Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid UUIDs cause java.lang.IllegalArgumentException in enhanced oscal-cli #823

Closed
1 of 12 tasks
Telos-sa opened this issue Oct 25, 2024 · 10 comments
Closed
1 of 12 tasks

Invalid UUIDs cause java.lang.IllegalArgumentException in enhanced oscal-cli #823

Telos-sa opened this issue Oct 25, 2024 · 10 comments
Assignees
@aj-stein-gsa
Labels
bug Something isn't working

Comments

@Telos-sa
Copy link

This relates to ...

  • the FedRAMP OSCAL Registry
  • the FedRAMP OSCAL baselines
  • the Guide to OSCAL-based FedRAMP Content
  • the Guide to OSCAL-based FedRAMP System Security Plans (SSP)
  • the Guide to OSCAL-based FedRAMP Security Assessment Plans (SAP)
  • the Guide to OSCAL-based FedRAMP Security Assessment Results (SAR)
  • the Guide to OSCAL-based FedRAMP Plan of Action and Milestones (POA&M)
  • the FedRAMP SSP OSCAL Template (JSON or XML Format)
  • the FedRAMP SAP OSCAL Template (JSON or XML Format)
  • the FedRAMP SAR OSCAL Template (JSON or XML Format)
  • the FedRAMP POA&M OSCAL Template (JSON or XML Format)
  • the FedRAMP OSCAL Validations

What happened?

When validating an OSCAL SSP that has invalid UUIDs with the oscal-cli v2.2.0, the validation yields an illegal argument exception:
java.lang.IllegalArgumentException: Invalid UUID string: Amazon RDS (MariaDB/MySQL/Postgres)

oscal-cli ssp validate FedRAMP\ SSP\ -\ 24.03\ \(2024-10-25T133816Z\).json
This command path is deprecated. Please use 'validate'.
Validating 'file:///Users/13994/Desktop/SA%20Git/xacta360-xde-oscal-schema-export/FedRAMP%20SSP%20-%2024.03%20(2024-10-25T133816Z).json' as JSON.
java.lang.IllegalArgumentException: Invalid UUID string: Arbitrary String

This should yield a validation error saying that the provided UUID did not match the regular expression for UUID data type - similar to what the base oscal-cli v1.0.3 from NIST provides:

[ERROR] [#/system-security-plan/control-implementation/implemented-requirements/117/statements/0/by-components/2/component-uuid] #/system-security-plan/control-implementation/implemented-requirements/117/statements/0/by-components/2/component-uuid: string [Arbitrary String] does not match pattern ^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[45][0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$ [file:///Users/13994/Desktop/SA%20Git/xacta360-xde-oscal-schema-export/FedRAMP%20SSP%20-%2024.03%20(2024-10-25T133816Z).json]

Relevant log output

No response

How do we replicate this issue?

Validate an OSCAL SSP that has an invalid UUID format for a by-component>component-uuid element

Where, exactly?

  • OSCAL v1.1.2
  • oscal-cli v.2.2.0
  • control-implementation>implemented-requirements>statements>by-components>component-uuid

Other relevant details

No response
@Telos-sa Telos-sa added the bug Something isn't working label Oct 25, 2024
@aj-stein-gsa aj-stein-gsa moved this from 🆕 New to 📋 Backlog in FedRAMP Automation Oct 25, 2024
@aj-stein-gsa
Copy link
Contributor

Thank you for the bug report, we will look into this. It would like this may be a processing model issue with the metaschema-framework version of the oscal-cli. If we do post an issue and a potential fix there, I will be sure to cross-reference them here once triage is complete.

@aj-stein-gsa
Copy link
Contributor

@Telos-sa, to triage further, can you please run the same command as before in the initial report with the following commands:

oscal-cli --version

And then most importantly this variation of the command.

oscal-cli validate FedRAMP\ SSP\ -\ 24.03\ \(2024-10-25T133816Z\).json --show-stack-trace

We do not have an error with that custom message in the relevant code base, so we need the full stack trace to determine which caller code in our libraries leverages a dependency library that emits that exception with a complete call stack in the stack trace. Thanks in advance for your help and cooperation.

