Crashing when validating a JSON with external constraints #292
Labels
bug
Something isn't working
Comments
|
I believe it may be the metaschema constraint itself that is malformed? |
david-waltermire
added a commit
to david-waltermire/metaschema-java
that referenced
this issue
Jul 28, 2024
…d to distinguish provided model bindings. - Added support for capturing parsed location information in bound objects. This will be useful for producing context for validation results. - Fixed bugs causing the ordering of generated classes to be chaotic. Also fixed bugs causing binding configurations to match based on minor URI differences caused by inconsistent behavior between file and path URI productions. - Updated Metaschema module binding to incorporate latest module changes. - Added support for exposing parse locations in validation results. - Added support for producing Static Analysis Results Interchange Format (SARIF) results based on schema and constraint validation results. - Added SARIF CLI output option to validate command. - Added support for including rules and artifact information in SARIF results. SARIF files now work on commonly available viewers. - Added constraint formal-name and description to SARIF output, allowing human readers to better understand why the result was produced. - Added a GUID to SARIF output for each rule. - Adjusted constraint result production to allow for pass results to be produced, which supports producing SARIF result that include both pass and fail statuses using an API-level configuration. - Added methods to handle making URIs relative to another URI. - Ensured proper handling of Metapath errors during validation. Resolves usnistgov/oscal-cli#292 - Fixed compile and PMD warnings. - Added some Javadocs.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
An uncaught runtime error occurs when validating a JSON file (profile.json) using the OSCAL CLI tool. The error is related to evaluating a Metapath expression involving the recurse-depth function.
Who is the bug affecting?
Users of the OSCAL CLI tool who are attempting to validate OSCAL profile JSON files.
What is affected by this bug?
The validation process for OSCAL profile JSON files is affected. Users are unable to successfully validate their profiles due to this error.
When does this occur?
This occurs during the execution of the validate command on the OSCAL CLI tool when processing a profile JSON file.
How do we replicate the issue?
Use the OSCAL CLI tool
Run the validate command on a profile JSON file: oscal-cli validate profile.json
Observe the runtime error in the output
Expected behavior (i.e. solution)
The OSCAL CLI tool should successfully validate the profile JSON file without throwing a runtime error. It should either confirm the file is valid or provide specific validation errors if the file does not meet the schema requirements.
Other Comments
The root cause appears to be in the evaluation of the Metapath expression:
map:merge(recurse-depth($all-imports)/metadata/role ! map:entry(@id,.))?*Specifically, the error suggests that the recurse-depth function is expecting a sequence of one item but is receiving 0:
MPTY0004: a sequence of one expected, but found '0'This could indicate that the $all-imports variable is empty or not properly populated when this expression is e
valuated. Further investigation into the profile structure and the recurse-depth function implementation may be necessary to resolve this issue.
The error occurs in the gov.nist.secauto.metaschema.core.metapath.MetapathExpression.evaluate method, which is part of the Metaschema core library. Debugging this method and the associated recurse-depth function could provide more insights into the problem.
