Source code

001/*
002 * Portions of this software was developed by employees of the National Institute
003 * of Standards and Technology (NIST), an agency of the Federal Government and is
004 * being made available as a public service. Pursuant to title 17 United States
005 * Code Section 105, works of NIST employees are not subject to copyright
006 * protection in the United States. This software may be subject to foreign
007 * copyright. Permission in the United States and in foreign countries, to the
008 * extent that NIST may hold copyright, to use, copy, modify, create derivative
009 * works, and distribute this software and its documentation without fee is hereby
010 * granted on a non-exclusive basis, provided that this notice and disclaimer
011 * of warranty appears in all copies.
012 *
013 * THE SOFTWARE IS PROVIDED 'AS IS' WITHOUT ANY WARRANTY OF ANY KIND, EITHER
014 * EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY
015 * THAT THE SOFTWARE WILL CONFORM TO SPECIFICATIONS, ANY IMPLIED WARRANTIES OF
016 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND FREEDOM FROM
017 * INFRINGEMENT, AND ANY WARRANTY THAT THE DOCUMENTATION WILL CONFORM TO THE
018 * SOFTWARE, OR ANY WARRANTY THAT THE SOFTWARE WILL BE ERROR FREE.  IN NO EVENT
019 * SHALL NIST BE LIABLE FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DIRECT,
020 * INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, ARISING OUT OF, RESULTING FROM,
021 * OR IN ANY WAY CONNECTED WITH THIS SOFTWARE, WHETHER OR NOT BASED UPON WARRANTY,
022 * CONTRACT, TORT, OR OTHERWISE, WHETHER OR NOT INJURY WAS SUSTAINED BY PERSONS OR
023 * PROPERTY OR OTHERWISE, AND WHETHER OR NOT LOSS WAS SUSTAINED FROM, OR AROSE OUT
024 * OF THE RESULTS OF, OR USE OF, THE SOFTWARE OR SERVICES PROVIDED HEREUNDER.
025 */
026
027package gov.nist.secauto.oscal.lib.profile.resolver.selection;
028
029import gov.nist.secauto.metaschema.model.common.util.ObjectUtils;
030import gov.nist.secauto.oscal.lib.model.IncludeAll;
031import gov.nist.secauto.oscal.lib.model.ProfileImport;
032import gov.nist.secauto.oscal.lib.model.control.catalog.IControl;
033import gov.nist.secauto.oscal.lib.model.control.profile.IProfileSelectControlById;
034
035import org.apache.commons.lang3.tuple.Pair;
036
037import java.util.List;
038
039import edu.umd.cs.findbugs.annotations.NonNull;
040
041public interface IControlFilter {
042  @NonNull
043  IControlFilter ALWAYS_MATCH = new IControlFilter() {
044    @Override
045    public @NonNull Pair<Boolean, Boolean> match(@NonNull IControl control, boolean defaultMatch) {
046      return IControlSelectionFilter.MATCH;
047    }
048
049    @Override
050    public @NonNull IControlSelectionFilter getInclusionFilter() {
051      return IControlSelectionFilter.ALL_MATCH;
052    }
053
054    @Override
055    public @NonNull IControlSelectionFilter getExclusionFilter() {
056      return IControlSelectionFilter.NONE_MATCH;
057    }
058  };
059
060  @NonNull
061  IControlFilter NONE_MATCH = new IControlFilter() {
062
063    @Override
064    public @NonNull Pair<Boolean, Boolean> match(@NonNull IControl control, boolean defaultMatch) {
065      return IControlSelectionFilter.NON_MATCH;
066    }
067
068    @Override
069    public @NonNull IControlSelectionFilter getInclusionFilter() {
070      return IControlSelectionFilter.NONE_MATCH;
071    }
072
073    @Override
074    public @NonNull IControlSelectionFilter getExclusionFilter() {
075      return IControlSelectionFilter.NONE_MATCH;
076    }
077  };
078
079  /**
080   * Construct a new filter instance based on the provided profile import
081   * statement.
