Source code

001// Generated from: ../../../../../../../../oscal/src/metaschema/oscal_assessment-common_metaschema.xml
002// Do not edit - changes will be lost when regenerated.
003package dev.metaschema.oscal.lib.model;
004
005import dev.metaschema.core.datatype.adapter.StringAdapter;
006import dev.metaschema.core.datatype.adapter.TokenAdapter;
007import dev.metaschema.core.datatype.adapter.UriAdapter;
008import dev.metaschema.core.datatype.markup.MarkupMultiline;
009import dev.metaschema.core.datatype.markup.MarkupMultilineAdapter;
010import dev.metaschema.core.model.IBoundObject;
011import dev.metaschema.core.model.IMetaschemaData;
012import dev.metaschema.core.model.JsonGroupAsBehavior;
013import dev.metaschema.core.model.constraint.IConstraint;
014import dev.metaschema.core.util.ObjectUtils;
015import dev.metaschema.databind.model.annotations.AllowedValue;
016import dev.metaschema.databind.model.annotations.AllowedValues;
017import dev.metaschema.databind.model.annotations.BoundAssembly;
018import dev.metaschema.databind.model.annotations.BoundField;
019import dev.metaschema.databind.model.annotations.BoundFlag;
020import dev.metaschema.databind.model.annotations.GroupAs;
021import dev.metaschema.databind.model.annotations.MetaschemaAssembly;
022import dev.metaschema.databind.model.annotations.ValueConstraints;
023import edu.umd.cs.findbugs.annotations.NonNull;
024import edu.umd.cs.findbugs.annotations.Nullable;
025import java.net.URI;
026import java.util.LinkedList;
027import java.util.List;
028import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
029import org.apache.commons.lang3.builder.ToStringStyle;
030
031/**
032 * A collection of descriptive data about the containing object from a specific origin.
033 */
034@MetaschemaAssembly(
035    formalName = "Characterization",
036    description = "A collection of descriptive data about the containing object from a specific origin.",
037    name = "characterization",
038    moduleClass = OscalAssessmentCommonModule.class
039)
040public class Characterization implements IBoundObject {
041  private final IMetaschemaData __metaschemaData;
042
043  /**
044   * An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.
045   */
046  @BoundAssembly(
047      formalName = "Property",
048      description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.",
049      useName = "prop",
050      maxOccurs = -1,
051      groupAs = @GroupAs(name = "props", inJson = JsonGroupAsBehavior.LIST)
052  )
053  private List<Property> _props;
054
055  /**
056   * A reference to a local or remote resource, that has a specific relation to the containing object.
057   */
058  @BoundAssembly(
059      formalName = "Link",
060      description = "A reference to a local or remote resource, that has a specific relation to the containing object.",
061      useName = "link",
062      maxOccurs = -1,
063      groupAs = @GroupAs(name = "links", inJson = JsonGroupAsBehavior.LIST)
064  )
065  private List<Link> _links;
066
067  /**
068   * Identifies the source of the finding, such as a tool, interviewed person, or activity.
069   */
070  @BoundAssembly(
071      formalName = "Origin",
072      description = "Identifies the source of the finding, such as a tool, interviewed person, or activity.",
073      useName = "origin",
074      remarks = "metadata about the specific actor that generated this descriptive data.",
075      minOccurs = 1
076  )
077  private Origin _origin;
078
079  /**
080   * An individual characteristic that is part of a larger set produced by the same actor.
081   */
082  @BoundAssembly(
083      formalName = "Facet",
084      description = "An individual characteristic that is part of a larger set produced by the same actor.",
085      useName = "facet",
086      minOccurs = 1,
087      maxOccurs = -1,
088      groupAs = @GroupAs(name = "facets", inJson = JsonGroupAsBehavior.LIST)
089  )
090  private List<Facet> _facets;
091
092  /**
093   * Constructs a new {@code dev.metaschema.oscal.lib.model.Characterization} instance with no metadata.
094   */
095  public Characterization() {
096    this(null);
097  }
098
099  /**
100   * Constructs a new {@code dev.metaschema.oscal.lib.model.Characterization} instance with the specified metadata.
101   *
102   * @param data
103   *           the metaschema data, or {@code null} if none
104   */
105  public Characterization(IMetaschemaData data) {
106    this.__metaschemaData = data;
107  }
108
109  @Override
110  public IMetaschemaData getMetaschemaData() {
111    return __metaschemaData;
112  }
113
114  /**
115   * Get the "{@literal Property}".
116   *
117   * <p>
118   * An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.
119   *
120   * @return the prop value
121   */
122  @NonNull
123  public List<Property> getProps() {
124    if (_props == null) {
125      _props = new LinkedList<>();
126    }
127    return ObjectUtils.notNull(_props);
128  }
129
130  /**
131   * Set the "{@literal Property}".
132   *
133   * <p>
134   * An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.
135   *
136   * @param value
137   *           the prop value to set
138   */
139  public void setProps(@NonNull List<Property> value) {
140    _props = value;
141  }
142
143  /**
144   * Add a new {@link Property} item to the underlying collection.
145   * @param item the item to add
146   * @return {@code true}
147   */
148  public boolean addProp(Property item) {
149    Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
150    if (_props == null) {
151      _props = new LinkedList<>();
152    }
153    return _props.add(value);
154  }
155
156  /**
157   * Remove the first matching {@link Property} item from the underlying collection.
158   * @param item the item to remove
159   * @return {@code true} if the item was removed or {@code false} otherwise
160   */
161  public boolean removeProp(Property item) {
162    Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
163    return _props != null && _props.remove(value);
164  }
165
166  /**
167   * Get the "{@literal Link}".
168   *
169   * <p>
170   * A reference to a local or remote resource, that has a specific relation to the containing object.
