1 package gov.nist.secauto.oscal.lib.model;
2
3 import gov.nist.secauto.metaschema.binding.model.annotations.AllowedValue;
4 import gov.nist.secauto.metaschema.binding.model.annotations.AllowedValues;
5 import gov.nist.secauto.metaschema.binding.model.annotations.BoundAssembly;
6 import gov.nist.secauto.metaschema.binding.model.annotations.BoundField;
7 import gov.nist.secauto.metaschema.binding.model.annotations.BoundFieldValue;
8 import gov.nist.secauto.metaschema.binding.model.annotations.BoundFlag;
9 import gov.nist.secauto.metaschema.binding.model.annotations.GroupAs;
10 import gov.nist.secauto.metaschema.binding.model.annotations.MetaschemaAssembly;
11 import gov.nist.secauto.metaschema.binding.model.annotations.ValueConstraints;
12 import gov.nist.secauto.metaschema.model.common.JsonGroupAsBehavior;
13 import gov.nist.secauto.metaschema.model.common.constraint.IConstraint;
14 import gov.nist.secauto.metaschema.model.common.datatype.adapter.TokenAdapter;
15 import gov.nist.secauto.metaschema.model.common.datatype.adapter.UuidAdapter;
16 import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupLine;
17 import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupLineAdapter;
18 import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultiline;
19 import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultilineAdapter;
20 import gov.nist.secauto.metaschema.model.common.util.ObjectUtils;
21 import java.lang.Override;
22 import java.lang.String;
23 import java.util.LinkedList;
24 import java.util.List;
25 import java.util.UUID;
26 import org.apache.commons.lang3.builder.MultilineRecursiveToStringStyle;
27 import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
28
29
30
31
32 @MetaschemaAssembly(
33 formalName = "Risk Response",
34 description = "Describes either recommended or an actual plan for addressing the risk.",
35 name = "response",
36 metaschema = OscalAssessmentCommonMetaschema.class
37 )
38 @ValueConstraints(
39 allowedValues = {
40 @AllowedValues(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name", values = @AllowedValue(value = "type", description = "")),
41 @AllowedValues(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='type']/@value", values = {@AllowedValue(value = "avoid", description = "The risk will be eliminated."), @AllowedValue(value = "mitigate", description = "The risk will be reduced."), @AllowedValue(value = "transfer", description = "The risk will be transferred to another organization or entity."), @AllowedValue(value = "accept", description = "The risk will continue to exist without further efforts to address it. (Sometimes referred to as \"Operationally required\")"), @AllowedValue(value = "share", description = "The risk will be partially transferred to another organization or entity."), @AllowedValue(value = "contingency", description = "Plans will be made to address the risk impact if the risk occurs. (This is a form of mitigation.)"), @AllowedValue(value = "none", description = "No response, such as when the identified risk is found to be a false positive.")})
42 }
43 )
44 public class Response {
45 @BoundFlag(
46 formalName = "Remediation Universally Unique Identifier",
47 description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope that can be used to reference this remediation elsewhere in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#scope). The locally defined *UUID* of the `risk response` can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same subject across revisions of the document.",
48 useName = "uuid",
49 required = true,
50 typeAdapter = UuidAdapter.class
51 )
52 private UUID _uuid;
53
54 @BoundFlag(
55 formalName = "Remediation Intent",
56 description = "Identifies whether this is a recommendation, such as from an assessor or tool, or an actual plan accepted by the system owner.",
57 useName = "lifecycle",
58 required = true,
59 typeAdapter = TokenAdapter.class
60 )
61 @ValueConstraints(
