Source code

001package gov.nist.secauto.oscal.lib.model;
002
003import gov.nist.secauto.metaschema.binding.model.annotations.AllowedValue;
004import gov.nist.secauto.metaschema.binding.model.annotations.AllowedValues;
005import gov.nist.secauto.metaschema.binding.model.annotations.BoundAssembly;
006import gov.nist.secauto.metaschema.binding.model.annotations.BoundField;
007import gov.nist.secauto.metaschema.binding.model.annotations.BoundFieldValue;
008import gov.nist.secauto.metaschema.binding.model.annotations.BoundFlag;
009import gov.nist.secauto.metaschema.binding.model.annotations.GroupAs;
010import gov.nist.secauto.metaschema.binding.model.annotations.MetaschemaAssembly;
011import gov.nist.secauto.metaschema.binding.model.annotations.ValueConstraints;
012import gov.nist.secauto.metaschema.model.common.JsonGroupAsBehavior;
013import gov.nist.secauto.metaschema.model.common.constraint.IConstraint;
014import gov.nist.secauto.metaschema.model.common.datatype.adapter.TokenAdapter;
015import gov.nist.secauto.metaschema.model.common.datatype.adapter.UuidAdapter;
016import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupLine;
017import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupLineAdapter;
018import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultiline;
019import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultilineAdapter;
020import gov.nist.secauto.metaschema.model.common.util.ObjectUtils;
021import java.lang.Override;
022import java.lang.String;
023import java.util.LinkedList;
024import java.util.List;
025import java.util.UUID;
026import org.apache.commons.lang3.builder.MultilineRecursiveToStringStyle;
027import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
028
029/**
030 * Describes either recommended or an actual plan for addressing the risk.
031 */
032@MetaschemaAssembly(
033    formalName = "Risk Response",
034    description = "Describes either recommended or an actual plan for addressing the risk.",
035    name = "response",
036    metaschema = OscalAssessmentCommonMetaschema.class
037)
038@ValueConstraints(
039    allowedValues = {
040        @AllowedValues(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name", values = @AllowedValue(value = "type", description = "")),
041        @AllowedValues(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='type']/@value", values = {@AllowedValue(value = "avoid", description = "The risk will be eliminated."), @AllowedValue(value = "mitigate", description = "The risk will be reduced."), @AllowedValue(value = "transfer", description = "The risk will be transferred to another organization or entity."), @AllowedValue(value = "accept", description = "The risk will continue to exist without further efforts to address it. (Sometimes referred to as \"Operationally required\")"), @AllowedValue(value = "share", description = "The risk will be partially transferred to another organization or entity."), @AllowedValue(value = "contingency", description = "Plans will be made to address the risk impact if the risk occurs. (This is a form of mitigation.)"), @AllowedValue(value = "none", description = "No response, such as when the identified risk is found to be a false positive.")})
042    }
043)
044public class Response {
045  @BoundFlag(
046      formalName = "Remediation Universally Unique Identifier",
047      description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope that can be used to reference this remediation elsewhere in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#scope). The locally defined *UUID* of the `risk response` can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same subject across revisions of the document.",
048      useName = "uuid",
049      required = true,
050      typeAdapter = UuidAdapter.class
051  )
052  private UUID _uuid;
053
054  @BoundFlag(
055      formalName = "Remediation Intent",
056      description = "Identifies whether this is a recommendation, such as from an assessor or tool, or an actual plan accepted by the system owner.",
057      useName = "lifecycle",
058      required = true,
059      typeAdapter = TokenAdapter.class
060  )
061  @ValueConstraints(
062      allowedValues = @AllowedValues(level = IConstraint.Level.ERROR, allowOthers = true, values = {@AllowedValue(value = "recommendation", description = "Recommended remediation."), @AllowedValue(value = "planned", description = "The actions intended to resolve the risk."), @AllowedValue(value = "completed", description = "This remediation activities were performed to address the risk.")})
063  )
064  private String _lifecycle;
065
066  /**
067   * "The title for this response activity."
068   */
069  @BoundField(
070      formalName = "Response Title",
071      description = "The title for this response activity.",
072      useName = "title",
073      minOccurs = 1
074  )
075  @BoundFieldValue(
076      typeAdapter = MarkupLineAdapter.class
077  )
078  private MarkupLine _title;
079
080  /**
081   * "A human-readable description of this response plan."
