View Javadoc
1   /**
2    * Portions of this software was developed by employees of the National Institute
3    * of Standards and Technology (NIST), an agency of the Federal Government and is
4    * being made available as a public service. Pursuant to title 17 United States
5    * Code Section 105, works of NIST employees are not subject to copyright
6    * protection in the United States. This software may be subject to foreign
7    * copyright. Permission in the United States and in foreign countries, to the
8    * extent that NIST may hold copyright, to use, copy, modify, create derivative
9    * works, and distribute this software and its documentation without fee is hereby
10   * granted on a non-exclusive basis, provided that this notice and disclaimer
11   * of warranty appears in all copies.
12   *
13   * THE SOFTWARE IS PROVIDED 'AS IS' WITHOUT ANY WARRANTY OF ANY KIND, EITHER
14   * EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY
15   * THAT THE SOFTWARE WILL CONFORM TO SPECIFICATIONS, ANY IMPLIED WARRANTIES OF
16   * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND FREEDOM FROM
17   * INFRINGEMENT, AND ANY WARRANTY THAT THE DOCUMENTATION WILL CONFORM TO THE
18   * SOFTWARE, OR ANY WARRANTY THAT THE SOFTWARE WILL BE ERROR FREE.  IN NO EVENT
19   * SHALL NIST BE LIABLE FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DIRECT,
20   * INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, ARISING OUT OF, RESULTING FROM,
21   * OR IN ANY WAY CONNECTED WITH THIS SOFTWARE, WHETHER OR NOT BASED UPON WARRANTY,
22   * CONTRACT, TORT, OR OTHERWISE, WHETHER OR NOT INJURY WAS SUSTAINED BY PERSONS OR
23   * PROPERTY OR OTHERWISE, AND WHETHER OR NOT LOSS WAS SUSTAINED FROM, OR AROSE OUT
24   * OF THE RESULTS OF, OR USE OF, THE SOFTWARE OR SERVICES PROVIDED HEREUNDER.
25   */
26  
27  package gov.nist.secauto.swid.swidval;
28  
29  import static gov.nist.secauto.decima.module.cli.CLIParser.DEFAULT_VALIDATION_REPORT_FILE;
30  import static gov.nist.secauto.decima.module.cli.CLIParser.DEFAULT_VALIDATION_RESULT_FILE;
31  import static gov.nist.secauto.decima.module.cli.CLIParser.OPTION_VALIDATION_REPORT_FILE;
32  import static gov.nist.secauto.decima.module.cli.CLIParser.OPTION_VALIDATION_RESULT_FILE;
33  
34  import gov.nist.secauto.decima.core.assessment.AssessmentException;
35  import gov.nist.secauto.decima.core.assessment.AssessmentExecutor;
36  import gov.nist.secauto.decima.core.assessment.result.AssessmentResultBuilder;
37  import gov.nist.secauto.decima.core.assessment.result.AssessmentResults;
38  import gov.nist.secauto.decima.core.classpath.ClasspathHandler;
39  import gov.nist.secauto.decima.core.document.DocumentException;
40  import gov.nist.secauto.decima.module.cli.CLIParser;
41  import gov.nist.secauto.decima.module.cli.commons.cli.OptionEnumerationValidator;
42  import gov.nist.secauto.decima.xml.assessment.Factory;
43  import gov.nist.secauto.decima.xml.assessment.result.ReportGenerator;
44  import gov.nist.secauto.decima.xml.assessment.result.XMLResultBuilder;
45  import gov.nist.secauto.decima.xml.document.XMLDocument;
46  
47  import org.apache.commons.cli.CommandLine;
48  import org.apache.commons.cli.Option;
49  import org.apache.commons.cli.OptionGroup;
50  import org.apache.commons.cli.ParseException;
51  import org.apache.logging.log4j.LogManager;
52  import org.apache.logging.log4j.Logger;
53  
54  import java.io.BufferedOutputStream;
55  import java.io.File;
56  import java.io.FileNotFoundException;
57  import java.io.FileOutputStream;
58  import java.io.IOException;
59  import java.io.OutputStream;
60  import java.net.URI;
61  import java.net.URISyntaxException;
62  import java.util.List;
63  import java.util.concurrent.ExecutorService;