082   *
083   * @param profileImport
084   *          an OSCAL profile import statement
085   * @return a new control filter
086   */
087  @NonNull
088  static IControlFilter newInstance(@NonNull ProfileImport profileImport) {
089    return new Filter(profileImport);
090  }
091
092  @NonNull
093  static IControlFilter newInstance(@NonNull IControlSelectionFilter includes,
094      @NonNull IControlSelectionFilter excludes) {
095    return new Filter(includes, excludes);
096  }
097
098  /**
099   * Determines if the control is matched by this filter. This method returns a
100   * {@link Pair} where the first member of the pair indicates if the control
101   * matches, and the second indicates if the match applies to child controls as
102   * well.
103   *
104   * @param control
105   *          the control to check for a match
106   * @return a pair indicating the status of the match ({@code true} for a match
107   *         or {@code false} otherwise), and if a match applies to child controls
108   */
109  @NonNull
110  default Pair<Boolean, Boolean> match(@NonNull IControl control) {
111    return match(control, false);
112  }
113
114  /**
115   * Determines if the control is matched by this filter. This method returns a
116   * {@link Pair} where the first member of the pair indicates if the control
117   * matches, and the second indicates if the match applies to child controls as
118   * well.
119   *
120   * @param control
121   *          the control to check for a match
122   * @param defaultMatch
123   *          the match status to use if the filter doesn't have an explicit hit
124   * @return a pair indicating the status of the match ({@code true} for a match
125   *         or {@code false} otherwise), and if a match applies to child controls
126   */
127  @NonNull
128  Pair<Boolean, Boolean> match(@NonNull IControl control, boolean defaultMatch);
129
130  @NonNull
131  IControlSelectionFilter getInclusionFilter();
132
133  @NonNull
134  IControlSelectionFilter getExclusionFilter();
135
136  class Filter implements IControlFilter {
137    @NonNull
138    private final IControlSelectionFilter inclusionFilter;
139    @NonNull
140    private final IControlSelectionFilter exclusionFilter;
141
142    public Filter(@NonNull ProfileImport profileImport) {
143      IncludeAll includeAll = profileImport.getIncludeAll();
144
145      if (includeAll == null) {
146        List<? extends IProfileSelectControlById> selections = profileImport.getIncludeControls();
147        if (selections == null) {
148          this.inclusionFilter = IControlSelectionFilter.NONE_MATCH;
149        } else {
150          this.inclusionFilter = new DefaultControlSelectionFilter(selections);
151        }
152      } else {
153        this.inclusionFilter = IControlSelectionFilter.ALL_MATCH;
154      }
155
156      List<? extends IProfileSelectControlById> selections = profileImport.getExcludeControls();
157      if (selections == null) {
158        this.exclusionFilter = IControlSelectionFilter.NONE_MATCH;
159      } else {
160        this.exclusionFilter = new DefaultControlSelectionFilter(selections);
161      }
162
163    }
164
165    public Filter(@NonNull IControlSelectionFilter includes, @NonNull IControlSelectionFilter excludes) {
166      this.inclusionFilter = includes;
167      this.exclusionFilter = excludes;
168    }
169
170    @Override
171    @NonNull
172    public IControlSelectionFilter getInclusionFilter() {
173      return inclusionFilter;
174    }
175
176    @Override
177    @NonNull
178    public IControlSelectionFilter getExclusionFilter() {
179      return exclusionFilter;
180    }
181
182    @Override
183    public Pair<Boolean, Boolean> match(@NonNull IControl control, boolean defaultMatch) {
184      @NonNull Pair<Boolean, Boolean> result = getInclusionFilter().apply(control);
185      boolean left = ObjectUtils.notNull(result.getLeft());
186      if (left) {
187        // this is a positive include match. Is it excluded?
188        Pair<Boolean, Boolean> excluded = getExclusionFilter().apply(control);
189        if (ObjectUtils.notNull(excluded.getLeft())) {
190          // the effective result is a non-match
191          result = IControlSelectionFilter.NON_MATCH;
192        }
193      } else {
194        result = defaultMatch ? IControlSelectionFilter.MATCH : IControlSelectionFilter.NON_MATCH;
195      }
196      return result;
197    }
198
199  }
200
201}