View Javadoc
1   /*
2    * Portions of this software was developed by employees of the National Institute
3    * of Standards and Technology (NIST), an agency of the Federal Government and is
4    * being made available as a public service. Pursuant to title 17 United States
5    * Code Section 105, works of NIST employees are not subject to copyright
6    * protection in the United States. This software may be subject to foreign
7    * copyright. Permission in the United States and in foreign countries, to the
8    * extent that NIST may hold copyright, to use, copy, modify, create derivative
9    * works, and distribute this software and its documentation without fee is hereby
10   * granted on a non-exclusive basis, provided that this notice and disclaimer
11   * of warranty appears in all copies.
12   *
13   * THE SOFTWARE IS PROVIDED 'AS IS' WITHOUT ANY WARRANTY OF ANY KIND, EITHER
14   * EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY
15   * THAT THE SOFTWARE WILL CONFORM TO SPECIFICATIONS, ANY IMPLIED WARRANTIES OF
16   * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND FREEDOM FROM
17   * INFRINGEMENT, AND ANY WARRANTY THAT THE DOCUMENTATION WILL CONFORM TO THE
18   * SOFTWARE, OR ANY WARRANTY THAT THE SOFTWARE WILL BE ERROR FREE.  IN NO EVENT
19   * SHALL NIST BE LIABLE FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DIRECT,
20   * INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, ARISING OUT OF, RESULTING FROM,
21   * OR IN ANY WAY CONNECTED WITH THIS SOFTWARE, WHETHER OR NOT BASED UPON WARRANTY,
22   * CONTRACT, TORT, OR OTHERWISE, WHETHER OR NOT INJURY WAS SUSTAINED BY PERSONS OR
23   * PROPERTY OR OTHERWISE, AND WHETHER OR NOT LOSS WAS SUSTAINED FROM, OR AROSE OUT
24   * OF THE RESULTS OF, OR USE OF, THE SOFTWARE OR SERVICES PROVIDED HEREUNDER.
25   */
26  
27  package gov.nist.secauto.oscal.lib.profile.resolver.selection;
28  
29  import gov.nist.secauto.metaschema.model.common.util.ObjectUtils;
30  import gov.nist.secauto.oscal.lib.model.IncludeAll;
31  import gov.nist.secauto.oscal.lib.model.ProfileImport;
32  import gov.nist.secauto.oscal.lib.model.control.catalog.IControl;
33  import gov.nist.secauto.oscal.lib.model.control.profile.IProfileSelectControlById;
34  
35  import org.apache.commons.lang3.tuple.Pair;
36  
37  import java.util.List;
38  
39  import edu.umd.cs.findbugs.annotations.NonNull;
40  
41  public interface IControlFilter {
42    @NonNull
43    IControlFilter ALWAYS_MATCH = new IControlFilter() {
44      @Override
45      public @NonNull Pair<Boolean, Boolean> match(@NonNull IControl control, boolean defaultMatch) {
46        return IControlSelectionFilter.MATCH;
47      }
48  
49      @Override
50      public @NonNull IControlSelectionFilter getInclusionFilter() {
51        return IControlSelectionFilter.ALL_MATCH;
52      }
53  
54      @Override
55      public @NonNull IControlSelectionFilter getExclusionFilter() {
56        return IControlSelectionFilter.NONE_MATCH;
57      }
58    };
59  
60    @NonNull
61    IControlFilter NONE_MATCH = new IControlFilter() {
62  
63      @Override
64      public @NonNull Pair<Boolean, Boolean> match(@NonNull IControl control, boolean defaultMatch) {
65        return IControlSelectionFilter.NON_MATCH;
66      }
67  
68      @Override
69      public @NonNull IControlSelectionFilter getInclusionFilter() {
70        return IControlSelectionFilter.NONE_MATCH;
71      }
72  
73      @Override
74      public @NonNull IControlSelectionFilter getExclusionFilter() {
75        return IControlSelectionFilter.NONE_MATCH;
76      }
77    };
78  
79    /**
80     * Construct a new filter instance based on the provided profile import
81     * statement.