64  import java.util.concurrent.Executors;
65  
66  import javax.xml.transform.TransformerException;
67  
68  public class Application {
69    private static final Logger log = LogManager.getLogger(Application.class);
70    private static final String OPTION_USECASE = "usecase";
71    private static final String OPTION_USECASE_VALUE_PRIMARY = "primary";
72    private static final String OPTION_USECASE_VALUE_CORPUS = "corpus";
73    private static final String OPTION_USECASE_VALUE_PATCH = "patch";
74    private static final String OPTION_USECASE_VALUE_SUPPLEMENTAL = "supplemental";
75    private static final String OPTION_USECASE_DEFAULT_VALUE = OPTION_USECASE_VALUE_PRIMARY;
76  
77    private static final String OPTION_AUTHORITATIVE = "A";
78    private static final String OPTION_NON_AUTHORITATIVE = "a";
79  
80    /**
81     * Runs the application.
82     * 
83     * @param args
84     *          the command line arguments
85     */
86    public static void main(String[] args) {
87      ClasspathHandler.initialize();
88      try {
89        System.exit(new Application().run(args));
90      } catch (ParseException e) {
91        e.printStackTrace();
92        System.exit(-2);
93      }
94    }
95  
96    protected CommandLine parseCLI(String[] args) throws ParseException {
97      CLIParser cliParser = new CLIParser("java -jar <swidval jar> (options) <swid tag path>");
98      cliParser.setVersion(Version.VERSION);
99  
100     Option useCase = Option.builder(OPTION_USECASE)
101         .desc("the SWID tag type, which is one of: primary, corpus, patch, or supplemental" + " (default: primary)")
102         .hasArg().build();
103     OptionEnumerationValidator useCaseValidator = new OptionEnumerationValidator(useCase);
104     useCaseValidator.addAllowedValue(OPTION_USECASE_VALUE_PRIMARY);
105     useCaseValidator.addAllowedValue(OPTION_USECASE_VALUE_CORPUS);
106     useCaseValidator.addAllowedValue(OPTION_USECASE_VALUE_PATCH);
107     useCaseValidator.addAllowedValue(OPTION_USECASE_VALUE_SUPPLEMENTAL);
108     cliParser.addOption(useCaseValidator);
109 
110     OptionGroup authGroup = new OptionGroup();
111     authGroup.addOption(
112         Option.builder(OPTION_AUTHORITATIVE).desc("the tag is produced by an authoritative creator (default)").build());
113     authGroup.addOption(
114         Option.builder(OPTION_NON_AUTHORITATIVE).desc("the tag is not produced by an authoritative creator").build());
115     cliParser.addOptionGroup(authGroup);
116 
117     return cliParser.parse(args);
118   }
119 
120   private int run(String[] args) throws ParseException {
121     CommandLine cmd = parseCLI(args);
122 
123     if (cmd == null) {
124       return -1;
125     }
126 
127     List<String> paths = cmd.getArgList();
128     if (paths.isEmpty()) {
129       System.err.println("At least one path must be specified as an extra argument.");
130       return -2;
131     } else if (paths.size() > 1) {
132       System.err.println("Only one path must be specified as an extra argument.");
133       return -3;
134     }
135     String path = paths.get(0);
136 
137     String tagTypeName = cmd.getOptionValue(OPTION_USECASE, OPTION_USECASE_DEFAULT_VALUE);
138 
139     TagType tagType = TagType.valueOf(tagTypeName.toUpperCase());
140     boolean authoritative = !cmd.hasOption(OPTION_NON_AUTHORITATIVE);
141 
142     log.info("Validating tag: " + path);
143     log.info("  tag type: " + tagType.getName());
144     log.info("  authoritative tag: " + authoritative);
145 
146     // handle resultfile
147     File validationResultFile;
148     {
149       String fileValue = cmd.getOptionValue(OPTION_VALIDATION_RESULT_FILE, DEFAULT_VALIDATION_RESULT_FILE);