62 allowedValues = @AllowedValues(level = IConstraint.Level.ERROR, allowOthers = true, values = {@AllowedValue(value = "recommendation", description = "Recommended remediation."), @AllowedValue(value = "planned", description = "The actions intended to resolve the risk."), @AllowedValue(value = "completed", description = "This remediation activities were performed to address the risk.")})
63 )
64 private String _lifecycle;
65
66
67
68
69 @BoundField(
70 formalName = "Response Title",
71 description = "The title for this response activity.",
72 useName = "title",
73 minOccurs = 1
74 )
75 @BoundFieldValue(
76 typeAdapter = MarkupLineAdapter.class
77 )
78 private MarkupLine _title;
79
80
81
82
83 @BoundField(
84 formalName = "Response Description",
85 description = "A human-readable description of this response plan.",
86 useName = "description",
87 minOccurs = 1
88 )
89 @BoundFieldValue(
90 typeAdapter = MarkupMultilineAdapter.class
91 )
92 private MarkupMultiline _description;
93
94 @BoundAssembly(
95 formalName = "Property",
96 description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.",
97 useName = "prop",
98 maxOccurs = -1
99 )
100 @GroupAs(
101 name = "props",
102 inJson = JsonGroupAsBehavior.LIST
103 )
104 private List<Property> _props;
105
106 @BoundAssembly(
107 formalName = "Link",
108 description = "A reference to a local or remote resource, that has a specific relation to the containing object.",
109 useName = "link",
110 maxOccurs = -1
111 )
112 @GroupAs(
113 name = "links",
114 inJson = JsonGroupAsBehavior.LIST
115 )
116 private List<Link> _links;
117
118 @BoundAssembly(
119 formalName = "Origin",
120 description = "Identifies the source of the finding, such as a tool, interviewed person, or activity.",
121 useName = "origin",
122 maxOccurs = -1,
123 remarks = "Used to identify the individual and/or tool that generated this recommended or planned response."
124 )
125 @GroupAs(
126 name = "origins",
127 inJson = JsonGroupAsBehavior.LIST
128 )
129 private List<Origin> _origins;
130
131
132
133
134 @BoundAssembly(
135 formalName = "Required Asset",
136 description = "Identifies an asset required to achieve remediation.",
137 useName = "required-asset",
138 maxOccurs = -1
139 )
140 @GroupAs(
141 name = "required-assets",
142 inJson = JsonGroupAsBehavior.LIST
143 )
144 private List<RequiredAsset> _requiredAssets;
145
146 @BoundAssembly(
147 formalName = "Task",
148 description = "Represents a scheduled event or milestone, which may be associated with a series of assessment actions.",
149 useName = "task",
150 maxOccurs = -1
151 )
152 @GroupAs(
153 name = "tasks",
154 inJson = JsonGroupAsBehavior.LIST
155 )
156 private List<Task> _tasks;
157
158 @BoundField(
159 formalName = "Remarks",
160 description = "Additional commentary about the containing object.",
161 useName = "remarks"
162 )
163 @BoundFieldValue(
164 typeAdapter = MarkupMultilineAdapter.class
165 )
166 private MarkupMultiline _remarks;
167
168 public Response() {
169 }
170
171 public UUID getUuid() {
172 return _uuid;
173 }
174
175 public void setUuid(UUID value) {
176 _uuid = value;
177 }
178
179 public String getLifecycle() {
180 return _lifecycle;
181 }
182
183 public void setLifecycle(String value) {
184 _lifecycle = value;
185 }
186
187 public MarkupLine getTitle() {
188 return _title;
189 }
190
191 public void setTitle(MarkupLine value) {
192 _title = value;
193 }
194
195 public MarkupMultiline getDescription() {
196 return _description;
197 }
198
199 public void setDescription(MarkupMultiline value) {
200 _description = value;
201 }
202
203 public List<Property> getProps() {
204 return _props;
205 }
206
207 public void setProps(List<Property> value) {
208 _props = value;
209 }
210
211
212
213
214
215
216 public boolean addProp(Property item) {
217 Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
218 if (_props == null) {
219 _props = new LinkedList<>();
220 }
221 return _props.add(value);
222 }
223
224
225
226
227
228
229 public boolean removeProp(Property item) {
230 Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