082   */
083  @BoundField(
084      formalName = "Response Description",
085      description = "A human-readable description of this response plan.",
086      useName = "description",
087      minOccurs = 1
088  )
089  @BoundFieldValue(
090      typeAdapter = MarkupMultilineAdapter.class
091  )
092  private MarkupMultiline _description;
093
094  @BoundAssembly(
095      formalName = "Property",
096      description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.",
097      useName = "prop",
098      maxOccurs = -1
099  )
100  @GroupAs(
101      name = "props",
102      inJson = JsonGroupAsBehavior.LIST
103  )
104  private List<Property> _props;
105
106  @BoundAssembly(
107      formalName = "Link",
108      description = "A reference to a local or remote resource, that has a specific relation to the containing object.",
109      useName = "link",
110      maxOccurs = -1
111  )
112  @GroupAs(
113      name = "links",
114      inJson = JsonGroupAsBehavior.LIST
115  )
116  private List<Link> _links;
117
118  @BoundAssembly(
119      formalName = "Origin",
120      description = "Identifies the source of the finding, such as a tool, interviewed person, or activity.",
121      useName = "origin",
122      maxOccurs = -1,
123      remarks = "Used to identify the individual and/or tool that generated this recommended or planned response."
124  )
125  @GroupAs(
126      name = "origins",
127      inJson = JsonGroupAsBehavior.LIST
128  )
129  private List<Origin> _origins;
130
131  /**
132   * "Identifies an asset required to achieve remediation."
133   */
134  @BoundAssembly(
135      formalName = "Required Asset",
136      description = "Identifies an asset required to achieve remediation.",
137      useName = "required-asset",
138      maxOccurs = -1
139  )
140  @GroupAs(
141      name = "required-assets",
142      inJson = JsonGroupAsBehavior.LIST
143  )
144  private List<RequiredAsset> _requiredAssets;
145
146  @BoundAssembly(
147      formalName = "Task",
148      description = "Represents a scheduled event or milestone, which may be associated with a series of assessment actions.",
149      useName = "task",
150      maxOccurs = -1
151  )
152  @GroupAs(
153      name = "tasks",
154      inJson = JsonGroupAsBehavior.LIST
155  )
156  private List<Task> _tasks;
157
158  @BoundField(
159      formalName = "Remarks",
160      description = "Additional commentary about the containing object.",
161      useName = "remarks"
162  )
163  @BoundFieldValue(
164      typeAdapter = MarkupMultilineAdapter.class
165  )
166  private MarkupMultiline _remarks;
167
168  public Response() {
169  }
170
171  public UUID getUuid() {
172    return _uuid;
173  }
174
175  public void setUuid(UUID value) {
176    _uuid = value;
177  }
178
179  public String getLifecycle() {
180    return _lifecycle;
181  }
182
183  public void setLifecycle(String value) {
184    _lifecycle = value;
185  }
186
187  public MarkupLine getTitle() {
188    return _title;
189  }
190
191  public void setTitle(MarkupLine value) {
192    _title = value;
193  }
194
195  public MarkupMultiline getDescription() {
196    return _description;
197  }
198
199  public void setDescription(MarkupMultiline value) {
200    _description = value;
201  }
202
203  public List<Property> getProps() {
204    return _props;
205  }
206
207  public void setProps(List<Property> value) {
208    _props = value;
209  }
210
211  /**
212   * Add a new {@link Property} item to the underlying collection.
213   * @param item the item to add
214   * @return {@code true}
215   */
216  public boolean addProp(Property item) {
217    Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
218    if (_props == null) {
219      _props = new LinkedList<>();
220    }
221    return _props.add(value);
222  }
223
224  /**
225   * Remove the first matching {@link Property} item from the underlying collection.
226   * @param item the item to remove
227   * @return {@code true} if the item was removed or {@code false} otherwise
228   */
229  public boolean removeProp(Property item) {
230    Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
231    return _props == null ? false : _props.remove(value);
232  }
233
234  public List<Link> getLinks() {
235    return _links;
236  }
237
238  public void setLinks(List<Link> value) {
239    _links = value;
240  }
241
242  /**
243   * Add a new {@link Link} item to the underlying collection.
244   * @param item the item to add
245   * @return {@code true}
246   */
247  public boolean addLink(Link item) {
248    Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
249    if (_links == null) {
250      _links = new LinkedList<>();
251    }
252    return _links.add(value);
253  }
254
255  /**
256   * Remove the first matching {@link Link} item from the underlying collection.
257   * @param item the item to remove
258   * @return {@code true} if the item was removed or {@code false} otherwise
259   */
260  public boolean removeLink(Link item) {
261    Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
262    return _links == null ? false : _links.remove(value);
263  }
264
265  public List<Origin> getOrigins() {
266    return _origins;
267  }
268
269  public void setOrigins(List<Origin> value) {
270    _origins = value;
271  }
272
273  /**
274   * Add a new {@link Origin} item to the underlying collection.
275   * @param item the item to add
276   * @return {@code true}
277   */
278  public boolean addOrigin(Origin item) {
279    Origin value = ObjectUtils.requireNonNull(item,"item cannot be null");
280    if (_origins == null) {
281      _origins = new LinkedList<>();
282    }
283    return _origins.add(value);
284  }
285
286  /**
287   * Remove the first matching {@link Origin} item from the underlying collection.
288   * @param item the item to remove
289   * @return {@code true} if the item was removed or {@code false} otherwise
290   */
291  public boolean removeOrigin(Origin item) {
292    Origin value = ObjectUtils.requireNonNull(item,"item cannot be null");
293    return _origins == null ? false : _origins.remove(value);
294  }
295
296  public List<RequiredAsset> getRequiredAssets() {
297    return _requiredAssets;
298  }
299
300  public void setRequiredAssets(List<RequiredAsset> value) {
301    _requiredAssets = value;
302  }
303
304  /**
305   * Add a new {@link RequiredAsset} item to the underlying collection.
306   * @param item the item to add
307   * @return {@code true}
308   */
309  public boolean addRequiredAsset(RequiredAsset item) {
310    RequiredAsset value = ObjectUtils.requireNonNull(item,"item cannot be null");
311    if (_requiredAssets == null) {
312      _requiredAssets = new LinkedList<>();
313    }
314    return _requiredAssets.add(value);
315  }
316
317  /**
318   * Remove the first matching {@link RequiredAsset} item from the underlying collection.
319   * @param item the item to remove
320   * @return {@code true} if the item was removed or {@code false} otherwise
321   */
322  public boolean removeRequiredAsset(RequiredAsset item) {
323    RequiredAsset value = ObjectUtils.requireNonNull(item,"item cannot be null");
324    return _requiredAssets == null ? false : _requiredAssets.remove(value);
325  }
326
327  public List<Task> getTasks() {
328    return _tasks;
329  }
330
331  public void setTasks(List<Task> value) {
332    _tasks = value;
333  }
334
335  /**
336   * Add a new {@link Task} item to the underlying collection.
337   * @param item the item to add
338   * @return {@code true}
339   */
340  public boolean addTask(Task item) {
341    Task value = ObjectUtils.requireNonNull(item,"item cannot be null");
342    if (_tasks == null) {
343      _tasks = new LinkedList<>();
344    }
345    return _tasks.add(value);
346  }
347
348  /**
349   * Remove the first matching {@link Task} item from the underlying collection.
350   * @param item the item to remove
351   * @return {@code true} if the item was removed or {@code false} otherwise
352   */
353  public boolean removeTask(Task item) {
354    Task value = ObjectUtils.requireNonNull(item,"item cannot be null");
355    return _tasks == null ? false : _tasks.remove(value);
356  }
357
358  public MarkupMultiline getRemarks() {
359    return _remarks;
360  }
361
362  public void setRemarks(MarkupMultiline value) {
363    _remarks = value;
364  }
365
366  @Override
367  public String toString() {
368    return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString();
369  }
370
371  /**
372   * Identifies an asset required to achieve remediation.
373   */
374  @MetaschemaAssembly(
375      formalName = "Required Asset",
376      description = "Identifies an asset required to achieve remediation.",
377      name = "required-asset",
378      metaschema = OscalAssessmentCommonMetaschema.class
379  )
380  public static class RequiredAsset {
381    @BoundFlag(
382        formalName = "Required Universally Unique Identifier",
383        description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope that can be used to reference this required asset elsewhere in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#scope). The locally defined *UUID* of the `asset` can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same subject across revisions of the document.",
384        useName = "uuid",
385        required = true,
386        typeAdapter = UuidAdapter.class
387    )
388    private UUID _uuid;
389
390    @BoundAssembly(
391        formalName = "Identifies the Subject",
392        description = "A [human-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#human-oriented) identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else.",
393        useName = "subject",
394        maxOccurs = -1,
395        remarks = "Identifies an asset associated with this requirement, such as a party, system component, or inventory-item."
396    )
397    @GroupAs(
398        name = "subjects",
399        inJson = JsonGroupAsBehavior.LIST
400    )
401    private List<SubjectReference> _subjects;
402
403    /**
404     * "The title for this required asset."
405     */
406    @BoundField(
407        formalName = "Title for Required Asset",
408        description = "The title for this required asset.",
409        useName = "title"
410    )
411    @BoundFieldValue(
412        typeAdapter = MarkupLineAdapter.class
413    )
414    private MarkupLine _title;
415
416    /**
417     * "A human-readable description of this required asset."