171   *
172   * @return the link value
173   */
174  @NonNull
175  public List<Link> getLinks() {
176    if (_links == null) {
177      _links = new LinkedList<>();
178    }
179    return ObjectUtils.notNull(_links);
180  }
181
182  /**
183   * Set the "{@literal Link}".
184   *
185   * <p>
186   * A reference to a local or remote resource, that has a specific relation to the containing object.
187   *
188   * @param value
189   *           the link value to set
190   */
191  public void setLinks(@NonNull List<Link> value) {
192    _links = value;
193  }
194
195  /**
196   * Add a new {@link Link} item to the underlying collection.
197   * @param item the item to add
198   * @return {@code true}
199   */
200  public boolean addLink(Link item) {
201    Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
202    if (_links == null) {
203      _links = new LinkedList<>();
204    }
205    return _links.add(value);
206  }
207
208  /**
209   * Remove the first matching {@link Link} item from the underlying collection.
210   * @param item the item to remove
211   * @return {@code true} if the item was removed or {@code false} otherwise
212   */
213  public boolean removeLink(Link item) {
214    Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
215    return _links != null && _links.remove(value);
216  }
217
218  /**
219   * Get the "{@literal Origin}".
220   *
221   * <p>
222   * Identifies the source of the finding, such as a tool, interviewed person, or activity.
223   *
224   * @return the origin value
225   */
226  @NonNull
227  public Origin getOrigin() {
228    return _origin;
229  }
230
231  /**
232   * Set the "{@literal Origin}".
233   *
234   * <p>
235   * Identifies the source of the finding, such as a tool, interviewed person, or activity.
236   *
237   * @param value
238   *           the origin value to set
239   */
240  public void setOrigin(@NonNull Origin value) {
241    _origin = value;
242  }
243
244  /**
245   * Get the "{@literal Facet}".
246   *
247   * <p>
248   * An individual characteristic that is part of a larger set produced by the same actor.
249   *
250   * @return the facet value
251   */
252  @NonNull
253  public List<Facet> getFacets() {
254    if (_facets == null) {
255      _facets = new LinkedList<>();
256    }
257    return ObjectUtils.notNull(_facets);
258  }
259
260  /**
261   * Set the "{@literal Facet}".
262   *
263   * <p>
264   * An individual characteristic that is part of a larger set produced by the same actor.
265   *
266   * @param value
267   *           the facet value to set
268   */
269  public void setFacets(@NonNull List<Facet> value) {
270    _facets = value;
271  }
272
273  /**
274   * Add a new {@link Facet} item to the underlying collection.
275   * @param item the item to add
276   * @return {@code true}
277   */
278  public boolean addFacet(Facet item) {
279    Facet value = ObjectUtils.requireNonNull(item,"item cannot be null");
280    if (_facets == null) {
281      _facets = new LinkedList<>();
282    }
283    return _facets.add(value);
284  }
285
286  /**
287   * Remove the first matching {@link Facet} item from the underlying collection.
288   * @param item the item to remove
289   * @return {@code true} if the item was removed or {@code false} otherwise
290   */
291  public boolean removeFacet(Facet item) {
292    Facet value = ObjectUtils.requireNonNull(item,"item cannot be null");
293    return _facets != null && _facets.remove(value);
294  }
295
296  @Override
297  public String toString() {
298    return ObjectUtils.notNull(new ReflectionToStringBuilder(this, ToStringStyle.MULTI_LINE_STYLE).toString());
299  }
300
301  /**
302   * An individual characteristic that is part of a larger set produced by the same actor.
303   */
304  @MetaschemaAssembly(
305      formalName = "Facet",
306      description = "An individual characteristic that is part of a larger set produced by the same actor.",
307      name = "facet",
308      moduleClass = OscalAssessmentCommonModule.class,
309      valueConstraints = @ValueConstraints(allowedValues = {@AllowedValues(id = "oscal-facet-prop-name-values", level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name", values = @AllowedValue(value = "state", description = "Indicates if the facet is 'initial' as first identified, or 'adjusted' indicating that the value has be changed after some adjustments have been made (e.g., to identify residual risk).")), @AllowedValues(id = "oscal-facet-prop-state-values", level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='state']/@value", values = {@AllowedValue(value = "initial", description = "As first identified."), @AllowedValue(value = "adjusted", description = "Indicates that residual risk remains after some adjustments have been made.")}), @AllowedValues(id = "oscal-facet-name-core-values", level = IConstraint.Level.ERROR, target = "(.)[@system='http://csrc.nist.gov/ns/oscal']/@name", values = {@AllowedValue(value = "likelihood", description = "General likelihood rating."), @AllowedValue(value = "impact", description = "General impact rating."), @AllowedValue(value = "risk", description = "General risk rating."), @AllowedValue(value = "severity", description = "General severity rating.")}), @AllowedValues(id = "oscal-facet-fedramp-values", level = IConstraint.Level.ERROR, target = "(.)[@system=('http://fedramp.gov','http://fedramp.gov/ns/oscal')]/@name", values = {@AllowedValue(value = "likelihood", description = "Likelihood as defined by FedRAMP. The `class` can be used to specify 'initial' and 'adjusted' risk states."), @AllowedValue(value = "impact", description = "Impact as defined by FedRAMP. The `class` can be used to specify 'initial' and 'adjusted' risk states."), @AllowedValue(value = "risk", description = "Risk as calculated according to FedRAMP. The `class` can be used to specify 'initial' and 'adjusted' risk states.")}), @AllowedValues(id = "oscal-facet-cve-values", level = IConstraint.Level.ERROR, target = "(.)[@system='http://cve.mitre.org']/@name", values = @AllowedValue(value = "cve-id", description = "An identifier managed by the CVE program (see https://cve.mitre.org/).")), @AllowedValues(id = "oscal-facet-cvss2-name-values", level = IConstraint.Level.ERROR, target = "(.)