gov/nist/secauto/oscal/java/MetaschemaVisitorTest.java

@@ -76,7 +76,7 @@ void test() throws FileNotFoundException, IOException, URISyntaxException {
     // Profile profile = nodeItem.toBoundObject();
 
     IDocumentNodeItem resolvedProfile = ResolveProfile.resolveProfile(nodeItem, dynamicContext);
-    OscalBindingContext.instance().validate(resolvedProfile, loader);
+    OscalBindingContext.instance().validate(resolvedProfile, loader, null);
 
     // OscalBindingContext.instance().newSerializer(Format.XML,
     // Catalog.class).serialize(resolvedProfile.toBoundObject(), new FileWriter(new

src/test/java/gov/nist/secauto/oscal/java/ReadWriteTest.java

@@ -28,14 +28,14 @@
 
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
+import gov.nist.secauto.metaschema.core.model.IBoundObject;
 import gov.nist.secauto.metaschema.core.util.ObjectUtils;
 import gov.nist.secauto.metaschema.databind.DefaultBindingContext;
 import gov.nist.secauto.metaschema.databind.IBindingContext;
 import gov.nist.secauto.metaschema.databind.io.DeserializationFeature;
 import gov.nist.secauto.metaschema.databind.io.Format;
 import gov.nist.secauto.metaschema.databind.io.IDeserializer;
 import gov.nist.secauto.metaschema.databind.io.ISerializer;
-import gov.nist.secauto.metaschema.databind.model.IBoundObject;
 import gov.nist.secauto.oscal.lib.model.Catalog;
 
 import org.apache.logging.log4j.LogManager;

src/test/java/gov/nist/secauto/oscal/lib/profile/resolver/ProfileResolutionTests.java

@@ -32,7 +32,6 @@
 import static org.junit.jupiter.api.Assertions.fail;
 
 import gov.nist.secauto.metaschema.core.metapath.DynamicContext;
-import gov.nist.secauto.metaschema.core.metapath.StaticContext;
 import gov.nist.secauto.metaschema.core.metapath.item.node.INodeItem;
 import gov.nist.secauto.metaschema.databind.io.DefaultBoundLoader;
 import gov.nist.secauto.metaschema.databind.io.Format;