Error uploading json with descriptions field

[Bialogs]

The InSpec output that our tests are generating has this additional "descriptions": field that is not included in the control.rb model.

"controls": [
        {
          "id": "V-13613",
          "title": "The Web site software ...",
          "desc": "The IAVM process ...",
          "descriptions": [
            {
              "label": "default",
              "data": "The IAVM process ..."
            }
          ],
          "impact": 0.5,
          "etc": "etc ..."
       }]

When uploading an evaluation that includes this field, the following error is thrown:

Attempted to set a value for 'descriptions' which is not allowed on the model Control.
summary:
  Without including Mongoid::Attributes::Dynamic in your model and the attribute does not already 
  exist in the attributes hash, attempting to call Control#descriptions= for it is not allowed. This is also
 triggered by passing the attribute to any method that accepts an attributes hash, and is raised instead 
  of getting a NoMethodError.
resolution:
  You can include Mongoid::Attributes::Dynamic if you expect to be writing values for undefined fields often.

Is this a problem with our InSpec output? How can I correct that? If not, I have a fix ready to go that adds the following to control.rb and lets me upload my evaluation without a problem.

  field :descriptions, type: Array, default: []

[aaronlippold]

This is related to the new InSpec 3.x data structures.

72

We need to update vulcan, heimdall and heimdall-lite to support these additional features

[aaronlippold]

I actually want a couple things out of that PR for both Heimdall and Heimdall-Lite and Vulcan and the _tools.

( please create an issues on each project for this - and create a PR or PRs to cover the 6 elements )

• [ ] That we update the parsing to allow for either a tag fix and check or a desc, fix and check.
• [ ] That we allow for allow for three new types: desc, justification, caveat, discussion a. That caveat and or justification are appended to the 'Finding Details' b. We actually search for /*caveat*/ and /*justification*/ - such that myorg-/_caveat is discovered. b. that discussion or /*discussion*/ be appended to the bottom of the general description - such that vulnerability_discussion would be discovered.
• [ ] That we support both text based impacts and numeric based impacts a. that our default is the text based impact b. that we 'display' the text based impact but put the numeric in if it was used high (0.7)
• [ ] That we update inspec_tools and heimdall_tools to use the new sub-sections and text based impacts
• [ ] That CAT I / CAT II / CAT III be replaced by High / Medium / Low
• [ ] That our tools do not create code that uses " where ' are the correct style

72

[Bialogs]

@aaronlippold For what its worth, this data set works as-is on the version of heimdall-lite we have been using