[@system='http://www.first.org/cvss/v2.0']/@name", values = {@AllowedValue(value = "access-vector", description = "Base: Access Vector"), @AllowedValue(value = "access-complexity", description = "Base: Access Complexity"), @AllowedValue(value = "authentication", description = "Base: Authentication"), @AllowedValue(value = "confidentiality-impact", description = "Base: Confidentiality Impact"), @AllowedValue(value = "integrity-impact", description = "Base: Integrity Impact"), @AllowedValue(value = "availability-impact", description = "Base: Availability Impact"), @AllowedValue(value = "exploitability", description = "Temporal: Exploitability"), @AllowedValue(value = "remediation-level", description = "Temporal: Remediation Level"), @AllowedValue(value = "report-confidence", description = "Temporal: Report Confidence"), @AllowedValue(value = "collateral-damage-potential", description = "Environmental: Collateral Damage Potential"), @AllowedValue(value = "target-distribution", description = "Environmental: Target Distribution"), @AllowedValue(value = "confidentiality-requirement", description = "Environmental: Confidentiality Requirement"), @AllowedValue(value = "integrity-requirement", description = "Environmental: Integrity Requirement"), @AllowedValue(value = "availability-requirement", description = "Environmental: Availability Requirement")}), @AllowedValues(id = "oscal-facet-cvss2-access-vector-values", level = IConstraint.Level.ERROR, target = "(.)[@system='http://www.first.org/cvss/v2.0' and @name='access-vector']/@value", values = {@AllowedValue(value = "local", description = "Local"), @AllowedValue(value = "adjacent-network", description = "Network Adjacent"), @AllowedValue(value = "network", description = "Network")}), @AllowedValues(id = "oscal-facet-cvss2-access-complexity-values", level = IConstraint.Level.ERROR, target = "(.)[@system='http://www.first.org/cvss/v2.0' and @name='access-complexity']/@value", values = {@AllowedValue(value = "high", description = "High"), @AllowedValue(value = "medium", description = "Medium"), @AllowedValue(value = "low", description = "Low")}), @AllowedValues(id = "oscal-facet-cvss2-authentication-values", level = IConstraint.Level.ERROR, target = "(.)[@system='http://www.first.org/cvss/v2.0' and @name='authentication']/@value", values = {@AllowedValue(value = "multiple", description = "Multiple"), @AllowedValue(value = "single", description = "Single"), @AllowedValue(value = "none", description = "None")}), @AllowedValues(id = "oscal-facet-cvss2-confidentiality-impact-values", level = IConstraint.Level.ERROR, target = "(.)[@system='http://www.first.org/cvss/v2.0' and @name=('confidentiality-impact', 'integrity-impact', 'availability-impact')]/@value", values = {@AllowedValue(value = "none", description = "None"), @AllowedValue(value = "partial", description = "Partial"), @AllowedValue(value = "complete", description = "Complete")}), @AllowedValues(id = "oscal-facet-cvss2-exploitability-values", level = IConstraint.Level.ERROR, target = "(.)[@system='http://www.first.org/cvss/v2.0' and @name='exploitability']/@value", values = {@AllowedValue(value = "unproven", description = "Unproven"), @AllowedValue(value = "proof-of-concept", description = "Proof-of-Concept"), @AllowedValue(value = "functional", description = "Functional"), @AllowedValue(value = "high", description = "High"), @AllowedValue(value = "not-defined", description = "Not Defined")}), @AllowedValues(id = "oscal-facet-cvss2-remediation-level-values", level = IConstraint.Level.ERROR, target = "(.)[@system='http://www.first.org/cvss/v2.0' and @name='remediation-level']/@value", values = {@AllowedValue(value = "official-fix", description = "Official Fix"), @AllowedValue(value = "temporary-fix", description = "Temporary Fix"), @AllowedValue(value = "workaround", description = "Workaround"), @AllowedValue(value = "unavailable", description = "Unavailable"), @AllowedValue(value = "not-defined", description = "Not Defined")}), @AllowedValues(id = "oscal-facet-cvss2-report-confidence-values", level = IConstraint.Level.ERROR, target = "(.)[@system='http://www.first.org/cvss/v2.0' and @name='report-confidence']/@value", values = {@AllowedValue(value = "unconfirmed", description = "Unconfirmed"), @AllowedValue(value = "uncorroborated", description = "Uncorroborated"), @AllowedValue(value = "confirmed", description = "Confirmed"), @AllowedValue(value = "not-defined", description = "Not Defined")}), @AllowedValues(id = "oscal-facet-cvss2-collateral-damage-potential-values", level = IConstraint.Level.ERROR, target = "(.)[@system='http://www.first.org/cvss/v2.0' and @name='collateral-damage-potential']/@value", values = {@AllowedValue(value = "none", description = "None"), @AllowedValue(value = "low", description = "Low (light loss)"), @AllowedValue(value = "low-medium", description = "Low Medium"), @AllowedValue(value = "medium-high", description = "Medium High"), @AllowedValue(value = "high", description = "High (catastrophic loss)"), @AllowedValue(value = "not-defined", description = "Not Defined")}), @AllowedValues(id = "oscal-facet-cvss2-cia-requirement-values", level = IConstraint.Level.ERROR, target = "(.)[@system='http://www.first.org/cvss/v2.0' and @name=('target-distribution', 'confidentiality-requirement', 'integrity-requirement', 'availability-requirement')]/@value", values = {@AllowedValue(value = "none", description = "None"), @AllowedValue(value = "low", description = "Low"), @AllowedValue(value = "medium", description = "Medium"), @AllowedValue(value = "high", description = "High"), @AllowedValue(value = "not-defined", description = "Not Defined")}), @AllowedValues(id = "oscal-facet-cvss3-name-values", level = IConstraint.Level.ERROR, target = "(.)