gov.nist.secauto.metaschema.core.metapath.MetapathException: An error occurred while evaluating the expression 'map:merge(recurse-depth($all-imports)/metadata/role ! map:entry(@id,.))?*'. at gov.nist.secauto.metaschema.core.metapath.MetapathExpression.evaluate(MetapathExpression.java:446) ~[gov.nist.secauto.metaschema.metaschema-core-1.0.0-M2-SNAPSHOT.jar:?] at gov.nist.secauto.metaschema.core.model.constraint.IConstraint.matchTargets(IConstraint.java:163) ~[gov.nist.secauto.metaschema.metaschema-core-1.0.0-M2-SNAPSHOT.jar:?] at gov.nist.secauto.metaschema.core.model.constraint.DefaultConstraintValidator.validateIndex(DefaultConstraintValidator.java:316) ~[gov.nist.secauto.metaschema.metaschema-core-1.0.0-M2-SNAPSHOT.jar:?] at gov.nist.secauto.metaschema.core.model.constraint.DefaultConstraintValidator.validateAssembly(DefaultConstraintValidator.java:230) ~[gov.nist.secauto.metaschema.metaschema-core-1.0.0-M2-SNAPSHOT.jar:?] at gov.nist.secauto.metaschema.core.model.constraint.DefaultConstraintValidator$Visitor.visitAssembly(DefaultConstraintValidator.java:943) ~[gov.nist.secauto.metaschema.metaschema-core-1.0.0-M2-SNAPSHOT.jar:?] at gov.nist.secauto.metaschema.core.model.constraint.DefaultConstraintValidator$Visitor.visitAssembly(DefaultConstraintValidator.java:880) ~[gov.nist.secauto.metaschema.metaschema-core-1.0.0-M2-SNAPSHOT.jar:?] at gov.nist.secauto.metaschema.core.metapath.item.node.IAssemblyNodeItem.accept(IAssemblyNodeItem.java:63) ~[gov.nist.secauto.metaschema.metaschema-core-1.0.0-M2-SNAPSHOT.jar:?] at gov.nist.secauto.metaschema.core.metapath.item.node.AbstractNodeItemVisitor.visitModelChildren(AbstractNodeItemVisitor.java:98) ~[gov.nist.secauto.metaschema.metaschema-core-1.0.0-M2-SNAPSHOT.jar:?] at gov.nist.secauto.metaschema.core.metapath.item.node.AbstractNodeItemVisitor.visitDocument(AbstractNodeItemVisitor.java:179) ~[gov.nist.secauto.metaschema.metaschema-core-1.0.0-M2-SNAPSHOT.jar:?] at gov.nist.secauto.metaschema.core.metapath.item.node.IDocumentNodeItem.accept(IDocumentNodeItem.java:103) ~[gov.nist.secauto.metaschema.metaschema-core-1.0.0-M2-SNAPSHOT.jar:?] at gov.nist.secauto.metaschema.core.model.constraint.DefaultConstraintValidator.validate(DefaultConstraintValidator.java:159) ~[gov.nist.secauto.metaschema.metaschema-core-1.0.0-M2-SNAPSHOT.jar:?] at gov.nist.secauto.metaschema.databind.IBindingContext.validate(IBindingContext.java:361) ~[gov.nist.secauto.metaschema.metaschema-databind-1.0.0-M2-SNAPSHOT.jar:?] at gov.nist.secauto.metaschema.databind.IBindingContext.validateWithConstraints(IBindingContext.java:417) ~[gov.nist.secauto.metaschema.metaschema-databind-1.0.0-M2-SNAPSHOT.jar:?] at gov.nist.secauto.metaschema.databind.IBindingContext.validate(IBindingContext.java:391) ~[gov.nist.secauto.metaschema.metaschema-databind-1.0.0-M2-SNAPSHOT.jar:?] at gov.nist.secauto.metaschema.cli.commands.AbstractValidateContentCommand$AbstractValidationCommandExecutor.execute(AbstractValidateContentCommand.java:266) ~[gov.nist.secauto.metaschema.metaschema-cli-1.0.0-M2-SNAPSHOT.jar:?] at gov.nist.secauto.metaschema.cli.processor.CLIProcessor$CallingContext.invokeCommand(CLIProcessor.java:426) ~[gov.nist.secauto.metaschema.cli-processor-1.0.0-M2-SNAPSHOT.jar:?] at gov.nist.secauto.metaschema.cli.processor.CLIProcessor$CallingContext.processCommand(CLIProcessor.java:397) [gov.nist.secauto.metaschema.cli-processor-1.0.0-M2-SNAPSHOT.jar:?] at gov.nist.secauto.metaschema.cli.processor.CLIProcessor.parseCommand(CLIProcessor.java:196) [gov.nist.secauto.metaschema.cli-processor-1.0.0-M2-SNAPSHOT.jar:?] at gov.nist.secauto.metaschema.cli.processor.CLIProcessor.process(CLIProcessor.java:179) [gov.nist.secauto.metaschema.cli-processor-1.0.0-M2-SNAPSHOT.jar:?] at gov.nist.secauto.oscal.tools.cli.core.CLI.runCli(CLI.java:88) [gov.nist.secauto.oscal.tools.oscal-cli.cli-core-1.1.0-SNAPSHOT.jar:?] at gov.nist.secauto.oscal.tools.cli.core.CLI.main(CLI.java:59) [gov.nist.secauto.oscal.tools.oscal-cli.cli-core-1.1.0-SNAPSHOT.jar:?] Caused by: gov.nist.secauto.metaschema.core.metapath.MetapathException: Unable to execute function 'Q{http://csrc.nist.gov/ns/metaschema/metapath-functions}recurse-depth(recursePath as meta:string) as meta:node*' at gov.nist.secauto.metaschema.core.metapath.function.DefaultFunction.execute(DefaultFunction.java:350) ~[gov.nist.secauto.metaschema.metaschema-core-1.0.0-M2-SNAPSHOT.jar:?] at gov.nist.secauto.metaschema.core.metapath.cst.StaticFunctionCall.accept(StaticFunctionCall.java:115) ~[gov.nist.secauto.metaschema.metaschema-core-1.0.0-M2-SNAPSHOT.jar:?] at