Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Profile resolver not applying alterations to parameters #1859

Open
Rene2mt opened this issue Jul 20, 2023 · 6 comments · Fixed by #1596
Open

Profile resolver not applying alterations to parameters #1859

Rene2mt opened this issue Jul 20, 2023 · 6 comments · Fixed by #1596
Labels
bug

Comments

@Rene2mt
Copy link
Contributor

Rene2mt commented Jul 20, 2023

Describe the bug

When using the XSLT profile resolver (v1.0.4), the produced resolved profile catalogs does not apply the changes to the param specified in the profile.

Who is the bug affecting

FedRAMP and anyone using XSLT profile resolver v1.0.4

What is affected by this bug

Tooling & API

How do we replicate this issue

NOTE - the issue is when using XSLT profile resolver (version 1.0.4)

  1. Use a catalog with parameters (e.g., FedRAMP's rev resolved profile catalog)
  2. Create a profile that tries to add a prop to parameters as follows:
  3. Conduct profile resolution (e.g. through a tool like Oxygen XML or OSCAL-CLI)

Expected behavior (i.e. solution)

Notice that it works when the prop elements are added via <set-parameter param-id="parameter-ids">...</set-parameter> . This is the approach in gist https://gist.github.com/Rene2mt/de339c61034da0b81860ab5c13bc702a#file-sample-profile-xml-L54-L1868.

BUT it does not work when trying to use <alter control-id="control-id"><add position="starting" by-id="param-id">...</add></alter>. This is the approach in gist https://gist.github.com/Rene2mt/de339c61034da0b81860ab5c13bc702a#file-sample-profile-xml-L1872-L4256

This should work according to the profile resolution spec.

Other comments

No response

Revisions

No response
@Rene2mt Rene2mt added the bug label Jul 20, 2023
@wendellpiez
Copy link
Contributor

wendellpiez commented Aug 30, 2023
edited
Loading

Let's see to it that the alter usage is unit tested against this.

The lapse (or bug if you like) is in XSLT https://github.com/usnistgov/OSCAL/blob/develop/src/utils/resolver-pipeline/oscal-profile-resolve-modify.xsl, where a template matching param elements (

OSCAL/src/utils/resolver-pipeline/oscal-profile-resolve-modify.xsl

Line 52 in 8bc3c00

<xsl:template match="param" priority="2">
) fails to do what other control descendants do (template matching control//* (

OSCAL/src/utils/resolver-pipeline/oscal-profile-resolve-modify.xsl

Line 127 in 8bc3c00

<xsl:template match="control//*">
), namely looking for its matching alterations and acting on them. (It does what is called for from set-param which is why that is a workaround.)

Solution is to see to it that the param template does what is called for, not only wrt set-param but also alter (and unit test).

@wendellpiez
Copy link
Contributor

wendellpiez commented Aug 30, 2023
edited
Loading

BTW if (or to the extent that) this gives rise to implementation questions such as what happens when compounding settings and alterations on a single parameter ... another reason to build unit tests ... and if this is tricky, maybe forbidding addressing parameters with alter is preferable.

@galtm galtm mentioned this issue Aug 31, 2023
Closed
7 tasks
galtm added a commit to galtm/OSCAL that referenced this issue Sep 14, 2023
@galtm
Add test for situation in usnistgov#1859
5d3b9b3 
The XSLT changes in this pull request should already fix usnistgov#1859.
This commit adds a relevant test scenario as evidence.
@galtm
Copy link
Contributor

galtm commented Sep 14, 2023

I believe #1549 fixes this issue, and I added a relevant test scenario in that pull request.

@wendellpiez
Copy link
Contributor

Fantastic! thanks!

@aj-stein-nist aj-stein-nist moved this from Todo to Needs Triage in NIST OSCAL Work Board Sep 20, 2023
@aj-stein-nist
Copy link
Contributor

I believe #1549 fixes this issue, and I added a relevant test scenario in that pull request.

Will mark this as blocked until we merge this into develop and #1549 is merged into the develop branch and then a release.

@aj-stein-nist aj-stein-nist moved this from Needs Triage to Further Analysis Needed in NIST OSCAL Work Board Sep 28, 2023
@aj-stein-nist aj-stein-nist moved this from Further Analysis Needed to Blocked in NIST OSCAL Work Board Sep 28, 2023
@aj-stein-nist aj-stein-nist linked a pull request Sep 28, 2023 that will close this issue
Profiler resolver support for importing another profile #1596
Merged
7 tasks
aj-stein-nist pushed a commit to galtm/OSCAL that referenced this issue Sep 28, 2023
@galtm @aj-stein-nist
Add test for situation in usnistgov#1859
30e81c9 
The XSLT changes in this pull request should already fix usnistgov#1859.
This commit adds a relevant test scenario as evidence.
aj-stein-nist pushed a commit that referenced this issue Sep 28, 2023
@galtm @aj-stein-nist
Add test for situation in #1859
5ae62a4 
The XSLT changes in this pull request should already fix #1859.
This commit adds a relevant test scenario as evidence.
aj-stein-nist pushed a commit that referenced this issue Sep 28, 2023
@galtm @aj-stein-nist
Add test for situation in #1859
14af5b4 
The XSLT changes in this pull request should already fix #1859.
This commit adds a relevant test scenario as evidence.
@aj-stein-nist aj-stein-nist linked a pull request Sep 28, 2023 that will close this issue
Profiler error handling #1943
Closed
9 tasks
@iMichaela
Copy link
Contributor

This issue is probably safe to close after a sanity check.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
NIST OSCAL Work Board
Status: Blocked
Milestone
No milestone
5 participants
@wendellpiez @iMichaela @galtm @Rene2mt @aj-stein-nist