search

usnistgov / oscal-cli

A simple open source command line tool to support common operations over OSCAL content.
Other
41 stars 19 forks source link

Validation of XML content generated invalid converted JSON content #289

Open iMichaela opened 3 months ago

iMichaela commented 3 months ago

Describe the bug

In XML version of any OSCAL content, empty fields like are passed as valid, but when converted to JSON, those fields are removed being empty, resulting in invalid JSON content

Who is the bug affecting?

User of oscal-cli tool

What is affected by this bug?

Any OSCAL content that exhibits use cases like the ones described above

When does this occur?

OSCAL content considered valid in XML (like the snippet below:

<by-component component-uuid="2d92b6f3-1260-421c-9bda-5c4a7739fcd3" uuid="3353be30-2622-4452-ad36-7cd34cbfa191">
          <description></description>
          <export>
            <description>
              <p>The AMB manages access control to the infrastructure for the AWS authorized personnel.</p> 
              <p>Consumer's responsible parties can be included in an Access Control List (ACL) used by AWS to grant access to AMB infrastructure for administrative reasons.</p> 
              <p>Responsible parties' account management and ACL update are Consumer's responsibilities.</p>
            </description>
            <provided uuid="0dd795bd-d1fd-487c-8bab-11edcf25f544">
              <description>
                <p>The AMB manages access to the infrastructure for the Consumer's responsible parties identified in an Access Control List (ACL)</p>
              </description>
            </provided>
            <responsibility uuid="72b9e21f-67d0-4093-b7b0-116e89b493a9" provided-uuid="9c4a8b31-fe34-4b5f-933d-2a1c448a4ef2">
              <description>
                <p>It is Customer's responsibility to identify the responsible parties which need access to the AMB infractrusture, their roles, and to update the ACL used by AMB to enforce access to the resources.</p>
              </description>
            </responsibility>
          </export>
        </by-component>

will be converted to JSON without the empty by-component/description (the second line in the above example), and when such field is mandatory, the resulting JSON content will not be valid.

How do we replicate the issue?

See above

Expected behavior (i.e. solution)

Consistency between XML and JSON formats and consistent conversion.