@aj-stein-gsa aj-stein-gsa moved this from 📋 Backlog to 🛑 Blocked in FedRAMP Automation Oct 28, 2024
@aj-stein-gsa
Copy link
Contributor

Note to team review this issue: I have marked this issue blocked until we get more feedback from the reporting party. Further triage can occur once we know more.

/cc @david-waltermire

@aj-stein-gsa aj-stein-gsa self-assigned this Oct 28, 2024
@Telos-sa
Copy link
Author

@aj-stein-gsa It looks like some lines of the stack trace were omitted - any way to get it to display everything?
Here is what was included:

oscal-cli --version
oscal-cli 2.2.0 built at 2024-10-08 23:48 from branch 0b9478792d27837a8967cc72a0c98776b24f7102 (0b94787) at https://github.com/metaschema-framework/oscal-cli
liboscal-java  built at 2024-10-08 22:12 from branch 0e7de882592dedef37a1fc30101393e6c4fe71f3 (0e7de88) at https://github.com/metaschema-framework/liboscal-java
oscal v1.1.2 built at 2024-10-08 22:12 from branch 4f02dac6f698efda387cc5f55bc99581eaf494b6 (4f02dac) at https://github.com/usnistgov/OSCAL.git
metaschema-java 1.2.0 built at 2024-10-08T20:00:42+0000 from branch 46df8d8fc25c5de1d7cb0485e534f31efe61b2b7 (46df8d8) at https://github.com/metaschema-framework/metaschema-java
metaschema  built at 2024-10-08T20:00:42+0000 from branch 7c03ce5844e46cf9d047193a37e44422ae6a7d61 (7c03ce5) at https://github.com/metaschema-framework/metaschema.git