[@system=('http://www.first.org/cvss/v3.0', 'http://www.first.org/cvss/v3.1')]/@name", values = {@AllowedValue(value = "attack-vector", description = "Base: Attack Vector"), @AllowedValue(value = "access-complexity", description = "Base: Attack Complexity"), @AllowedValue(value = "privileges-required", description = "Base: Privileges Required"), @AllowedValue(value = "user-interaction", description = "Base: User Interaction"), @AllowedValue(value = "scope", description = "Base: Scope"), @AllowedValue(value = "confidentiality-impact", description = "Base: Confidentiality Impact"), @AllowedValue(value = "integrity-impact", description = "Base: Integrity Impact"), @AllowedValue(value = "availability-impact", description = "Base: Availability Impact"), @AllowedValue(value = "exploit-code-maturity", description = "Temporal: Exploit Code Maturity"), @AllowedValue(value = "remediation-level", description = "Temporal: Remediation Level"), @AllowedValue(value = "report-confidence", description = "Temporal: Report Confidence"), @AllowedValue(value = "modified-attack-vector", description = "Environmental: Modified Attack Vector"), @AllowedValue(value = "modified-attack-complexity", description = "Environmental: Modified Attack Complexity"), @AllowedValue(value = "modified-privileges-required", description = "Environmental: Modified Privileges Required"), @AllowedValue(value = "modified-user-interaction", description = "Environmental: Modified User Interaction"), @AllowedValue(value = "modified-scope", description = "Environmental: Modified Scope"), @AllowedValue(value = "modified-confidentiality", description = "Environmental: Modified Confidentiality"), @AllowedValue(value = "modified-integrity", description = "Environmental: Modified Integrity"), @AllowedValue(value = "modified-availability", description = "Environmental: Modified Availability"), @AllowedValue(value = "confidentiality-requirement", description = "Environmental: Confidentiality Requirement Modifier"), @AllowedValue(value = "integrity-requirement", description = "Environmental: Integrity Requirement Modifier"), @AllowedValue(value = "availability-requirement", description = "Environmental: Availability Requirement Modifier")}), @AllowedValues(id = "oscal-facet-cvss3-access-vector-values", level = IConstraint.Level.ERROR, target = "(.)[@system=('http://www.first.org/cvss/v3.0', 'http://www.first.org/cvss/v3.1') and @name='access-vector']/@value", values = {@AllowedValue(value = "network", description = "Network"), @AllowedValue(value = "adjacent", description = "Adjacent"), @AllowedValue(value = "local", description = "Local"), @AllowedValue(value = "physical", description = "Physical")}), @AllowedValues(id = "oscal-facet-cvss3-access-complexity-values", level = IConstraint.Level.ERROR, target = "(.)[@system=('http://www.first.org/cvss/v3.0', 'http://www.first.org/cvss/v3.1') and @name='access-complexity']/@value", values = {@AllowedValue(value = "high", description = "High"), @AllowedValue(value = "low", description = "Low")}), @AllowedValues(id = "oscal-facet-cvss3-cia-impact-values", level = IConstraint.Level.ERROR, target = "(.)[@system=('http://www.first.org/cvss/v3.0', 'http://www.first.org/cvss/v3.1') and @name=('privileges-required', 'confidentiality-impact', 'integrity-impact', 'availability-impact')]/@value", values = {@AllowedValue(value = "none", description = "None"), @AllowedValue(value = "low", description = "Low"), @AllowedValue(value = "high", description = "High")}), @AllowedValues(id = "oscal-facet-cvss3-user-interaction", level = IConstraint.Level.ERROR, target = "(.)[@system=('http://www.first.org/cvss/v3.0', 'http://www.first.org/cvss/v3.1') and @name='user-interaction']/@value", values = {@AllowedValue(value = "none", description = "None"), @AllowedValue(value = "required", description = "Required")}), @AllowedValues(id = "oscal-facet-cvss3-scope", level = IConstraint.Level.ERROR, target = "(.)[@system=('http://www.first.org/cvss/v3.0', 'http://www.first.org/cvss/v3.1') and @name='scope']/@value", values = {@AllowedValue(value = "unchanged", description = "Unchanged"), @AllowedValue(value = "changed", description = "Changed")}), @AllowedValues(id = "oscal-facet-cvss3-exploit-code-maturity-values", level = IConstraint.Level.ERROR, target = "(.)[@system=('http://www.first.org/cvss/v3.0', 'http://www.first.org/cvss/v3.1') and @name='exploit-code-maturity']/@value", values = {@AllowedValue(value = "not-defined", description = "Not Defined"), @AllowedValue(value = "unproven", description = "Unproven"), @AllowedValue(value = "proof-of-concept", description = "Proof-of-Concept"), @AllowedValue(value = "functional", description = "Functional"), @AllowedValue(value = "high", description = "High")}), @AllowedValues(id = "oscal-facet-cvss3-remediation-level", level = IConstraint.Level.ERROR, target = "(.)[@system=('http://www.first.org/cvss/v3.0', 'http://www.first.org/cvss/v3.1') and @name='remediation-level']/@value", values = {@AllowedValue(value = "not-defined", description = "Not Defined"), @AllowedValue(value = "official-fix", description = "Official Fix"), @AllowedValue(value = "temporary-fix", description = "Temporary Fix"), @AllowedValue(value = "workaround", description = "Workaround"), @AllowedValue(value = "unavailable", description = "Unavailable")}), @AllowedValues(id = "oscal-facet-cvss3-report-confidence-values", level = IConstraint.Level.ERROR, target = "(.)[@system=('http://www.first.org/cvss/v3.0', 'http://www.first.org/cvss/v3.1') and @name='report-confidence']/@value", values = {@AllowedValue(value = "not-defined", description = "Not Defined"), @AllowedValue(value = "unknown", description = "Unknown"), @AllowedValue(value = "reasonable", description = "Reasonable"), @AllowedValue(value = "confirmed", description = "Confirmed")}), @AllowedValues(id = "oscal-facet-cvss3-cia-requirement-values", level = IConstraint.Level.ERROR, target = "(.)[@system=('http://www.first.org/cvss/v3.0', 'http://www.first.org/cvss/v3.1') and @name=('confidentiality-requirement', 'integrity-requirement', 'availability-requirement')]/@value", values = {@AllowedValue(value = "not-defined", description = "Not Defined"), @AllowedValue(value = "low", description = "Low"), @AllowedValue(value = "medium", description = "Medium"), @AllowedValue(value = "high", description = "High")}), @AllowedValues(id = "oscal-facet-cvss3-modified-attack-vector-values", level = IConstraint.Level.ERROR, target = "(.)[@system=('http://www.first.org/cvss/v3.0', 'http://www.first.org/cvss/v3.1') and @name='modified-attack-vector']/@value", values = {@AllowedValue(value = "not-defined", description = "Not Defined"), @AllowedValue(value = "network", description = "Network"), @AllowedValue(value = "adjacent", description = "Adjacent"), @AllowedValue(value = "local", description = "Local"), @AllowedValue(value = "physical", description = "Physical")}), @AllowedValues(id = "oscal-facet-cvss3-modified-attack-complexity-values", level = IConstraint.Level.ERROR, target = "(.)