compliance-trestle icon indicating copy to clipboard operation
compliance-trestle copied to clipboard

Published 20 hours ago verified publisher icon oscal-compass

`csv_to_oscal_cd` task produces component definition that is not well-formed in some scenarios

Open jpower432 opened this issue 8 months ago • 2 comments

Describe the bug

The csv_to_oscal_cd task produces an component definition that is not well-formed when a profile is specified for a rule with no mapped controls.

To Reproduce

To show a reproduction of the issue, using an example repository with a validation component use case. Repository is located here.

Steps to reproduce the behavior:

  1. Clone repository linked above
  2. Run trestle task csv-to-oscal-cd -c data/csv-to-oscal-cd.config
  3. Generate the JSON schemas for OSCAL 1.1.2 per the OSCAL repository directions.
  4. Validate the generated compdef at component-definitions/kube/component-definition.json against generated schema
  5. Observe validation error

Expected behavior

I expected the control-implementations field removed with a warning or an error to inform me that I must specify at least one mapped control if a profile is set.

Screenshots / Logs.

Screenshot from 2024-06-28 07-48-55

Note: When hovering over the warning Array has too few items. Expected 1 or more.

Environment

  • OS: Fedora 39
  • Python version: v3.11.9
  • Installed packages: compliance-trestle v.3.2.0

jpower432 avatar Jun 28 '24 17:06 jpower432