oscal-cli validate Hogwarts\ SSP\ -\ 1.0\ \(2024-10-28T172328Z\).json
Validating 'file:///Users/13994/Desktop/SA%20Git/xacta360-xde-oscal-schema-export/Hogwarts%20SSP%20-%201.0%20(2024-10-28T172328Z).json' as JSON.
java.lang.IllegalArgumentException: Invalid UUID string: Arbitrary String
TCM-13994C:xacta360-xde-oscal-schema-export 13994$ oscal-cli --version
oscal-cli 2.2.0 built at 2024-10-08 23:48 from branch 0b9478792d27837a8967cc72a0c98776b24f7102 (0b94787) at https://github.com/metaschema-framework/oscal-cli
liboscal-java  built at 2024-10-08 22:12 from branch 0e7de882592dedef37a1fc30101393e6c4fe71f3 (0e7de88) at https://github.com/metaschema-framework/liboscal-java
oscal v1.1.2 built at 2024-10-08 22:12 from branch 4f02dac6f698efda387cc5f55bc99581eaf494b6 (4f02dac) at https://github.com/usnistgov/OSCAL.git
metaschema-java 1.2.0 built at 2024-10-08T20:00:42+0000 from branch 46df8d8fc25c5de1d7cb0485e534f31efe61b2b7 (46df8d8) at https://github.com/metaschema-framework/metaschema-java
metaschema  built at 2024-10-08T20:00:42+0000 from branch 7c03ce5844e46cf9d047193a37e44422ae6a7d61 (7c03ce5) at https://github.com/metaschema-framework/metaschema.git
TCM-13994C:xacta360-xde-oscal-schema-export 13994$ oscal-cli validate Hogwarts\ SSP\ -\ 1.0\ \(2024-10-28T172328Z\).json --show-stack-trace
Validating 'file:///Users/13994/Desktop/SA%20Git/xacta360-xde-oscal-schema-export/Hogwarts%20SSP%20-%201.0%20(2024-10-28T172328Z).json' as JSON.
java.lang.IllegalArgumentException: Invalid UUID string: Arbitrary String
java.io.IOException: java.lang.IllegalArgumentException: Invalid UUID string: Arbitrary String
	at gov.nist.secauto.metaschema.databind.io.AbstractDeserializer.deserializeToNodeItem(AbstractDeserializer.java:81) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.IDeserializer.deserializeToNodeItem(IDeserializer.java:175) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.DefaultBoundLoader.loadAsNodeItem(DefaultBoundLoader.java:239) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.DefaultBoundLoader.loadAsNodeItem(DefaultBoundLoader.java:215) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.DefaultBoundLoader.loadAsNodeItem(DefaultBoundLoader.java:205) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.IBindingContext.validateWithConstraints(IBindingContext.java:414) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.cli.commands.AbstractValidateContentCommand$AbstractValidationCommandExecutor.execute(AbstractValidateContentCommand.java:289) ~[dev.metaschema.java.metaschema-cli-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.cli.processor.CLIProcessor$CallingContext.invokeCommand(CLIProcessor.java:405) ~[dev.metaschema.java.cli-processor-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.cli.processor.CLIProcessor$CallingContext.processCommand(CLIProcessor.java:376) [dev.metaschema.java.cli-processor-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.cli.processor.CLIProcessor.parseCommand(CLIProcessor.java:175) [dev.metaschema.java.cli-processor-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.cli.processor.CLIProcessor.process(CLIProcessor.java:158) [dev.metaschema.java.cli-processor-1.2.0.jar:?]
	at gov.nist.secauto.oscal.tools.cli.core.CLI.runCli(CLI.java:69) [dev.metaschema.oscal.oscal-cli-enhanced-2.2.0.jar:?]
	at gov.nist.secauto.oscal.tools.cli.core.CLI.main(CLI.java:39) [dev.metaschema.oscal.oscal-cli-enhanced-2.2.0.jar:?]
Caused by: java.lang.IllegalArgumentException: Invalid UUID string: Arbitrary String
	at java.base/java.util.UUID.fromString(UUID.java:215) ~[?:?]
	at gov.nist.secauto.metaschema.core.datatype.adapter.UuidAdapter.parse(UuidAdapter.java:48) ~[dev.metaschema.java.metaschema-core-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.core.datatype.adapter.UuidAdapter.parse(UuidAdapter.java:23) ~[dev.metaschema.java.metaschema-core-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.core.datatype.AbstractDataTypeAdapter.parse(AbstractDataTypeAdapter.java:131) ~[dev.metaschema.java.metaschema-core-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.MetaschemaJsonReader.readScalarItem(MetaschemaJsonReader.java:358) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.MetaschemaJsonReader.readItemFlag(MetaschemaJsonReader.java:264) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.model.IBoundInstanceFlag.readItem(IBoundInstanceFlag.java:110) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.MetaschemaJsonReader.readInstance(MetaschemaJsonReader.java:230) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.MetaschemaJsonReader.readObjectProperty(MetaschemaJsonReader.java:255) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.MetaschemaJsonReader$PropertyBodyHandler.accept(MetaschemaJsonReader.java:548) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.MetaschemaJsonReader.readComplexDefinitionObject(MetaschemaJsonReader.java:421) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.MetaschemaJsonReader.readItemAssembly(MetaschemaJsonReader.java:324) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.model.IBoundInstanceModelAssembly.readItem(IBoundInstanceModelAssembly.java:72) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.model.IBoundInstanceModelAssembly.readItem(IBoundInstanceModelAssembly.java:26) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.MetaschemaJsonReader$ModelInstanceReadHandler.readItem(MetaschemaJsonReader.java:763) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.MetaschemaJsonReader$ModelInstanceReadHandler.readList(MetaschemaJsonReader.java:697) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.model.info.ListCollectionInfo.readItems(ListCollectionInfo.java:79) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.model.info.ListCollectionInfo.readItems(ListCollectionInfo.java:22) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.MetaschemaJsonReader.readModelInstance(MetaschemaJsonReader.java:238) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.MetaschemaJsonReader.readObjectProperty(MetaschemaJsonReader.java:253) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.MetaschemaJsonReader$PropertyBodyHandler.accept(MetaschemaJsonReader.java:548) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.MetaschemaJsonReader.readComplexDefinitionObject(MetaschemaJsonReader.java:421) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.MetaschemaJsonReader.readItemAssembly(MetaschemaJsonReader.java:324) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.model.IBoundInstanceModelAssembly.readItem(IBoundInstanceModelAssembly.java:72) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.model.IBoundInstanceModelAssembly.readItem(IBoundInstanceModelAssembly.java:26) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.MetaschemaJsonReader$ModelInstanceReadHandler.readItem(MetaschemaJsonReader.java:763) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.MetaschemaJsonReader$ModelInstanceReadHandler.readList(MetaschemaJsonReader.java:697) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.model.info.ListCollectionInfo.readItems(ListCollectionInfo.java:79) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.model.info.ListCollectionInfo.readItems(ListCollectionInfo.java:22) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.MetaschemaJsonReader.readModelInstance(MetaschemaJsonReader.java:238) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.MetaschemaJsonReader.readObjectProperty(MetaschemaJsonReader.java:253) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.MetaschemaJsonReader$PropertyBodyHandler.accept(MetaschemaJsonReader.java:548) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.MetaschemaJsonReader.readComplexDefinitionObject(MetaschemaJsonReader.java:421) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.MetaschemaJsonReader.readItemAssembly(MetaschemaJsonReader.java:324) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.model.IBoundInstanceModelAssembly.readItem(IBoundInstanceModelAssembly.java:72) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.model.IBoundInstanceModelAssembly.readItem(IBoundInstanceModelAssembly.java:26) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.MetaschemaJsonReader$ModelInstanceReadHandler.readItem(MetaschemaJsonReader.java:763) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.MetaschemaJsonReader$ModelInstanceReadHandler.readList(MetaschemaJsonReader.java:697) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.model.info.ListCollectionInfo.readItems(ListCollectionInfo.java:79) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.model.info.ListCollectionInfo.readItems(ListCollectionInfo.java:22) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.MetaschemaJsonReader.readModelInstance(MetaschemaJsonReader.java:238) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.MetaschemaJsonReader.readObjectProperty(MetaschemaJsonReader.java:253) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.MetaschemaJsonReader$PropertyBodyHandler.accept(MetaschemaJsonReader.java:548) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.MetaschemaJsonReader.readComplexDefinitionObject(MetaschemaJsonReader.java:421) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.MetaschemaJsonReader.readItemAssembly(MetaschemaJsonReader.java:324) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.model.IBoundInstanceModelAssembly.readItem(IBoundInstanceModelAssembly.java:72) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.model.IBoundInstanceModelAssembly.readItem(IBoundInstanceModelAssembly.java:26) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.MetaschemaJsonReader$ModelInstanceReadHandler.readItem(MetaschemaJsonReader.java:763) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.model.info.IModelInstanceReadHandler.readSingleton(IModelInstanceReadHandler.java:18) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.model.info.SingletonCollectionInfo.readItems(SingletonCollectionInfo.java:67) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.MetaschemaJsonReader.readModelInstance(MetaschemaJsonReader.java:238) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.MetaschemaJsonReader.readObjectProperty(MetaschemaJsonReader.java:253) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.MetaschemaJsonReader$PropertyBodyHandler.accept(MetaschemaJsonReader.java:548) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.MetaschemaJsonReader.readComplexDefinitionObject(MetaschemaJsonReader.java:421) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.MetaschemaJsonReader.readItemAssembly(MetaschemaJsonReader.java:346) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.model.IBoundDefinitionModelAssembly.readItem(IBoundDefinitionModelAssembly.java:75) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.model.IBoundDefinitionModelAssembly.readItem(IBoundDefinitionModelAssembly.java:29) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.MetaschemaJsonReader.readObjectRoot(MetaschemaJsonReader.java:193) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.json.DefaultJsonDeserializer.deserializeToNodeItemInternal(DefaultJsonDeserializer.java:99) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	at gov.nist.secauto.metaschema.databind.io.AbstractDeserializer.deserializeToNodeItem(AbstractDeserializer.java:79) ~[dev.metaschema.java.metaschema-databind-1.2.0.jar:?]
	... 12 more

