From 2999297a31c09a40e5d0826abe1b86a71a197417 Mon Sep 17 00:00:00 2001 From: Megan Wolf Date: Tue, 24 Sep 2024 13:54:33 -0400 Subject: [PATCH 1/3] fix: better error messaging on write oscal --- src/pkg/common/oscal/complete-schema.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/pkg/common/oscal/complete-schema.go b/src/pkg/common/oscal/complete-schema.go index 0d768f62..db91b9d0 100644 --- a/src/pkg/common/oscal/complete-schema.go +++ b/src/pkg/common/oscal/complete-schema.go @@ -52,16 +52,16 @@ func WriteOscalModel(filePath string, model *oscalTypes_1_1_2.OscalModels) error // If the file exists - read the data into the model existingFileBytes, err := os.ReadFile(filePath) if err != nil { - return err + return fmt.Errorf("error reading file: %v", err) } existingModel, err := NewOscalModel(existingFileBytes) if err != nil { - return err + return fmt.Errorf("error getting existing model: %v", err) } existingModelType, err := GetOscalModel(existingModel) if err != nil { - return nil + return fmt.Errorf("error getting existing model type: %v", err) } if existingModelType != modelType { From 8724a4942d59c9321ccc9da0234b268ecb921962 Mon Sep 17 00:00:00 2001 From: Megan Wolf Date: Fri, 27 Sep 2024 08:31:26 -0400 Subject: [PATCH 2/3] fix: added checks for bad output models --- src/cmd/tools/compose.go | 8 +++++++- src/cmd/validate/validate.go | 8 +++++++- src/pkg/common/oscal/complete-schema.go | 21 +++++++++++++++++++++ 3 files changed, 35 insertions(+), 2 deletions(-) diff --git a/src/cmd/tools/compose.go b/src/cmd/tools/compose.go index 1668ae4b..c1853f63 100644 --- a/src/cmd/tools/compose.go +++ b/src/cmd/tools/compose.go @@ -47,7 +47,13 @@ var composeCmd = &cobra.Command{ outputFile = GetDefaultOutputFile(composeOpts.InputFile) } - err := Compose(composeOpts.InputFile, outputFile) + // Check if output file contains a valid OSCAL model + _, err := oscal.ValidOSCALModelAtPath(outputFile) + if err != nil { + message.Fatalf(err, "Output file %s is not a valid OSCAL model: %v", outputFile, err) + } + + err = Compose(composeOpts.InputFile, outputFile) if err != nil { message.Fatalf(err, "Composition error: %s", err) } diff --git a/src/cmd/validate/validate.go b/src/cmd/validate/validate.go index 7ca481e9..8d05927d 100644 --- a/src/cmd/validate/validate.go +++ b/src/cmd/validate/validate.go @@ -52,6 +52,12 @@ var validateCmd = &cobra.Command{ outputFile = getDefaultOutputFile(opts.InputFile) } + // Check if output file contains a valid OSCAL model + _, err := oscal.ValidOSCALModelAtPath(outputFile) + if err != nil { + message.Fatalf(err, "Output file %s is not a valid OSCAL model: %v", outputFile, err) + } + if SaveResources { ResourcesDir = filepath.Join(filepath.Dir(outputFile)) } @@ -261,7 +267,7 @@ func ValidateOnControlImplementations(controlImplementations *[]oscalTypes_1_1_2 return findings, observations, nil } -// GetDefaultOutputFile returns the default output file name +// getDefaultOutputFile returns the default output file name and checks if the file already exists func getDefaultOutputFile(inputFile string) string { dirPath := filepath.Dir(inputFile) filename := "assessment-results" + filepath.Ext(inputFile) diff --git a/src/pkg/common/oscal/complete-schema.go b/src/pkg/common/oscal/complete-schema.go index db91b9d0..792e0d37 100644 --- a/src/pkg/common/oscal/complete-schema.go +++ b/src/pkg/common/oscal/complete-schema.go @@ -224,6 +224,27 @@ func GetOscalModel(model *oscalTypes_1_1_2.OscalModels) (modelType string, err e } +// ValidOSCALModelAtPath takes a path and returns a bool indicating if the model exists/is valid +// bool = T/F that oscal model exists, error = if not nil OSCAL model is invalid +func ValidOSCALModelAtPath(path string) (bool, error) { + _, err := os.Stat(path) + if err != nil { + return false, nil + } + + data, err := os.ReadFile(path) + if err != nil { + return true, err + } + + _, err = NewOscalModel(data) + if err != nil { + return true, err + } + + return true, nil +} + // InjectIntoOSCALModel takes a model target and a map[string]interface{} of values to inject into the model func InjectIntoOSCALModel(target *oscalTypes_1_1_2.OscalModels, values map[string]interface{}, path string) (*oscalTypes_1_1_2.OscalModels, error) { // If the target is nil, return an error From 194709293e2e5cd675eb220011ad1534cf1ced22 Mon Sep 17 00:00:00 2001 From: Megan Wolf Date: Mon, 30 Sep 2024 06:06:12 -0400 Subject: [PATCH 3/3] fix: added oscal validation to generate --- src/cmd/generate/generate.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/cmd/generate/generate.go b/src/cmd/generate/generate.go index 4ef0ebe7..5fb08e35 100644 --- a/src/cmd/generate/generate.go +++ b/src/cmd/generate/generate.go @@ -67,6 +67,12 @@ var generateComponentCmd = &cobra.Command{ var remarks []string var title = "Component Title" + // Check if output file contains a valid OSCAL model + _, err := oscal.ValidOSCALModelAtPath(opts.OutputFile) + if err != nil { + message.Fatalf(err, "Output file %s is not a valid OSCAL model: %v", opts.OutputFile, err) + } + // check for Catalog Source - this field is required if componentOpts.CatalogSource == "" { message.Fatal(fmt.Errorf("no catalog source provided"), "generate component requires a catalog input source")