[@system=('http://www.first.org/cvss/v3.0', 'http://www.first.org/cvss/v3.1') and @name='modified-attack-complexity']/@value", values = {@AllowedValue(value = "not-defined", description = "Not Defined"), @AllowedValue(value = "high", description = "High"), @AllowedValue(value = "low", description = "Low")}), @AllowedValues(id = "oscal-facet-cvss3-modified-cia-values", level = IConstraint.Level.ERROR, target = "(.)[@system=('http://www.first.org/cvss/v3.0', 'http://www.first.org/cvss/v3.1') and @name=('modified-privileges-required', 'modified-confidentiality', 'modified-integrity', 'modified-availability')]/@value", values = {@AllowedValue(value = "not-defined", description = "Not Defined"), @AllowedValue(value = "none", description = "None"), @AllowedValue(value = "low", description = "Low"), @AllowedValue(value = "high", description = "High")}), @AllowedValues(id = "oscal-facet-cvss3-modified-user-interaction-values", level = IConstraint.Level.ERROR, target = "(.)[@system=('http://www.first.org/cvss/v3.0', 'http://www.first.org/cvss/v3.1') and @name='modified-user-interaction']/@value", values = {@AllowedValue(value = "not-defined", description = "Not Defined"), @AllowedValue(value = "none", description = "None"), @AllowedValue(value = "required", description = "Required")}), @AllowedValues(id = "oscal-facet-cvss3-modified-scope-values", level = IConstraint.Level.ERROR, target = "(.)[@system=('http://www.first.org/cvss/v3.0', 'http://www.first.org/cvss/v3.1') and @name='modified-scope']/@value", values = {@AllowedValue(value = "not-defined", description = "Not Defined"), @AllowedValue(value = "unchanged", description = "Unchanged"), @AllowedValue(value = "changed", description = "Changed")}), @AllowedValues(id = "oscal-cvss-v4.0-vectors", level = IConstraint.Level.ERROR, target = "(.)[@system=('https://www.first.org/cvss/v4-0')]/@name", values = {@AllowedValue(value = "av", description = "Base: Attack Vector"), @AllowedValue(value = "ac", description = "Base: Attack Complexity"), @AllowedValue(value = "at", description = "Base: Attack Requirements"), @AllowedValue(value = "pr", description = "Base: Privileges Required"), @AllowedValue(value = "ui", description = "Base: User Interaction"), @AllowedValue(value = "vc", description = "Base: Vulnerable System Confidentiality Impact"), @AllowedValue(value = "vi", description = "Base: Vulnerable System Integrity Impact"), @AllowedValue(value = "va", description = "Base: Vulnerable System Availability Impact"), @AllowedValue(value = "sc", description = "Base: Subsequent System Confidentiality Impact"), @AllowedValue(value = "si", description = "Base: Vulnerable System Integrity Impact"), @AllowedValue(value = "sa", description = "Base: Vulnerable System Availability Impact"), @AllowedValue(value = "s", description = "Supplemental: Safety"), @AllowedValue(value = "au", description = "Supplemental: Automatable"), @AllowedValue(value = "r", description = "Supplemental: Recovery"), @AllowedValue(value = "v", description = "Supplemental: Value Density"), @AllowedValue(value = "re", description = "Supplemental: Vulnerability Response Effort"), @AllowedValue(value = "u", description = "Supplemental: Provider Urgency"), @AllowedValue(value = "mav", description = "Environmental: Modified Attack Vector"), @AllowedValue(value = "mac", description = "Environmental: Modified Attack Complexity"), @AllowedValue(value = "mat", description = "Environmental: Modified Attack Requirements"), @AllowedValue(value = "mpr", description = "Environmental: Modified Privileges Required"), @AllowedValue(value = "mui", description = "Environmental: Modified User Interaction"), @AllowedValue(value = "mvc", description = "Environmental: Modified Vulnerable System Confidentiality"), @AllowedValue(value = "mvi", description = "Environmental: Modified Vulnerable System Integrity"), @AllowedValue(value = "mva", description = "Environmental: Modified Vulnerable System Availability"), @AllowedValue(value = "msc", description = "Environmental: Subsequent Vulnerable System Confidentiality"), @AllowedValue(value = "msi", description = "Environmental: Subsequent Vulnerable System Integrity"), @AllowedValue(value = "msa", description = "Environmental: Subsequent Vulnerable System Availability"), @AllowedValue(value = "cr", description = "Environmental: Confidentiality Requirements"), @AllowedValue(value = "ir", description = "Environmental: Integrity Requirements"), @AllowedValue(value = "ar", description = "Environmental: Availability Requirements"), @AllowedValue(value = "e", description = "Threat: Exploit Maturity")}), @AllowedValues(id = "oscal-cvss-v4.0-av-values", formalName = "Attack Vector Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name='av']/@value", values = {@AllowedValue(value = "n", description = "Network"), @AllowedValue(value = "a", description = "Adjacent"), @AllowedValue(value = "l", description = "Local"), @AllowedValue(value = "p", description = "Physical")}), @AllowedValues(id = "oscal-cvss-v4.0-ac-values", formalName = "Attack Complexity Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name='ac']/@value", values = {@AllowedValue(value = "h", description = "High"), @AllowedValue(value = "l", description = "Low")}), @AllowedValues(id = "oscal-cvss-v4.0-at-values", formalName = "Attack Requirements Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name='at']/@value", values = {@AllowedValue(value = "n", description = "None"), @AllowedValue(value = "p", description = "Present")}), @AllowedValues(id = "oscal-cvss-v4.0-pr-cia-values", formalName = "Privileges Required, Confidentiality, Integrity, and Availability Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name=('pr','vc','vi','va','sc','si','sa')]/@value", values = {@AllowedValue(value = "n", description = "None"), @AllowedValue(value = "l", description = "Low"), @AllowedValue(value = "h", description = "High")}), @AllowedValues(id = "oscal-cvss-v4.0-ui-values", formalName = "User Interaction Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name='ui']/@value", values = {@AllowedValue(value = "n", description = "None"), @AllowedValue(value = "p", description = "Passive"), @AllowedValue(value = "a", description = "Active")}), @AllowedValues(id = "oscal-cvss-v4.0-s-values", formalName = "Safety Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name='s']/@value", values = {@AllowedValue(value = "x", description = "Not Defined"), @AllowedValue(value = "n", description = "Negligible"), @AllowedValue(value = "p", description = "Present")}), @AllowedValues(id = "oscal-cvss-v4.0-au-values", formalName = "Automatable Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name='au']/@value", values = {@AllowedValue(value = "x", description = "Not Defined"), @AllowedValue(value = "n", description = "No"), @AllowedValue(value = "y", description = "Yes")}), @AllowedValues(id = "oscal-cvss-v4.0-r-values", formalName = "Recovery Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name='r']/@value", values = {@AllowedValue(value = "x", description = "Not Defined"), @AllowedValue(value = "a", description = "Automatic"), @AllowedValue(value = "u", description = "User"), @AllowedValue(value = "i", description = "Irrecoverable")}), @AllowedValues(id = "oscal-cvss-v4.0-v-values", formalName = "Value Density Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name='v']/@value", values = {@AllowedValue(value = "x", description = "Not Defined"), @AllowedValue(value = "a", description = "Automatic"), @AllowedValue(value = "u", description = "User"), @AllowedValue(value = "i", description = "Irrecoverable")}), @AllowedValues(id = "oscal-cvss-v4.0-re-values", formalName = "Vulnerability Response Effort Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name='re']/@value", values = {@AllowedValue(value = "x", description = "Not Defined"), @AllowedValue(value = "l", description = "Low"), @AllowedValue(value = "m", description = "Moderate"), @AllowedValue(value = "h", description = "High")}), @AllowedValues(id = "oscal-cvss-v4.0-u-values", formalName = "Provider Urgency Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name='u']/@value", values = {@AllowedValue(value = "x", description = "Not Defined"), @AllowedValue(value = "clear", description = "Clear"), @AllowedValue(value = "green", description = "Green"), @AllowedValue(value = "amber", description = "Amber"), @AllowedValue(value = "red", description = "Red")}), @AllowedValues(id = "oscal-cvss-v4.0-mav-values", formalName = "Modified Attack Vector Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name='mav']/@value", values = {@AllowedValue(value = "x", description = "Not Defined"), @AllowedValue(value = "n", description = "Network"), @AllowedValue(value = "a", description = "Adjacent"), @AllowedValue(value = "l", description = "Local"), @AllowedValue(value = "p", description = "Physical")}), @AllowedValues(id = "oscal-cvss-v4.0-mac-values", formalName = "Modified Attack Complexity Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name='mac']/@value", values = {@AllowedValue(value = "x", description = "Not Defined"), @AllowedValue(value = "h", description = "High"), @AllowedValue(value = "l", description = "Low")}), @AllowedValues(id = "oscal-cvss-v4.0-mat-values", formalName = "Modified Attack Requirements Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name='mat']/@value", values = {@AllowedValue(value = "x", description = "Not Defined"), @AllowedValue(value = "n", description = "None"), @AllowedValue(value = "p", description = "Present")}), @AllowedValues(id = "oscal-cvss-v4.0-mpr-mvs-cia-values", formalName = "Modified Privileges Required, and Vulnerable System Confidentiality, Integrity, and Availability Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name=('mpr','mvc','mvi')]/@value", values = {@AllowedValue(value = "x", description = "Not Defined"), @AllowedValue(value = "n", description = "None"), @AllowedValue(value = "l", description = "Low"), @AllowedValue(value = "h", description = "High")}), @AllowedValues(id = "oscal-cvss-v4.0-mui-values", formalName = "Modified User Interaction Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name='mui']/@value", values = {@AllowedValue(value = "x", description = "Not Defined"), @AllowedValue(value = "n", description = "None"), @AllowedValue(value = "p", description = "Passive"), @AllowedValue(value = "a", description = "Active")}), @AllowedValues(id = "oscal-cvss-v4.0-msc-values", formalName = "Modified Subsequent System Confidentiality Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name='msc']/@value", values = {@AllowedValue(value = "x", description = "Not Defined"), @AllowedValue(value = "n", description = "Negligible"), @AllowedValue(value = "l", description = "Low"), @AllowedValue(value = "h", description = "High")}), @AllowedValues(id = "oscal-cvss-v4.0-msi-msa-cia-values", formalName = "Modified Safety-Related Subsequent System Integrity and Availability Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name=('msi','msa')]/@value", values = {@AllowedValue(value = "x", description = "Not Defined"), @AllowedValue(value = "n", description = "Negligible"), @AllowedValue(value = "l", description = "Low"), @AllowedValue(value = "h", description = "High"), @AllowedValue(value = "s", description = "Safety")}), @AllowedValues(id = "oscal-cvss-v4.0-env-cia-values", formalName = "Vulnerability Response Effort Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name=('cr','ir','ar')]/@value", values = {@AllowedValue(value = "x", description = "Not Defined"), @AllowedValue(value = "l", description = "Low"), @AllowedValue(value = "m", description = "Medium"), @AllowedValue(value = "h", description = "High")}), @AllowedValues(id = "oscal-cvss-v4.0-e-values", formalName = "Vulnerability Response Effort Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name='e']/@value", values = {@AllowedValue(value = "x", description = "Not Defined"), @AllowedValue(value = "a", description = "Attacked"), @AllowedValue(value = "p", description = "PoC"), @AllowedValue(value = "u", description = "Unreported")})})
310  )
311  public static class Facet implements IBoundObject {
312    private final IMetaschemaData __metaschemaData;
313
314    /**
315     * The name of the risk metric within the specified system.