Here is the by-component section that is causing this error as well:

"by-components":[
    {
        "component-uuid":"Arbitrary String",
        "uuid":"99b0cda2-3512-5af1-897a-76798e6b6438",
        "description":"Private Implementation details and description for the following control statement: AC-01.a",
        "set-parameters":[
            {
                "param-id":"ac-1_prm_1",
                "values":[
                    "Professors, Janitorial Staff, support Staff, and students"
                ]
            },
            {
                "param-id":"ac-1_prm_2",
                "values":[
                    "Hogwarts groups, buildings, and all rooms, contents, dungeouns, and corridors"
                ]
            }
        ],
        "implementation-status":{
            "state":"planned"
        },
        "remarks":"Some actual additional comments."
    }
]

@david-waltermire
Copy link
Member

@Telos-sa The stack trace you provided is fine. Thanks for the quick turn around!

@david-waltermire
Copy link
Member

The problem is in "component-uuid":"Arbitrary String", . Arbitrary String is not a valid UUID value. I am working on a fix that will provide more context around where there error is, but otherwise this is a content issue.

david-waltermire added a commit to metaschema-framework/metaschema-java that referenced this issue Oct 28, 2024
@david-waltermire
Improved error handling for data type conformance issues. Related to G…
300e4ec 
…SA/fedramp-automation#823.
david-waltermire added a commit to metaschema-framework/metaschema-java that referenced this issue Oct 28, 2024
@david-waltermire
Improved error handling for data type conformance issues. Related to G…
9d93cfd 
…SA/fedramp-automation#823.
david-waltermire added a commit to metaschema-framework/metaschema-java that referenced this issue Oct 30, 2024
@david-waltermire
Improved error handling to better report errors such as in #221.
70f0436 
Changed expected behavior in unit test to provide null values in JSON and empty values in XML, which is consistent with current behavior.
Improved error handling for data type conformance issues. Related to GSA/fedramp-automation#823.
david-waltermire added a commit to metaschema-framework/metaschema-java that referenced this issue Oct 30, 2024
@david-waltermire
Improved error handling to better report errors such as in #221.
ac4cd0f 
Changed expected behavior in unit test to provide null values in JSON and empty values in XML, which is consistent with current behavior.
Improved error handling for data type conformance issues. Related to GSA/fedramp-automation#823.
@aj-stein-gsa
Copy link
Contributor

For @aj-stein-gsa need to revisit the output and confirm improved error handling in 2.3.0 or newer release of oscal-cli.

@aj-stein-gsa aj-stein-gsa moved this from 🛑 Blocked to 🔖 Ready in FedRAMP Automation Nov 5, 2024
@aj-stein-gsa
Copy link
Contributor

Tried another snapshot release of 2.3.1 and it is still reporting the same error as repeated. Will follow up in the upstream project as this is an issue with oscal-cli.