231 return _props == null ? false : _props.remove(value);
232 }
233
234 public List<Link> getLinks() {
235 return _links;
236 }
237
238 public void setLinks(List<Link> value) {
239 _links = value;
240 }
241
242
243
244
245
246
247 public boolean addLink(Link item) {
248 Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
249 if (_links == null) {
250 _links = new LinkedList<>();
251 }
252 return _links.add(value);
253 }
254
255
256
257
258
259
260 public boolean removeLink(Link item) {
261 Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
262 return _links == null ? false : _links.remove(value);
263 }
264
265 public List<Origin> getOrigins() {
266 return _origins;
267 }
268
269 public void setOrigins(List<Origin> value) {
270 _origins = value;
271 }
272
273
274
275
276
277
278 public boolean addOrigin(Origin item) {
279 Origin value = ObjectUtils.requireNonNull(item,"item cannot be null");
280 if (_origins == null) {
281 _origins = new LinkedList<>();
282 }
283 return _origins.add(value);
284 }
285
286
287
288
289
290
291 public boolean removeOrigin(Origin item) {
292 Origin value = ObjectUtils.requireNonNull(item,"item cannot be null");
293 return _origins == null ? false : _origins.remove(value);
294 }
295
296 public List<RequiredAsset> getRequiredAssets() {
297 return _requiredAssets;
298 }
299
300 public void setRequiredAssets(List<RequiredAsset> value) {
301 _requiredAssets = value;
302 }
303
304
305
306
307
308
309 public boolean addRequiredAsset(RequiredAsset item) {
310 RequiredAsset value = ObjectUtils.requireNonNull(item,"item cannot be null");
311 if (_requiredAssets == null) {
312 _requiredAssets = new LinkedList<>();
313 }
314 return _requiredAssets.add(value);
315 }
316
317
318
319
320
321
322 public boolean removeRequiredAsset(RequiredAsset item) {
323 RequiredAsset value = ObjectUtils.requireNonNull(item,"item cannot be null");
324 return _requiredAssets == null ? false : _requiredAssets.remove(value);
325 }
326
327 public List<Task> getTasks() {
328 return _tasks;
329 }
330
331 public void setTasks(List<Task> value) {
332 _tasks = value;
333 }
334
335
336
337
338
339
340 public boolean addTask(Task item) {
341 Task value = ObjectUtils.requireNonNull(item,"item cannot be null");
342 if (_tasks == null) {
343 _tasks = new LinkedList<>();
344 }
345 return _tasks.add(value);
346 }
347
348
349
350
351
352
353 public boolean removeTask(Task item) {
354 Task value = ObjectUtils.requireNonNull(item,"item cannot be null");
355 return _tasks == null ? false : _tasks.remove(value);
356 }
357
358 public MarkupMultiline getRemarks() {
359 return _remarks;
360 }
361
362 public void setRemarks(MarkupMultiline value) {
363 _remarks = value;
364 }
365
366 @Override
367 public String toString() {
368 return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString();
369 }
370
371
372
373
374 @MetaschemaAssembly(
375 formalName = "Required Asset",
376 description = "Identifies an asset required to achieve remediation.",
377 name = "required-asset",
378 metaschema = OscalAssessmentCommonMetaschema.class
379 )
380 public static class RequiredAsset {
381 @BoundFlag(
382 formalName = "Required Universally Unique Identifier",
383 description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope that can be used to reference this required asset elsewhere in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#scope). The locally defined *UUID* of the `asset` can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same subject across revisions of the document.",
384 useName = "uuid",
385 required = true,
386 typeAdapter = UuidAdapter.class
387 )
388 private UUID _uuid;
389
390 @BoundAssembly(
391 formalName = "Identifies the Subject",
392 description = "A [human-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#human-oriented) identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else.",
393 useName = "subject",
394 maxOccurs = -1,
395 remarks = "Identifies an asset associated with this requirement, such as a party, system component, or inventory-item."
