search

docker-archive / oscalkit

NIST OSCAL SDK and CLI
https://docker.github.io/oscalkit/
Other
36 stars 23 forks source link

Generate command doesn't properly handle relative profile imports #57

Closed anweiss closed 5 years ago

anweiss commented 5 years ago

When executing oscalkit generate and processing profile import's, relative paths are not being taken into account properly. We're incorrectly taking the path relative to the directory from which the oscalkit CLI is being run. However, we instead should be taking the path relative to the directory in which the profile is stored. The implementation of the following function looks to be the culprit:

https://github.com/docker/oscalkit/blob/d66e30b99ca1454f7dfd40ba5982bd7ed8be8ef2/generator/reader.go#L49

So for example, if I execute oscalkit generate -p /someDir/profile.xml and profile.xml has a relative import like ../catalog.xml, then the directory that needs to be searched is /someDir and not the directory in which the oscalkit generate command is being run.

This supports #18 and #12

minhaj10p commented 5 years ago

@anweiss issue addressed in https://github.com/docker/oscalkit/pull/58 which is dependent upon https://github.com/docker/oscalkit/pull/52

minhaj10p commented 5 years ago

@anweiss We can close this issue once #66 gets merged.

anweiss commented 5 years ago

awesome, thanks @minhaj10p