@aj-stein-gsa
Copy link
Contributor

Will keep this in the blocked state until I determine next steps on whether this fix was in scope for a 2.3.1 fix or not.

david-waltermire added a commit to david-waltermire/metaschema-java that referenced this issue Nov 7, 2024
@david-waltermire
Addressed incosistent handling of data type parsing calls to provide …
0ca2520 
…more consistent error reporting for data type related errors. Addresses GSA/fedramp-automation#823
david-waltermire added a commit to david-waltermire/metaschema-java that referenced this issue Nov 7, 2024
@david-waltermire
Addressed inconsistent handling of data type parsing calls to provide…
65f9953 
… more consistent error reporting for data type related errors. Addresses GSA/fedramp-automation#823
@david-waltermire david-waltermire mentioned this issue Nov 7, 2024
Merged
8 tasks
david-waltermire added a commit to david-waltermire/metaschema-java that referenced this issue Nov 9, 2024
@david-waltermire
Addressed inconsistent handling of data type parsing calls to provide…
a6c8159 
… more consistent error reporting for data type related errors. Addresses GSA/fedramp-automation#823
david-waltermire added a commit to david-waltermire/metaschema-java that referenced this issue Nov 9, 2024
@david-waltermire
Addressed inconsistent handling of data type parsing calls to provide…
9d92dba 
… more consistent error reporting for data type related errors. Addresses GSA/fedramp-automation#823
david-waltermire added a commit to metaschema-framework/metaschema-java that referenced this issue Nov 9, 2024
@david-waltermire
Addressed inconsistent handling of data type parsing calls to provide…
57b7d8e 
… more consistent error reporting for data type related errors. Addresses GSA/fedramp-automation#823
@aj-stein-gsa
Copy link
Contributor

Per metaschema-framework/metaschema-java#239 the upstream project has made the error handling message more precise, including limiting the stack trace for this given scenario and identifying the precise line with the issue.

% oscal-cli --version
oscal-cli 2.3.1 built at 2024-11-09 22:03 from branch 626ab999e3ff69b81b3775d22d18f834d3c92638 (626ab99) at https://github.com/metaschema-framework/oscal-cli
liboscal-java  built at 2024-11-09 21:49 from branch 32b8e398eab9fedd371fc4b3f1519170fb46a1d7 (32b8e39) at https://github.com/metaschema-framework/liboscal-java
oscal v1.1.2 built at 2024-11-09 21:49 from branch 4f02dac6f698efda387cc5f55bc99581eaf494b6 (4f02dac) at https://github.com/usnistgov/OSCAL.git
metaschema-java 2.0.1 built at 2024-11-09T21:13:35+0000 from branch 964b8456020ec810a0eb885208dda4584c660f9a (964b845) at https://github.com/metaschema-framework/metaschema-java
metaschema  built at 2024-11-09T21:13:35+0000 from branch b6601f7430f83f1a53a11bf32575b69e131bc912 (b6601f7) at https://github.com/metaschema-framework/metaschema.git
% oscal-cli validate ssp-all-VALID.xml
Validating 'file:/home/me/fedramp-automation/src/validations/constraints/content/ssp-all-VALID.xml' as XML.
java.io.IOException: An unexpected error occurred during parsing: Malformed data 'Arbitrary string' at 334:7. Value 'Arbitrary string' is not a valid UUID.
% oscal-cli validate ssp-all-VALID.xml --disable-schema-validation
Validating 'file:/home/me/fedramp-automation/src/validations/constraints/content/ssp-all-VALID.xml' as XML.
java.io.IOException: An unexpected error occurred during parsing: Malformed data 'Arbitrary string' at 334:7. Value 'Arbitrary string' is not a valid UUID.

I will close as not planned even though it is resolved because there was no immediate change to FedRAMP data, documentation, or tools. I hope this improvement helps.

@aj-stein-gsa aj-stein-gsa closed this as not planned Won't fix, can't repro, duplicate, stale Nov 15, 2024
@github-project-automation github-project-automation bot moved this from 🔖 Ready to ✅ Done in FedRAMP Automation Nov 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aj-stein-gsa aj-stein-gsa

Labels
bug Something isn't working
Projects
FedRAMP Automation
Archived in project
Milestone
No milestone
Development

No branches or pull requests
3 participants
@david-waltermire @Telos-sa @aj-stein-gsa