316     */
317    @BoundFlag(
318        formalName = "Facet Name",
319        description = "The name of the risk metric within the specified system.",
320        name = "name",
321        required = true,
322        typeAdapter = TokenAdapter.class
323    )
324    private String _name;
325
326    /**
327     * Specifies the naming system under which this risk metric is organized, which allows for the same names to be used in different systems controlled by different parties. This avoids the potential of a name clash.
328     */
329    @BoundFlag(
330        formalName = "Naming System",
331        description = "Specifies the naming system under which this risk metric is organized, which allows for the same names to be used in different systems controlled by different parties. This avoids the potential of a name clash.",
332        name = "system",
333        required = true,
334        typeAdapter = UriAdapter.class,
335        remarks = "This value must be an [absolute URI](https://pages.nist.gov/OSCAL/concepts/uri-use/#absolute-uri) that serves as a [naming system identifier](https://pages.nist.gov/OSCAL/concepts/uri-use/#use-as-a-naming-system-identifier).",
336        valueConstraints = @ValueConstraints(allowedValues = @AllowedValues(id = "oscal-characterization-facet-name-system-values", level = IConstraint.Level.ERROR, allowOthers = true, values = {@AllowedValue(value = "http://fedramp.gov", description = "\\*\\*deprecated\\*\\* The FedRAMP naming system. This has been deprecated; use `http://fedramp.gov/ns/oscal` instead.", deprecatedVersion = "1.0.3"), @AllowedValue(value = "http://fedramp.gov/ns/oscal", description = "The facet naming system defined by FedRAMP."), @AllowedValue(value = "http://csrc.nist.gov/ns/oscal", description = "The facet naming system defined by OSCAL."), @AllowedValue(value = "http://csrc.nist.gov/ns/oscal/unknown", description = "The facet is from an unknown taxonomy. The meaning of the name is tool or organization specific."), @AllowedValue(value = "http://cve.mitre.org", description = "The facet naming system defined by the CVE Program."), @AllowedValue(value = "http://www.first.org/cvss/v2.0", description = "The facet naming system for representing Common Vulnerability Scoring System (CVSS) vectors as defined by the the [Forum for Incident Response and Security Teams](https://www.first.org/) [CVSS Special Interest Group](https://www.first.org/cvss/) (CVSS-SIG) for [CVSS v2](https://www.first.org/cvss/v2/)."), @AllowedValue(value = "http://www.first.org/cvss/v3.0", description = "The facet naming system for representing Common Vulnerability Scoring System (CVSS) vectors as defined by the the [Forum for Incident Response and Security Teams](https://www.first.org/) [CVSS Special Interest Group](https://www.first.org/cvss/) (CVSS-SIG) for [CVSS v3.0](https://www.first.org/cvss/v3-0/)."), @AllowedValue(value = "http://www.first.org/cvss/v3.1", description = "The facet naming system for representing Common Vulnerability Scoring System (CVSS) vectors as defined by the the [Forum for Incident Response and Security Teams](https://www.first.org/) [CVSS Special Interest Group](https://www.first.org/cvss/) (CVSS-SIG) for [CVSS v3.1](https://www.first.org/cvss/v3-1/)."), @AllowedValue(value = "https://www.first.org/cvss/v4-0", description = "The facet naming system for representing Common Vulnerability Scoring System (CVSS) vectors as defined by the the [Forum for Incident Response and Security Teams](https://www.first.org/) [CVSS Special Interest Group](https://www.first.org/cvss/) (CVSS-SIG) for [CVSS v4.0](https://www.first.org/cvss/v4-0/).")}))
337    )
338    private URI _system;
339
340    /**
341     * Indicates the value of the facet.
342     */
343    @BoundFlag(
344        formalName = "Facet Value",
345        description = "Indicates the value of the facet.",
346        name = "value",
347        required = true,
348        typeAdapter = StringAdapter.class
349    )
350    private String _value;
351
352    /**
353     * An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.
354     */
355    @BoundAssembly(
356        formalName = "Property",
357        description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.",
358        useName = "prop",
359        maxOccurs = -1,
360        groupAs = @GroupAs(name = "props", inJson = JsonGroupAsBehavior.LIST)
361    )
362    private List<Property> _props;
363
364    /**
365     * A reference to a local or remote resource, that has a specific relation to the containing object.
366     */
367    @BoundAssembly(
368        formalName = "Link",
369        description = "A reference to a local or remote resource, that has a specific relation to the containing object.",
370        useName = "link",
371        maxOccurs = -1,
372        groupAs = @GroupAs(name = "links", inJson = JsonGroupAsBehavior.LIST)
373    )
374    private List<Link> _links;
375
376    /**
377     * Additional commentary about the containing object.