82     *
83     * @param profileImport
84     *          an OSCAL profile import statement
85     * @return a new control filter
86     */
87    @NonNull
88    static IControlFilter newInstance(@NonNull ProfileImport profileImport) {
89      return new Filter(profileImport);
90    }
91  
92    @NonNull
93    static IControlFilter newInstance(@NonNull IControlSelectionFilter includes,
94        @NonNull IControlSelectionFilter excludes) {
95      return new Filter(includes, excludes);
96    }
97  
98    /**
99     * Determines if the control is matched by this filter. This method returns a
100    * {@link Pair} where the first member of the pair indicates if the control
101    * matches, and the second indicates if the match applies to child controls as
102    * well.
103    *
104    * @param control
105    *          the control to check for a match
106    * @return a pair indicating the status of the match ({@code true} for a match
107    *         or {@code false} otherwise), and if a match applies to child controls
108    */
109   @NonNull
110   default Pair<Boolean, Boolean> match(@NonNull IControl control) {
111     return match(control, false);
112   }
113 
114   /**
115    * Determines if the control is matched by this filter. This method returns a
116    * {@link Pair} where the first member of the pair indicates if the control
117    * matches, and the second indicates if the match applies to child controls as
118    * well.
119    *
120    * @param control
121    *          the control to check for a match
122    * @param defaultMatch
123    *          the match status to use if the filter doesn't have an explicit hit
124    * @return a pair indicating the status of the match ({@code true} for a match
125    *         or {@code false} otherwise), and if a match applies to child controls
126    */
127   @NonNull
128   Pair<Boolean, Boolean> match(@NonNull IControl control, boolean defaultMatch);
129 
130   @NonNull
131   IControlSelectionFilter getInclusionFilter();
132 
133   @NonNull
134   IControlSelectionFilter getExclusionFilter();
135 
136   class Filter implements IControlFilter {
137     @NonNull
138     private final IControlSelectionFilter inclusionFilter;
139     @NonNull
140     private final IControlSelectionFilter exclusionFilter;
141 
142     public Filter(@NonNull ProfileImport profileImport) {
143       IncludeAll includeAll = profileImport.getIncludeAll();
144 
145       if (includeAll == null) {
146         List<? extends IProfileSelectControlById> selections = profileImport.getIncludeControls();
147         if (selections == null) {
148           this.inclusionFilter = IControlSelectionFilter.NONE_MATCH;
149         } else {
150           this.inclusionFilter = new DefaultControlSelectionFilter(selections);
151         }
152       } else {
153         this.inclusionFilter = IControlSelectionFilter.ALL_MATCH;
154       }
155 
156       List<? extends IProfileSelectControlById> selections = profileImport.getExcludeControls();
157       if (selections == null) {
158         this.exclusionFilter = IControlSelectionFilter.NONE_MATCH;
159       } else {
160         this.exclusionFilter = new DefaultControlSelectionFilter(selections);
161       }
162 
163     }
164 
165     public Filter(@NonNull IControlSelectionFilter includes, @NonNull IControlSelectionFilter excludes) {
166       this.inclusionFilter = includes;
167       this.exclusionFilter = excludes;
168     }
169 
170     @Override
171     @NonNull
172     public IControlSelectionFilter getInclusionFilter() {
173       return inclusionFilter;
174     }
175 
176     @Override
177     @NonNull
178     public IControlSelectionFilter getExclusionFilter() {
179       return exclusionFilter;
180     }
181 
182     @Override
183     public Pair<Boolean, Boolean> match(@NonNull IControl control, boolean defaultMatch) {
184       @NonNull Pair<Boolean, Boolean> result = getInclusionFilter().apply(control);
185       boolean left = ObjectUtils.notNull(result.getLeft());
186       if (left) {
187         // this is a positive include match. Is it excluded?
188         Pair<Boolean, Boolean> excluded = getExclusionFilter().apply(control);
189         if (ObjectUtils.notNull(excluded.getLeft())) {
190           // the effective result is a non-match
191           result = IControlSelectionFilter.NON_MATCH;
192         }
193       } else {
194         result = defaultMatch ? IControlSelectionFilter.MATCH : IControlSelectionFilter.NON_MATCH;
195       }
196       return result;
197     }
198 
199   }
200 
201 }