396 )
397 @GroupAs(
398 name = "subjects",
399 inJson = JsonGroupAsBehavior.LIST
400 )
401 private List<SubjectReference> _subjects;
402
403
404
405
406 @BoundField(
407 formalName = "Title for Required Asset",
408 description = "The title for this required asset.",
409 useName = "title"
410 )
411 @BoundFieldValue(
412 typeAdapter = MarkupLineAdapter.class
413 )
414 private MarkupLine _title;
415
416
417
418
419 @BoundField(
420 formalName = "Description of Required Asset",
421 description = "A human-readable description of this required asset.",
422 useName = "description",
423 minOccurs = 1
424 )
425 @BoundFieldValue(
426 typeAdapter = MarkupMultilineAdapter.class
427 )
428 private MarkupMultiline _description;
429
430 @BoundAssembly(
431 formalName = "Property",
432 description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.",
433 useName = "prop",
434 maxOccurs = -1
435 )
436 @GroupAs(
437 name = "props",
438 inJson = JsonGroupAsBehavior.LIST
439 )
440 private List<Property> _props;
441
442 @BoundAssembly(
443 formalName = "Link",
444 description = "A reference to a local or remote resource, that has a specific relation to the containing object.",
445 useName = "link",
446 maxOccurs = -1
447 )
448 @GroupAs(
449 name = "links",
450 inJson = JsonGroupAsBehavior.LIST
451 )
452 private List<Link> _links;
453
454 @BoundField(
455 formalName = "Remarks",
456 description = "Additional commentary about the containing object.",
457 useName = "remarks"
458 )
459 @BoundFieldValue(
460 typeAdapter = MarkupMultilineAdapter.class
461 )
462 private MarkupMultiline _remarks;
463
464 public RequiredAsset() {
465 }
466
467 public UUID getUuid() {
468 return _uuid;
469 }
470
471 public void setUuid(UUID value) {
472 _uuid = value;
473 }
474
475 public List<SubjectReference> getSubjects() {
476 return _subjects;
477 }
478
479 public void setSubjects(List<SubjectReference> value) {
480 _subjects = value;
481 }
482
483
484
485
486
487
488 public boolean addSubject(SubjectReference item) {
489 SubjectReference value = ObjectUtils.requireNonNull(item,"item cannot be null");
490 if (_subjects == null) {
491 _subjects = new LinkedList<>();
492 }
493 return _subjects.add(value);
494 }
495
496
497
498
499
500
501 public boolean removeSubject(SubjectReference item) {
502 SubjectReference value = ObjectUtils.requireNonNull(item,"item cannot be null");
503 return _subjects == null ? false : _subjects.remove(value);
504 }
505
506 public MarkupLine getTitle() {
507 return _title;
508 }
509
510 public void setTitle(MarkupLine value) {
511 _title = value;
512 }
513
514 public MarkupMultiline getDescription() {
515 return _description;
516 }
517
518 public void setDescription(MarkupMultiline value) {
519 _description = value;
520 }
521
522 public List<Property> getProps() {
523 return _props;
524 }
525
526 public void setProps(List<Property> value) {
527 _props = value;
528 }
529
530
531
532
533
534
535 public boolean addProp(Property item) {
536 Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
537 if (_props == null) {
538 _props = new LinkedList<>();
539 }
540 return _props.add(value);
541 }
542
543
544
545
546
547
548 public boolean removeProp(Property item) {
549 Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
550 return _props == null ? false : _props.remove(value);
551 }
552
553 public List<Link> getLinks() {
554 return _links;
555 }
556
557 public void setLinks(List<Link> value) {
558 _links = value;
559 }
560
561
562
563
564
565
566 public boolean addLink(Link item) {
567 Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
568 if (_links == null) {
569 _links = new LinkedList<>();
570 }
571 return _links.add(value);
572 }
573
574
575
576
577
578
579 public boolean removeLink(Link item) {
580 Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
581 return _links == null ? false : _links.remove(value);
582 }
583
584 public MarkupMultiline getRemarks() {
585 return _remarks;
586 }
587
588 public void setRemarks(MarkupMultiline value) {
589 _remarks = value;
590 }
591
592 @Override
593 public String toString() {
594 return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString();
595 }
596 }
597 }