search

usnistgov / OSCAL

Open Security Controls Assessment Language (OSCAL)
https://pages.nist.gov/OSCAL/
Other
671 stars 182 forks source link

How to handle back-matter href's to files with spaces in their names #2040

Closed Telos-sa closed 2 months ago

Telos-sa commented 2 months ago

Question

We have a bunch of back-matter elements with a rlinks>href to a file included in the OSCAL export (example back-matter element provided below). All of these validate fine unless it has spaces in the href string - the validator will mark these href's as errors. How should we handle spaces in file names?

[ERROR] [#/system-security-plan/back-matter/resources/2/rlinks/0/href] #/system-security-plan/back-matter/resources/2/rlinks/0/href: [resources/Nessus Training 5 Assets.nessus] is not a valid URI reference

{
  "uuid":"13ac05f6-bf24-5c59-9aa4-e4bae53751fb",
  "title":"image-20240822155320-1.png",
  "description":"Uploaded file.",
  "props":[
      {
          "name":"type",
          "ns":"http://csrc.nist.gov/ns/oscal",
          "value":"01d7103ae4-7a3-0f8"
      }
  ],
  "rlinks":[
      {
          "href":"resources/image-20240822155320-1.png",
          "media-type":"image/png",
          "hashes":[
              {
                  "algorithm":"SHA-384",
                  "value":"7f328f5d4e87c61bb7f4d053b6c46153"
              }
          ]
      }
  ]
  }
iMichaela commented 2 months ago

@Telos-sa - Stephanie, can you programmatically replace the spaces in the href with %20 ?

For example:

resources/Nessus Training 5 Assets.nessus

is the same with

resources/Nessus%20Training%205%20Assets.nessus

Can you please test and let me know if it fixes your problem?

aj-stein-gsa commented 2 months ago

@Telos-sa - Stephanie, can you programmatically replace the spaces in the href with %20 ?

Just a heads up, this is the right answer per the docs that reference RFC3986, see Section 2.1.

iMichaela commented 2 months ago

@Telos-sa - Stephanie, can you programmatically replace the spaces in the href with %20 ?

Just a heads up, this is the right answer per the docs that reference RFC3986, see Section 2.1.

Thank you, @aj-stein-gsa

Telos-sa commented 2 months ago

Thank you @iMichaela that fixed the issue. And thanks @aj-stein-gsa for pointing us to where we can get that from the docs for future issues.

iMichaela commented 2 months ago

@Telos-sa - Happy to hear the issue was addressed. @aj-stein-gsa - thank you for adding the official doc information. I am closing then the issue.