150       validationResultFile = new File(fileValue);
151       File parentDir = validationResultFile.getParentFile();
152       if (parentDir != null && !parentDir.exists()) {
153         parentDir.mkdirs();
154       }
155     }
156 
157     // handle reportfile
158     File validationReportFile;
159     {
160       String fileValue = cmd.getOptionValue(OPTION_VALIDATION_REPORT_FILE, DEFAULT_VALIDATION_REPORT_FILE);
161       validationReportFile = new File(fileValue);
162       File parentDir = validationReportFile.getParentFile();
163       if (parentDir != null && !parentDir.exists()) {
164         parentDir.mkdirs();
165       }
166     }
167 
168     // Load the document to assess
169     File file = new File(path);
170     XMLDocument doc;
171     try {
172       doc = Factory.newXMLDocument(file);
173     } catch (FileNotFoundException ex) {
174       log.error("Non-existant file argument: " + file.getPath(), ex);
175       return -4;
176     } catch (DocumentException ex) {
177       log.error("Unable to parse the XML file: " + file.getPath(), ex);
178       return -5;
179     }
180 
181     ExecutorService executorService = null;
182     AssessmentResults validationResult;
183     try {
184       executorService = Executors.newFixedThreadPool(2);
185       SWIDAssessmentFactory factory = SWIDAssessmentFactory.getInstance();
186       factory.setResultDirectory(new File("schematron-results"));
187 
188       // setup the document assessment
189       AssessmentExecutor<XMLDocument> executor = factory.newAssessmentExecutor(tagType, authoritative, executorService);
190       AssessmentResultBuilder assessmentResultBuilder
191           = SWIDAssessmentResultBuilderFactory.newAssessmentResultBuilder(tagType, authoritative);
192 
193       // do the assessment
194       executor.execute(doc, assessmentResultBuilder);
195 
196       // generate the results
197       validationResult = assessmentResultBuilder.end().build(SWIDRequirementsManager.getInstance());
198     } catch (AssessmentException e) {
199       log.error("An error occured while performing the assessment", e);
200       return -5;
201     } finally {
202       if (executorService != null) {
203         executorService.shutdown();
204       }
205     }
206 
207     // Output the results
208     XMLResultBuilder writer = new XMLResultBuilder();
209     try (OutputStream os = new BufferedOutputStream(new FileOutputStream(validationResultFile))) {
210       log.info("Storing assessment results to: " + validationResultFile);
211       writer.write(validationResult, os);
212     } catch (FileNotFoundException e) {
213       log.error("The result file does not appear to be a regular file: " + validationResultFile, e);
214       return -6;
215     } catch (IOException e) {
216       log.error("Unable to write to the result file: " + validationResultFile, e);
217       return -7;
218     }
219 
220     // output the report
221     ReportGenerator reportGenerator = new ReportGenerator();
222     reportGenerator.setHtmlTitle("SWID Tag validation Report");
223     reportGenerator.setIgnoreNotTestedResults(true);
224     reportGenerator.setIgnoreOutOfScopeResults(true);
225     try {
226       reportGenerator.setXslTemplateExtension(new URI("classpath:xsl/swid-result.xsl"));
227     } catch (URISyntaxException e) {
228       log.error("Unable to load XSL template", e);
229       return -9;
230     }
231     log.info("Generating HTML report to: " + validationReportFile);
232     try {
233       reportGenerator.generate(validationResultFile, validationReportFile);
234     } catch (TransformerException | IOException e) {
235       log.error("Unable to generate HTML report", e);
236       return -10;
237     }
238     return 0;
239   }
240 }