378     */
379    @BoundField(
380        formalName = "Remarks",
381        description = "Additional commentary about the containing object.",
382        useName = "remarks",
383        typeAdapter = MarkupMultilineAdapter.class
384    )
385    private MarkupMultiline _remarks;
386
387    /**
388     * Constructs a new {@code dev.metaschema.oscal.lib.model.Characterization.Facet} instance with no metadata.
389     */
390    public Facet() {
391      this(null);
392    }
393
394    /**
395     * Constructs a new {@code dev.metaschema.oscal.lib.model.Characterization.Facet} instance with the specified metadata.
396     *
397     * @param data
398     *           the metaschema data, or {@code null} if none
399     */
400    public Facet(IMetaschemaData data) {
401      this.__metaschemaData = data;
402    }
403
404    @Override
405    public IMetaschemaData getMetaschemaData() {
406      return __metaschemaData;
407    }
408
409    /**
410     * Get the "{@literal Facet Name}".
411     *
412     * <p>
413     * The name of the risk metric within the specified system.
414     *
415     * @return the name value
416     */
417    @NonNull
418    public String getName() {
419      return _name;
420    }
421
422    /**
423     * Set the "{@literal Facet Name}".
424     *
425     * <p>
426     * The name of the risk metric within the specified system.
427     *
428     * @param value
429     *           the name value to set
430     */
431    public void setName(@NonNull String value) {
432      _name = value;
433    }
434
435    /**
436     * Get the "{@literal Naming System}".
437     *
438     * <p>
439     * Specifies the naming system under which this risk metric is organized, which allows for the same names to be used in different systems controlled by different parties. This avoids the potential of a name clash.
440     *
441     * @return the system value
442     */
443    @NonNull
444    public URI getSystem() {
445      return _system;
446    }
447
448    /**
449     * Set the "{@literal Naming System}".
450     *
451     * <p>
452     * Specifies the naming system under which this risk metric is organized, which allows for the same names to be used in different systems controlled by different parties. This avoids the potential of a name clash.
453     *
454     * @param value
455     *           the system value to set
456     */
457    public void setSystem(@NonNull URI value) {
458      _system = value;
459    }
460
461    /**
462     * Get the "{@literal Facet Value}".
463     *
464     * <p>
465     * Indicates the value of the facet.
466     *
467     * @return the value value
468     */
469    @NonNull
470    public String getValue() {
471      return _value;
472    }
473
474    /**
475     * Set the "{@literal Facet Value}".
476     *
477     * <p>
478     * Indicates the value of the facet.
479     *
480     * @param value
481     *           the value value to set
482     */
483    public void setValue(@NonNull String value) {
484      _value = value;
485    }
486
487    /**
488     * Get the "{@literal Property}".
489     *
490     * <p>
491     * An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.
492     *
493     * @return the prop value
494     */
495    @NonNull
496    public List<Property> getProps() {
497      if (_props == null) {
498        _props = new LinkedList<>();
499      }
500      return ObjectUtils.notNull(_props);
501    }
502
503    /**
504     * Set the "{@literal Property}".
505     *
506     * <p>
507     * An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.
508     *
509     * @param value
510     *           the prop value to set
511     */
512    public void setProps(@NonNull List<Property> value) {
513      _props = value;
514    }
515
516    /**
517     * Add a new {@link Property} item to the underlying collection.
518     * @param item the item to add
519     * @return {@code true}
520     */
521    public boolean addProp(Property item) {
522      Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
523      if (_props == null) {
524        _props = new LinkedList<>();
525      }
526      return _props.add(value);
527    }
528
529    /**
530     * Remove the first matching {@link Property} item from the underlying collection.
531     * @param item the item to remove
532     * @return {@code true} if the item was removed or {@code false} otherwise
533     */
534    public boolean removeProp(Property item) {
535      Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
536      return _props != null && _props.remove(value);
537    }
538
539    /**
540     * Get the "{@literal Link}".
541     *
542     * <p>
543     * A reference to a local or remote resource, that has a specific relation to the containing object.
544     *
545     * @return the link value
546     */
547    @NonNull
548    public List<Link> getLinks() {
549      if (_links == null) {
550        _links = new LinkedList<>();
551      }
552      return ObjectUtils.notNull(_links);
553    }
554
555    /**
556     * Set the "{@literal Link}".
557     *
558     * <p>
559     * A reference to a local or remote resource, that has a specific relation to the containing object.
560     *
561     * @param value
562     *           the link value to set
563     */
564    public void setLinks(@NonNull List<Link> value) {
565      _links = value;
566    }
567
568    /**
569     * Add a new {@link Link} item to the underlying collection.
570     * @param item the item to add
571     * @return {@code true}
572     */
573    public boolean addLink(Link item) {
574      Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
575      if (_links == null) {
576        _links = new LinkedList<>();
577      }
578      return _links.add(value);
579    }
580
581    /**
582     * Remove the first matching {@link Link} item from the underlying collection.
583     * @param item the item to remove
584     * @return {@code true} if the item was removed or {@code false} otherwise
585     */
586    public boolean removeLink(Link item) {
587      Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
588      return _links != null && _links.remove(value);
589    }
590
591    /**
592     * Get the "{@literal Remarks}".
593     *
594     * <p>
595     * Additional commentary about the containing object.
596     *
597     * @return the remarks value, or {@code null} if not set
598     */
599    @Nullable
600    public MarkupMultiline getRemarks() {
601      return _remarks;
602    }
603
604    /**
605     * Set the "{@literal Remarks}".
606     *
607     * <p>
608     * Additional commentary about the containing object.
609     *
610     * @param value
611     *           the remarks value to set, or {@code null} to clear
612     */
613    public void setRemarks(@Nullable MarkupMultiline value) {
614      _remarks = value;
615    }
616
617    @Override
618    public String toString() {
619      return ObjectUtils.notNull(new ReflectionToStringBuilder(this, ToStringStyle.MULTI_LINE_STYLE).toString());
620    }
621  }
622}