418     */
419    @BoundField(
420        formalName = "Description of Required Asset",
421        description = "A human-readable description of this required asset.",
422        useName = "description",
423        minOccurs = 1
424    )
425    @BoundFieldValue(
426        typeAdapter = MarkupMultilineAdapter.class
427    )
428    private MarkupMultiline _description;
429
430    @BoundAssembly(
431        formalName = "Property",
432        description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.",
433        useName = "prop",
434        maxOccurs = -1
435    )
436    @GroupAs(
437        name = "props",
438        inJson = JsonGroupAsBehavior.LIST
439    )
440    private List<Property> _props;
441
442    @BoundAssembly(
443        formalName = "Link",
444        description = "A reference to a local or remote resource, that has a specific relation to the containing object.",
445        useName = "link",
446        maxOccurs = -1
447    )
448    @GroupAs(
449        name = "links",
450        inJson = JsonGroupAsBehavior.LIST
451    )
452    private List<Link> _links;
453
454    @BoundField(
455        formalName = "Remarks",
456        description = "Additional commentary about the containing object.",
457        useName = "remarks"
458    )
459    @BoundFieldValue(
460        typeAdapter = MarkupMultilineAdapter.class
461    )
462    private MarkupMultiline _remarks;
463
464    public RequiredAsset() {
465    }
466
467    public UUID getUuid() {
468      return _uuid;
469    }
470
471    public void setUuid(UUID value) {
472      _uuid = value;
473    }
474
475    public List<SubjectReference> getSubjects() {
476      return _subjects;
477    }
478
479    public void setSubjects(List<SubjectReference> value) {
480      _subjects = value;
481    }
482
483    /**
484     * Add a new {@link SubjectReference} item to the underlying collection.
485     * @param item the item to add
486     * @return {@code true}
487     */
488    public boolean addSubject(SubjectReference item) {
489      SubjectReference value = ObjectUtils.requireNonNull(item,"item cannot be null");
490      if (_subjects == null) {
491        _subjects = new LinkedList<>();
492      }
493      return _subjects.add(value);
494    }
495
496    /**
497     * Remove the first matching {@link SubjectReference} item from the underlying collection.
498     * @param item the item to remove
499     * @return {@code true} if the item was removed or {@code false} otherwise
500     */
501    public boolean removeSubject(SubjectReference item) {
502      SubjectReference value = ObjectUtils.requireNonNull(item,"item cannot be null");
503      return _subjects == null ? false : _subjects.remove(value);
504    }
505
506    public MarkupLine getTitle() {
507      return _title;
508    }
509
510    public void setTitle(MarkupLine value) {
511      _title = value;
512    }
513
514    public MarkupMultiline getDescription() {
515      return _description;
516    }
517
518    public void setDescription(MarkupMultiline value) {
519      _description = value;
520    }
521
522    public List<Property> getProps() {
523      return _props;
524    }
525
526    public void setProps(List<Property> value) {
527      _props = value;
528    }
529
530    /**
531     * Add a new {@link Property} item to the underlying collection.
532     * @param item the item to add
533     * @return {@code true}
534     */
535    public boolean addProp(Property item) {
536      Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
537      if (_props == null) {
538        _props = new LinkedList<>();
539      }
540      return _props.add(value);
541    }
542
543    /**
544     * Remove the first matching {@link Property} item from the underlying collection.
545     * @param item the item to remove
546     * @return {@code true} if the item was removed or {@code false} otherwise
547     */
548    public boolean removeProp(Property item) {
549      Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
550      return _props == null ? false : _props.remove(value);
551    }
552
553    public List<Link> getLinks() {
554      return _links;
555    }
556
557    public void setLinks(List<Link> value) {
558      _links = value;
559    }
560
561    /**
562     * Add a new {@link Link} item to the underlying collection.
563     * @param item the item to add
564     * @return {@code true}
565     */
566    public boolean addLink(Link item) {
567      Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
568      if (_links == null) {
569        _links = new LinkedList<>();
570      }
571      return _links.add(value);
572    }
573
574    /**
575     * Remove the first matching {@link Link} item from the underlying collection.
576     * @param item the item to remove
577     * @return {@code true} if the item was removed or {@code false} otherwise
578     */
579    public boolean removeLink(Link item) {
580      Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
581      return _links == null ? false : _links.remove(value);
582    }
583
584    public MarkupMultiline getRemarks() {
585      return _remarks;
586    }
587
588    public void setRemarks(MarkupMultiline value) {
589      _remarks = value;
590    }
591
592    @Override
593    public String toString() {
594      return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString();
595    }
596  }
597}