gov.nist.secauto.metaschema.core.metapath.cst.path.RelativeSlashPath.accept(RelativeSlashPath.java:61) ~[gov.nist.secauto.metaschema.metaschema-core-1.0.0-M2-SNAPSHOT.jar:?] at gov.nist.secauto.metaschema.core.metapath.cst.path.RelativeSlashPath.accept(RelativeSlashPath.java:61) ~[gov.nist.secauto.metaschema.metaschema-core-1.0.0-M2-SNAPSHOT.jar:?] at gov.nist.secauto.metaschema.core.metapath.cst.SimpleMap.accept(SimpleMap.java:44) ~[gov.nist.secauto.metaschema.metaschema-core-1.0.0-M2-SNAPSHOT.jar:?] at gov.nist.secauto.metaschema.core.metapath.cst.StaticFunctionCall.lambda$accept$0(StaticFunctionCall.java:110) ~[gov.nist.secauto.metaschema.metaschema-core-1.0.0-M2-SNAPSHOT.jar:?] at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197) ~[?:?] at java.base/java.util.AbstractList$RandomAccessSpliterator.forEachRemaining(AbstractList.java:722) ~[?:?] at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509) ~[?:?] at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499) ~[?:?] at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:921) ~[?:?] at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?] at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:682) ~[?:?] at gov.nist.secauto.metaschema.core.metapath.cst.StaticFunctionCall.accept(StaticFunctionCall.java:112) ~[gov.nist.secauto.metaschema.metaschema-core-1.0.0-M2-SNAPSHOT.jar:?] at gov.nist.secauto.metaschema.core.metapath.cst.PostfixLookup.accept(PostfixLookup.java:67) ~[gov.nist.secauto.metaschema.metaschema-core-1.0.0-M2-SNAPSHOT.jar:?] at gov.nist.secauto.metaschema.core.metapath.MetapathExpression.evaluate(MetapathExpression.java:443) ~[gov.nist.secauto.metaschema.metaschema-core-1.0.0-M2-SNAPSHOT.jar:?] ... 20 more Caused by: gov.nist.secauto.metaschema.core.metapath.InvalidTypeMetapathException: MPTY0004: a sequence of one expected, but found '0' at gov.nist.secauto.metaschema.core.metapath.function.DefaultFunction.convertArguments(DefaultFunction.java:207) ~[gov.nist.secauto.metaschema.metaschema-core-1.0.0-M2-SNAPSHOT.jar:?] at gov.nist.secauto.metaschema.core.metapath.function.DefaultFunction.execute(DefaultFunction.java:322) ~[gov.nist.secauto.metaschema.metaschema-core-1.0.0-M2-SNAPSHOT.jar:?] at gov.nist.secauto.metaschema.core.metapath.cst.StaticFunctionCall.accept(StaticFunctionCall.java:115) ~[gov.nist.secauto.metaschema.metaschema-core-1.0.0-M2-SNAPSHOT.jar:?] at gov.nist.secauto.metaschema.core.metapath.cst.path.RelativeSlashPath.accept(RelativeSlashPath.java:61) ~[gov.nist.secauto.metaschema.metaschema-core-1.0.0-M2-SNAPSHOT.jar:?] at gov.nist.secauto.metaschema.core.metapath.cst.path.RelativeSlashPath.accept(RelativeSlashPath.java:61) ~[gov.nist.secauto.metaschema.metaschema-core-1.0.0-M2-SNAPSHOT.jar:?] at gov.nist.secauto.metaschema.core.metapath.cst.SimpleMap.accept(SimpleMap.java:44) ~[gov.nist.secauto.metaschema.metaschema-core-1.0.0-M2-SNAPSHOT.jar:?] at gov.nist.secauto.metaschema.core.metapath.cst.StaticFunctionCall.lambda$accept$0(StaticFunctionCall.java:110) ~[gov.nist.secauto.metaschema.metaschema-core-1.0.0-M2-SNAPSHOT.jar:?] at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197) ~[?:?] at java.base/java.util.AbstractList$RandomAccessSpliterator.forEachRemaining(AbstractList.java:722) ~[?:?] at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509) ~[?:?] at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499) ~[?:?] at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:921) ~[?:?] at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?] at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:682) ~[?:?] at gov.nist.secauto.metaschema.core.metapath.cst.StaticFunctionCall.accept(StaticFunctionCall.java:112) ~[gov.nist.secauto.metaschema.metaschema-core-1.0.0-M2-SNAPSHOT.jar:?] at gov.nist.secauto.metaschema.core.metapath.cst.PostfixLookup.accept(PostfixLookup.java:67) ~[gov.nist.secauto.metaschema.metaschema-core-1.0.0-M2-SNAPSHOT.jar:?] at gov.nist.secauto.metaschema.core.metapath.MetapathExpression.evaluate(MetapathExpression.java:443) ~[gov.nist.secauto.metaschema.metaschema-core-1.0.0-M2-SNAPSHOT.jar:?] ... 20 moreprofile.json
fedramp-constraints
oscal-constraints
The text was updated successfully, but these errors were encountered: