Source code

001package gov.nist.secauto.oscal.lib.model;
002
003import gov.nist.secauto.metaschema.core.datatype.adapter.StringAdapter;
004import gov.nist.secauto.metaschema.core.datatype.adapter.TokenAdapter;
005import gov.nist.secauto.metaschema.core.datatype.adapter.UriAdapter;
006import gov.nist.secauto.metaschema.core.datatype.markup.MarkupMultiline;
007import gov.nist.secauto.metaschema.core.datatype.markup.MarkupMultilineAdapter;
008import gov.nist.secauto.metaschema.core.model.IBoundObject;
009import gov.nist.secauto.metaschema.core.model.IMetaschemaData;
010import gov.nist.secauto.metaschema.core.model.JsonGroupAsBehavior;
011import gov.nist.secauto.metaschema.core.model.constraint.IConstraint;
012import gov.nist.secauto.metaschema.core.util.ObjectUtils;
013import gov.nist.secauto.metaschema.databind.model.annotations.AllowedValue;
014import gov.nist.secauto.metaschema.databind.model.annotations.AllowedValues;
015import gov.nist.secauto.metaschema.databind.model.annotations.BoundAssembly;
016import gov.nist.secauto.metaschema.databind.model.annotations.BoundField;
017import gov.nist.secauto.metaschema.databind.model.annotations.BoundFlag;
018import gov.nist.secauto.metaschema.databind.model.annotations.GroupAs;
019import gov.nist.secauto.metaschema.databind.model.annotations.MetaschemaAssembly;
020import gov.nist.secauto.metaschema.databind.model.annotations.ValueConstraints;
021import java.lang.Override;
022import java.lang.String;
023import java.net.URI;
024import java.util.LinkedList;
025import java.util.List;
026import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
027import org.apache.commons.lang3.builder.ToStringStyle;
028
029/**
030 * A collection of descriptive data about the containing object from a specific origin.
031 */
032@MetaschemaAssembly(
033    formalName = "Characterization",
034    description = "A collection of descriptive data about the containing object from a specific origin.",
035    name = "characterization",
036    moduleClass = OscalAssessmentCommonModule.class
037)
038public class Characterization implements IBoundObject {
039  private final IMetaschemaData __metaschemaData;
040
041  @BoundAssembly(
042      formalName = "Property",
043      description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.",
044      useName = "prop",
045      maxOccurs = -1,
046      groupAs = @GroupAs(name = "props", inJson = JsonGroupAsBehavior.LIST)
047  )
048  private List<Property> _props;
049
050  @BoundAssembly(
051      formalName = "Link",
052      description = "A reference to a local or remote resource, that has a specific relation to the containing object.",
053      useName = "link",
054      maxOccurs = -1,
055      groupAs = @GroupAs(name = "links", inJson = JsonGroupAsBehavior.LIST)
056  )
057  private List<Link> _links;
058
059  @BoundAssembly(
060      formalName = "Origin",
061      description = "Identifies the source of the finding, such as a tool, interviewed person, or activity.",
062      useName = "origin",
063      remarks = "metadata about the specific actor that generated this descriptive data.",
064      minOccurs = 1
065  )
066  private Origin _origin;
067
068  @BoundAssembly(
069      formalName = "Facet",
070      description = "An individual characteristic that is part of a larger set produced by the same actor.",
071      useName = "facet",
072      minOccurs = 1,
073      maxOccurs = -1,
074      groupAs = @GroupAs(name = "facets", inJson = JsonGroupAsBehavior.LIST)
075  )
076  private List<Facet> _facets;
077
078  public Characterization() {
079    this(null);
080  }
081
082  public Characterization(IMetaschemaData data) {
083    this.__metaschemaData = data;
084  }
085
086  @Override
087  public IMetaschemaData getMetaschemaData() {
088    return __metaschemaData;
089  }
090
091  public List<Property> getProps() {
092    return _props;
093  }
094
095  public void setProps(List<Property> value) {
096    _props = value;
097  }
098
099  /**
100   * Add a new {@link Property} item to the underlying collection.
101   * @param item the item to add
102   * @return {@code true}
103   */
104  public boolean addProp(Property item) {
105    Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
106    if (_props == null) {
107      _props = new LinkedList<>();
108    }
109    return _props.add(value);
110  }
111
112  /**
113   * Remove the first matching {@link Property} item from the underlying collection.
114   * @param item the item to remove
115   * @return {@code true} if the item was removed or {@code false} otherwise
116   */
117  public boolean removeProp(Property item) {
118    Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
119    return _props != null && _props.remove(value);
120  }
121
122  public List<Link> getLinks() {
123    return _links;
124  }
125
126  public void setLinks(List<Link> value) {
127    _links = value;
128  }
129
130  /**
131   * Add a new {@link Link} item to the underlying collection.
132   * @param item the item to add
133   * @return {@code true}
134   */
135  public boolean addLink(Link item) {
136    Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
137    if (_links == null) {
138      _links = new LinkedList<>();
139    }
140    return _links.add(value);
141  }
142
143  /**
144   * Remove the first matching {@link Link} item from the underlying collection.
145   * @param item the item to remove
146   * @return {@code true} if the item was removed or {@code false} otherwise
147   */
148  public boolean removeLink(Link item) {
149    Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
150    return _links != null && _links.remove(value);
151  }
152
153  public Origin getOrigin() {
154    return _origin;
155  }
156
157  public void setOrigin(Origin value) {
158    _origin = value;
159  }
160
161  public List<Facet> getFacets() {
162    return _facets;
163  }
164
165  public void setFacets(List<Facet> value) {
166    _facets = value;
167  }
168
169  /**
170   * Add a new {@link Facet} item to the underlying collection.
171   * @param item the item to add
172   * @return {@code true}
173   */
174  public boolean addFacet(Facet item) {
175    Facet value = ObjectUtils.requireNonNull(item,"item cannot be null");
176    if (_facets == null) {
177      _facets = new LinkedList<>();
178    }
179    return _facets.add(value);
180  }
181
182  /**
183   * Remove the first matching {@link Facet} item from the underlying collection.
184   * @param item the item to remove
185   * @return {@code true} if the item was removed or {@code false} otherwise
186   */
187  public boolean removeFacet(Facet item) {
188    Facet value = ObjectUtils.requireNonNull(item,"item cannot be null");
189    return _facets != null && _facets.remove(value);
190  }
191
192  @Override
193  public String toString() {
194    return new ReflectionToStringBuilder(this, ToStringStyle.MULTI_LINE_STYLE).toString();
195  }
196
197  /**
198   * An individual characteristic that is part of a larger set produced by the same actor.
199   */
200  @MetaschemaAssembly(
201      formalName = "Facet",
202      description = "An individual characteristic that is part of a larger set produced by the same actor.",
203      name = "facet",
204      moduleClass = OscalAssessmentCommonModule.class,
205      valueConstraints = @ValueConstraints(allowedValues = {@AllowedValues(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name", values = @AllowedValue(value = "state", description = "Indicates if the facet is 'initial' as first identified, or 'adjusted' indicating that the value has be changed after some adjustments have been made (e.g., to identify residual risk).")), @AllowedValues(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='state']/@value", values = {@AllowedValue(value = "initial", description = "As first identified."), @AllowedValue(value = "adjusted", description = "Indicates that residual risk remains after some adjustments have been made.")}), @AllowedValues(level = IConstraint.Level.ERROR, target = "(.)[@system='http://csrc.nist.gov/ns/oscal']/@name", values = {@AllowedValue(value = "likelihood", description = "General likelihood rating."), @AllowedValue(value = "impact", description = "General impact rating."), @AllowedValue(value = "risk", description = "General risk rating."), @AllowedValue(value = "severity", description = "General severity rating.")}), @AllowedValues(level = IConstraint.Level.ERROR, target = "(.)[@system=('http://fedramp.gov','http://fedramp.gov/ns/oscal')]/@name", values = {@AllowedValue(value = "likelihood", description = "Likelihood as defined by FedRAMP. The `class` can be used to specify 'initial' and 'adjusted' risk states."), @AllowedValue(value = "impact", description = "Impact as defined by FedRAMP. The `class` can be used to specify 'initial' and 'adjusted' risk states."), @AllowedValue(value = "risk", description = "Risk as calculated according to FedRAMP. The `class` can be used to specify 'initial' and 'adjusted' risk states.")}), @AllowedValues(level = IConstraint.Level.ERROR, target = "(.)[@system='http://cve.mitre.org']/@name", values = @AllowedValue(value = "cve-id", description = "An identifier managed by the CVE program (see https://cve.mitre.org/).")), @AllowedValues(level = IConstraint.Level.ERROR, target = "(.)[@system='http://www.first.org/cvss/v2.0']/@name", values = {@AllowedValue(value = "access-vector", description = "Base: Access Vector"), @AllowedValue(value = "access-complexity", description = "Base: Access Complexity"), @AllowedValue(value = "authentication", description = "Base: Authentication"), @AllowedValue(value = "confidentiality-impact", description = "Base: Confidentiality Impact"), @AllowedValue(value = "integrity-impact", description = "Base: Integrity Impact"), @AllowedValue(value = "availability-impact", description = "Base: Availability Impact"), @AllowedValue(value = "exploitability", description = "Temporal: Exploitability"), @AllowedValue(value = "remediation-level", description = "Temporal: Remediation Level"), @AllowedValue(value = "report-confidence", description = "Temporal: Report Confidence"), @AllowedValue(value = "collateral-damage-potential", description = "Environmental: Collateral Damage Potential"), @AllowedValue(value = "target-distribution", description = "Environmental: Target Distribution"), @AllowedValue(value = "confidentiality-requirement", description = "Environmental: Confidentiality Requirement"), @AllowedValue(value = "integrity-requirement", description = "Environmental: Integrity Requirement"), @AllowedValue(value = "availability-requirement", description = "Environmental: Availability Requirement")}), @AllowedValues(level = IConstraint.Level.ERROR, target = "(.)[@system='http://www.first.org/cvss/v2.0' and @name='access-vector']/@value", values = {@AllowedValue(value = "local", description = "Local"), @AllowedValue(value = "adjacent-network", description = "Network Adjacent"), @AllowedValue(value = "network", description = "Network")}), @AllowedValues(level = IConstraint.Level.ERROR, target = "(.)[@system='http://www.first.org/cvss/v2.0' and @name='access-complexity']/@value", values = {@AllowedValue(value = "high", description = "High"), @AllowedValue(value = "medium", description = "Medium"), @AllowedValue(value = "low", description = "Low")}), @AllowedValues(level = IConstraint.Level.ERROR, target = "(.)[@system='http://www.first.org/cvss/v2.0' and @name='authentication']/@value", values = {@AllowedValue(value = "multiple", description = "Multiple"), @AllowedValue(value = "single", description = "Single"), @AllowedValue(value = "none", description = "None")}), @AllowedValues(level = IConstraint.Level.ERROR, target = "(.)[@system='http://www.first.org/cvss/v2.0' and @name=('confidentiality-impact', 'integrity-impact', 'availability-impact')]/@value", values = {@AllowedValue(value = "none", description = "None"), @AllowedValue(value = "partial", description = "Partial"), @AllowedValue(value = "complete", description = "Complete")}), @AllowedValues(level = IConstraint.Level.ERROR, target = "(.)[@system='http://www.first.org/cvss/v2.0' and @name='exploitability']/@value", values = {@AllowedValue(value = "unproven", description = "Unproven"), @AllowedValue(value = "proof-of-concept", description = "Proof-of-Concept"), @AllowedValue(value = "functional", description = "Functional"), @AllowedValue(value = "high", description = "High"), @AllowedValue(value = "not-defined", description = "Not Defined")}), @AllowedValues(level = IConstraint.Level.ERROR, target = "(.)[@system='http://www.first.org/cvss/v2.0' and @name='remediation-level']/@value", values = {@AllowedValue(value = "official-fix", description = "Official Fix"), @AllowedValue(value = "temporary-fix", description = "Temporary Fix"), @AllowedValue(value = "workaround", description = "Workaround"), @AllowedValue(value = "unavailable", description = "Unavailable"), @AllowedValue(value = "not-defined", description = "Not Defined")}), @AllowedValues(level = IConstraint.Level.ERROR, target = "(.)[@system='http://www.first.org/cvss/v2.0' and @name='report-confidence']/@value", values = {@AllowedValue(value = "unconfirmed", description = "Unconfirmed"), @AllowedValue(value = "uncorroborated", description = "Uncorroborated"), @AllowedValue(value = "confirmed", description = "Confirmed"), @AllowedValue(value = "not-defined", description = "Not Defined")}), @AllowedValues(level = IConstraint.Level.ERROR, target = "(.)[@system='http://www.first.org/cvss/v2.0' and @name='collateral-damage-potential']/@value", values = {@AllowedValue(value = "none", description = "None"), @AllowedValue(value = "low", description = "Low (light loss)"), @AllowedValue(value = "low-medium", description = "Low Medium"), @AllowedValue(value = "medium-high", description = "Medium High"), @AllowedValue(value = "high", description = "High (catastrophic loss)"), @AllowedValue(value = "not-defined", description = "Not Defined")}), @AllowedValues(level = IConstraint.Level.ERROR, target = "(.)[@system='http://www.first.org/cvss/v2.0' and @name=('target-distribution', 'confidentiality-requirement', 'integrity-requirement', 'availability-requirement')]/@value", values = {@AllowedValue(value = "none", description = "None"), @AllowedValue(value = "low", description = "Low"), @AllowedValue(value = "medium", description = "Medium"), @AllowedValue(value = "high", description = "High"), @AllowedValue(value = "not-defined", description = "Not Defined")}), @AllowedValues(level = IConstraint.Level.ERROR, target = "(.)[@system=('http://www.first.org/cvss/v3.0', 'http://www.first.org/cvss/v3.1')]/@name", values = {@AllowedValue(value = "attack-vector", description = "Base: Attack Vector"), @AllowedValue(value = "access-complexity", description = "Base: Attack Complexity"), @AllowedValue(value = "privileges-required", description = "Base: Privileges Required"), @AllowedValue(value = "user-interaction", description = "Base: User Interaction"), @AllowedValue(value = "scope", description = "Base: Scope"), @AllowedValue(value = "confidentiality-impact", description = "Base: Confidentiality Impact"), @AllowedValue(value = "integrity-impact", description = "Base: Integrity Impact"), @AllowedValue(value = "availability-impact", description = "Base: Availability Impact"), @AllowedValue(value = "exploit-code-maturity", description = "Temporal: Exploit Code Maturity"), @AllowedValue(value = "remediation-level", description = "Temporal: Remediation Level"), @AllowedValue(value = "report-confidence", description = "Temporal: Report Confidence"), @AllowedValue(value = "modified-attack-vector", description = "Environmental: Modified Attack Vector"), @AllowedValue(value = "modified-attack-complexity", description = "Environmental: Modified Attack Complexity"), @AllowedValue(value = "modified-privileges-required", description = "Environmental: Modified Privileges Required"), @AllowedValue(value = "modified-user-interaction", description = "Environmental: Modified User Interaction"), @AllowedValue(value = "modified-scope", description = "Environmental: Modified Scope"), @AllowedValue(value = "modified-confidentiality", description = "Environmental: Modified Confidentiality"), @AllowedValue(value = "modified-integrity", description = "Environmental: Modified Integrity"), @AllowedValue(value = "modified-availability", description = "Environmental: Modified Availability"), @AllowedValue(value = "confidentiality-requirement", description = "Environmental: Confidentiality Requirement Modifier"), @AllowedValue(value = "integrity-requirement", description = "Environmental: Integrity Requirement Modifier"), @AllowedValue(value = "availability-requirement", description = "Environmental: Availability Requirement Modifier")}), @AllowedValues(level = IConstraint.Level.ERROR, target = "(.)[@system=('http://www.first.org/cvss/v3.0', 'http://www.first.org/cvss/v3.1') and @name='access-vector']/@value", values = {@AllowedValue(value = "network", description = "Network"), @AllowedValue(value = "adjacent", description = "Adjacent"), @AllowedValue(value = "local", description = "Local"), @AllowedValue(value = "physical", description = "Physical")}), @AllowedValues(level = IConstraint.Level.ERROR, target = "(.)[@system=('http://www.first.org/cvss/v3.0', 'http://www.first.org/cvss/v3.1') and @name='access-complexity']/@value", values = {@AllowedValue(value = "high", description = "High"), @AllowedValue(value = "low", description = "Low")}), @AllowedValues(level = IConstraint.Level.ERROR, target = "(.)[@system=('http://www.first.org/cvss/v3.0', 'http://www.first.org/cvss/v3.1') and @name=('privileges-required', 'confidentiality-impact', 'integrity-impact', 'availability-impact')]/@value", values = {@AllowedValue(value = "none", description = "None"), @AllowedValue(value = "low", description = "Low"), @AllowedValue(value = "high", description = "High")}), @AllowedValues(level = IConstraint.Level.ERROR, target = "(.)[@system=('http://www.first.org/cvss/v3.0', 'http://www.first.org/cvss/v3.1') and @name='user-interaction']/@value", values = {@AllowedValue(value = "none", description = "None"), @AllowedValue(value = "required", description = "Required")}), @AllowedValues(level = IConstraint.Level.ERROR, target = "(.)[@system=('http://www.first.org/cvss/v3.0', 'http://www.first.org/cvss/v3.1') and @name='scope']/@value", values = {@AllowedValue(value = "unchanged", description = "Unchanged"), @AllowedValue(value = "changed", description = "Changed")}), @AllowedValues(level = IConstraint.Level.ERROR, target = "(.)[@system=('http://www.first.org/cvss/v3.0', 'http://www.first.org/cvss/v3.1') and @name='exploit-code-maturity']/@value", values = {@AllowedValue(value = "not-defined", description = "Not Defined"), @AllowedValue(value = "unproven", description = "Unproven"), @AllowedValue(value = "proof-of-concept", description = "Proof-of-Concept"), @AllowedValue(value = "functional", description = "Functional"), @AllowedValue(value = "high", description = "High")}), @AllowedValues(level = IConstraint.Level.ERROR, target = "(.)[@system=('http://www.first.org/cvss/v3.0', 'http://www.first.org/cvss/v3.1') and @name='remediation-level']/@value", values = {@AllowedValue(value = "not-defined", description = "Not Defined"), @AllowedValue(value = "official-fix", description = "Official Fix"), @AllowedValue(value = "temporary-fix", description = "Temporary Fix"), @AllowedValue(value = "workaround", description = "Workaround"), @AllowedValue(value = "unavailable", description = "Unavailable")}), @AllowedValues(level = IConstraint.Level.ERROR, target = "(.)[@system=('http://www.first.org/cvss/v3.0', 'http://www.first.org/cvss/v3.1') and @name='report-confidence']/@value", values = {@AllowedValue(value = "not-defined", description = "Not Defined"), @AllowedValue(value = "unknown", description = "Unknown"), @AllowedValue(value = "reasonable", description = "Reasonable"), @AllowedValue(value = "confirmed", description = "Confirmed")}), @AllowedValues(level = IConstraint.Level.ERROR, target = "(.)[@system=('http://www.first.org/cvss/v3.0', 'http://www.first.org/cvss/v3.1') and @name=('confidentiality-requirement', 'integrity-requirement', 'availability-requirement')]/@value", values = {@AllowedValue(value = "not-defined", description = "Not Defined"), @AllowedValue(value = "low", description = "Low"), @AllowedValue(value = "medium", description = "Medium"), @AllowedValue(value = "high", description = "High")}), @AllowedValues(level = IConstraint.Level.ERROR, target = "(.)[@system=('http://www.first.org/cvss/v3.0', 'http://www.first.org/cvss/v3.1') and @name='modified-attack-vector']/@value", values = {@AllowedValue(value = "not-defined", description = "Not Defined"), @AllowedValue(value = "network", description = "Network"), @AllowedValue(value = "adjacent", description = "Adjacent"), @AllowedValue(value = "local", description = "Local"), @AllowedValue(value = "physical", description = "Physical")}), @AllowedValues(level = IConstraint.Level.ERROR, target = "(.)[@system=('http://www.first.org/cvss/v3.0', 'http://www.first.org/cvss/v3.1') and @name='modified-attack-complexity']/@value", values = {@AllowedValue(value = "not-defined", description = "Not Defined"), @AllowedValue(value = "high", description = "High"), @AllowedValue(value = "low", description = "Low")}), @AllowedValues(level = IConstraint.Level.ERROR, target = "(.)[@system=('http://www.first.org/cvss/v3.0', 'http://www.first.org/cvss/v3.1') and @name=('modified-privileges-required', 'modified-confidentiality', 'modified-integrity', 'modified-availability')]/@value", values = {@AllowedValue(value = "not-defined", description = "Not Defined"), @AllowedValue(value = "none", description = "None"), @AllowedValue(value = "low", description = "Low"), @AllowedValue(value = "high", description = "High")}), @AllowedValues(level = IConstraint.Level.ERROR, target = "(.)[@system=('http://www.first.org/cvss/v3.0', 'http://www.first.org/cvss/v3.1') and @name='modified-user-interaction']/@value", values = {@AllowedValue(value = "not-defined", description = "Not Defined"), @AllowedValue(value = "none", description = "None"), @AllowedValue(value = "required", description = "Required")}), @AllowedValues(level = IConstraint.Level.ERROR, target = "(.)[@system=('http://www.first.org/cvss/v3.0', 'http://www.first.org/cvss/v3.1') and @name='modified-scope']/@value", values = {@AllowedValue(value = "not-defined", description = "Not Defined"), @AllowedValue(value = "unchanged", description = "Unchanged"), @AllowedValue(value = "changed", description = "Changed")}), @AllowedValues(id = "oscal-cvss-v4.0-vectors", level = IConstraint.Level.ERROR, target = "(.)[@system=('https://www.first.org/cvss/v4-0')]/@name", values = {@AllowedValue(value = "av", description = "Base: Attack Vector"), @AllowedValue(value = "ac", description = "Base: Attack Complexity"), @AllowedValue(value = "at", description = "Base: Attack Requirements"), @AllowedValue(value = "pr", description = "Base: Privileges Required"), @AllowedValue(value = "ui", description = "Base: User Interaction"), @AllowedValue(value = "vc", description = "Base: Vulnerable System Confidentiality Impact"), @AllowedValue(value = "vi", description = "Base: Vulnerable System Integrity Impact"), @AllowedValue(value = "va", description = "Base: Vulnerable System Availability Impact"), @AllowedValue(value = "sc", description = "Base: Subsequent System Confidentiality Impact"), @AllowedValue(value = "si", description = "Base: Vulnerable System Integrity Impact"), @AllowedValue(value = "sa", description = "Base: Vulnerable System Availability Impact"), @AllowedValue(value = "s", description = "Supplemental: Safety"), @AllowedValue(value = "au", description = "Supplemental: Automatable"), @AllowedValue(value = "r", description = "Supplemental: Recovery"), @AllowedValue(value = "v", description = "Supplemental: Value Density"), @AllowedValue(value = "re", description = "Supplemental: Vulnerability Response Effort"), @AllowedValue(value = "u", description = "Supplemental: Provider Urgency"), @AllowedValue(value = "mav", description = "Environmental: Modified Attack Vector"), @AllowedValue(value = "mac", description = "Environmental: Modified Attack Complexity"), @AllowedValue(value = "mat", description = "Environmental: Modified Attack Requirements"), @AllowedValue(value = "mpr", description = "Environmental: Modified Privileges Required"), @AllowedValue(value = "mui", description = "Environmental: Modified User Interaction"), @AllowedValue(value = "mvc", description = "Environmental: Modified Vulnerable System Confidentiality"), @AllowedValue(value = "mvi", description = "Environmental: Modified Vulnerable System Integrity"), @AllowedValue(value = "mva", description = "Environmental: Modified Vulnerable System Availability"), @AllowedValue(value = "msc", description = "Environmental: Subsequent Vulnerable System Confidentiality"), @AllowedValue(value = "msi", description = "Environmental: Subsequent Vulnerable System Integrity"), @AllowedValue(value = "msa", description = "Environmental: Subsequent Vulnerable System Availability"), @AllowedValue(value = "cr", description = "Environmental: Confidentiality Requirements"), @AllowedValue(value = "ir", description = "Environmental: Integrity Requirements"), @AllowedValue(value = "ar", description = "Environmental: Availability Requirements"), @AllowedValue(value = "e", description = "Threat: Exploit Maturity")}), @AllowedValues(id = "oscal-cvss-v4.0-av-values", formalName = "Attack Vector Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name='av']/@value", values = {@AllowedValue(value = "n", description = "Network"), @AllowedValue(value = "a", description = "Adjacent"), @AllowedValue(value = "l", description = "Local"), @AllowedValue(value = "p", description = "Physical")}), @AllowedValues(id = "oscal-cvss-v4.0-ac-values", formalName = "Attack Complexity Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name='ac']/@value", values = {@AllowedValue(value = "h", description = "High"), @AllowedValue(value = "l", description = "Low")}), @AllowedValues(id = "oscal-cvss-v4.0-at-values", formalName = "Attack Requirements Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name='at']/@value", values = {@AllowedValue(value = "n", description = "None"), @AllowedValue(value = "p", description = "Present")}), @AllowedValues(id = "oscal-cvss-v4.0-pr-cia-values", formalName = "Privileges Required, Confidentiality, Integrity, and Availability Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name=('pr','vc','vi','va','sc','si','sa')]/@value", values = {@AllowedValue(value = "n", description = "None"), @AllowedValue(value = "l", description = "Low"), @AllowedValue(value = "h", description = "High")}), @AllowedValues(id = "oscal-cvss-v4.0-ui-values", formalName = "User Interaction Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name='ui']/@value", values = {@AllowedValue(value = "n", description = "None"), @AllowedValue(value = "p", description = "Passive"), @AllowedValue(value = "a", description = "Active")}), @AllowedValues(id = "oscal-cvss-v4.0-s-values", formalName = "Safety Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name='s']/@value", values = {@AllowedValue(value = "x", description = "Not Defined"), @AllowedValue(value = "n", description = "Negligible"), @AllowedValue(value = "p", description = "Present")}), @AllowedValues(id = "oscal-cvss-v4.0-au-values", formalName = "Automatable Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name='au']/@value", values = {@AllowedValue(value = "x", description = "Not Defined"), @AllowedValue(value = "n", description = "No"), @AllowedValue(value = "y", description = "Yes")}), @AllowedValues(id = "oscal-cvss-v4.0-r-values", formalName = "Recovery Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name='r']/@value", values = {@AllowedValue(value = "x", description = "Not Defined"), @AllowedValue(value = "a", description = "Automatic"), @AllowedValue(value = "u", description = "User"), @AllowedValue(value = "i", description = "Irrecoverable")}), @AllowedValues(id = "oscal-cvss-v4.0-v-values", formalName = "Value Density Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name='v']/@value", values = {@AllowedValue(value = "x", description = "Not Defined"), @AllowedValue(value = "a", description = "Automatic"), @AllowedValue(value = "u", description = "User"), @AllowedValue(value = "i", description = "Irrecoverable")}), @AllowedValues(id = "oscal-cvss-v4.0-re-values", formalName = "Vulnerability Response Effort Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name='re']/@value", values = {@AllowedValue(value = "x", description = "Not Defined"), @AllowedValue(value = "l", description = "Low"), @AllowedValue(value = "m", description = "Moderate"), @AllowedValue(value = "h", description = "High")}), @AllowedValues(id = "oscal-cvss-v4.0-u-values", formalName = "Provider Urgency Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name='u']/@value", values = {@AllowedValue(value = "x", description = "Not Defined"), @AllowedValue(value = "clear", description = "Clear"), @AllowedValue(value = "green", description = "Green"), @AllowedValue(value = "amber", description = "Amber"), @AllowedValue(value = "red", description = "Red")}), @AllowedValues(id = "oscal-cvss-v4.0-mav-values", formalName = "Modified Attack Vector Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name='mav']/@value", values = {@AllowedValue(value = "x", description = "Not Defined"), @AllowedValue(value = "n", description = "Network"), @AllowedValue(value = "a", description = "Adjacent"), @AllowedValue(value = "l", description = "Local"), @AllowedValue(value = "p", description = "Physical")}), @AllowedValues(id = "oscal-cvss-v4.0-mac-values", formalName = "Modified Attack Complexity Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name='mac']/@value", values = {@AllowedValue(value = "x", description = "Not Defined"), @AllowedValue(value = "h", description = "High"), @AllowedValue(value = "l", description = "Low")}), @AllowedValues(id = "oscal-cvss-v4.0-mat-values", formalName = "Modified Attack Requirements Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name='mat']/@value", values = {@AllowedValue(value = "x", description = "Not Defined"), @AllowedValue(value = "n", description = "None"), @AllowedValue(value = "p", description = "Present")}), @AllowedValues(id = "oscal-cvss-v4.0-mpr-mvs-cia-values", formalName = "Modified Privileges Required, and Vulnerable System Confidentiality, Integrity, and Availability Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name=('mpr','mvc','mvi')]/@value", values = {@AllowedValue(value = "x", description = "Not Defined"), @AllowedValue(value = "n", description = "None"), @AllowedValue(value = "l", description = "Low"), @AllowedValue(value = "h", description = "High")}), @AllowedValues(id = "oscal-cvss-v4.0-mui-values", formalName = "Modified User Interaction Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name='mui']/@value", values = {@AllowedValue(value = "x", description = "Not Defined"), @AllowedValue(value = "n", description = "None"), @AllowedValue(value = "p", description = "Passive"), @AllowedValue(value = "a", description = "Active")}), @AllowedValues(id = "oscal-cvss-v4.0-msc-values", formalName = "Modified Subsequent System Confidentiality Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name='msc']/@value", values = {@AllowedValue(value = "x", description = "Not Defined"), @AllowedValue(value = "n", description = "Negligible"), @AllowedValue(value = "l", description = "Low"), @AllowedValue(value = "h", description = "High")}), @AllowedValues(id = "oscal-cvss-v4.0-msi-msa-cia-values", formalName = "Modified Safety-Related Subsequent System Integrity and Availability Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name=('msi','msa')]/@value", values = {@AllowedValue(value = "x", description = "Not Defined"), @AllowedValue(value = "n", description = "Negligible"), @AllowedValue(value = "l", description = "Low"), @AllowedValue(value = "h", description = "High"), @AllowedValue(value = "s", description = "Safety")}), @AllowedValues(id = "oscal-cvss-v4.0-env-cia-values", formalName = "Vulnerability Response Effort Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name=('cr','ir','ar')]/@value", values = {@AllowedValue(value = "x", description = "Not Defined"), @AllowedValue(value = "l", description = "Low"), @AllowedValue(value = "m", description = "Medium"), @AllowedValue(value = "h", description = "High")}), @AllowedValues(id = "oscal-cvss-v4.0-e-values", formalName = "Vulnerability Response Effort Values", level = IConstraint.Level.ERROR, target = ".[@system='https://www.first.org/cvss/v4-0' and @name='e']/@value", values = {@AllowedValue(value = "x", description = "Not Defined"), @AllowedValue(value = "a", description = "Attacked"), @AllowedValue(value = "p", description = "PoC"), @AllowedValue(value = "u", description = "Unreported")})})
206  )
207  public static class Facet implements IBoundObject {
208    private final IMetaschemaData __metaschemaData;
209
210    /**
211     * "The name of the risk metric within the specified system."
212     */
213    @BoundFlag(
214        formalName = "Facet Name",
215        description = "The name of the risk metric within the specified system.",
216        name = "name",
217        required = true,
218        typeAdapter = TokenAdapter.class
219    )
220    private String _name;
221
222    /**
223     * "Specifies the naming system under which this risk metric is organized, which allows for the same names to be used in different systems controlled by different parties. This avoids the potential of a name clash."
224     */
225    @BoundFlag(
226        formalName = "Naming System",
227        description = "Specifies the naming system under which this risk metric is organized, which allows for the same names to be used in different systems controlled by different parties. This avoids the potential of a name clash.",
228        name = "system",
229        required = true,
230        typeAdapter = UriAdapter.class,
231        remarks = "This value must be an [absolute URI](https://pages.nist.gov/OSCAL/concepts/uri-use/#absolute-uri) that serves as a [naming system identifier](https://pages.nist.gov/OSCAL/concepts/uri-use/#use-as-a-naming-system-identifier).",
232        valueConstraints = @ValueConstraints(allowedValues = @AllowedValues(level = IConstraint.Level.ERROR, allowOthers = true, values = {@AllowedValue(value = "http://fedramp.gov", description = "\\*\\*deprecated\\*\\* The FedRAMP naming system. This has been deprecated; use `http://fedramp.gov/ns/oscal` instead.", deprecatedVersion = "1.0.3"), @AllowedValue(value = "http://fedramp.gov/ns/oscal", description = "The facet naming system defined by FedRAMP."), @AllowedValue(value = "http://csrc.nist.gov/ns/oscal", description = "The facet naming system defined by OSCAL."), @AllowedValue(value = "http://csrc.nist.gov/ns/oscal/unknown", description = "The facet is from an unknown taxonomy. The meaning of the name is tool or organization specific."), @AllowedValue(value = "http://cve.mitre.org", description = "The facet naming system defined by the CVE Program."), @AllowedValue(value = "http://www.first.org/cvss/v2.0", description = "The facet naming system for representing Common Vunerability Scoring System (CVSS) vectors as defined by the the [Forum for Incident Response and Security Teams](https://www.first.org/) [CVSS Special Interest Group](https://www.first.org/cvss/) (CVSS-SIG) for [CVSS v2](https://www.first.org/cvss/v2/)."), @AllowedValue(value = "http://www.first.org/cvss/v3.0", description = "The facet naming system for representing Common Vunerability Scoring System (CVSS) vectors as defined by the the [Forum for Incident Response and Security Teams](https://www.first.org/) [CVSS Special Interest Group](https://www.first.org/cvss/) (CVSS-SIG) for [CVSS v3.0](https://www.first.org/cvss/v3-0/)."), @AllowedValue(value = "http://www.first.org/cvss/v3.1", description = "The facet naming system for representing Common Vunerability Scoring System (CVSS) vectors as defined by the the [Forum for Incident Response and Security Teams](https://www.first.org/) [CVSS Special Interest Group](https://www.first.org/cvss/) (CVSS-SIG) for [CVSS v3.1](https://www.first.org/cvss/v3-1/)."), @AllowedValue(value = "https://www.first.org/cvss/v4-0", description = "The facet naming system for representing Common Vunerability Scoring System (CVSS) vectors as defined by the the [Forum for Incident Response and Security Teams](https://www.first.org/) [CVSS Special Interest Group](https://www.first.org/cvss/) (CVSS-SIG) for [CVSS v4.0](https://www.first.org/cvss/v4-0/).")}))
233    )
234    private URI _system;
235
236    /**
237     * "Indicates the value of the facet."
238     */
239    @BoundFlag(
240        formalName = "Facet Value",
241        description = "Indicates the value of the facet.",
242        name = "value",
243        required = true,
244        typeAdapter = StringAdapter.class
245    )
246    private String _value;
247
248    @BoundAssembly(
249        formalName = "Property",
250        description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.",
251        useName = "prop",
252        maxOccurs = -1,
253        groupAs = @GroupAs(name = "props", inJson = JsonGroupAsBehavior.LIST)
254    )
255    private List<Property> _props;
256
257    @BoundAssembly(
258        formalName = "Link",
259        description = "A reference to a local or remote resource, that has a specific relation to the containing object.",
260        useName = "link",
261        maxOccurs = -1,
262        groupAs = @GroupAs(name = "links", inJson = JsonGroupAsBehavior.LIST)
263    )
264    private List<Link> _links;
265
266    @BoundField(
267        formalName = "Remarks",
268        description = "Additional commentary about the containing object.",
269        useName = "remarks",
270        typeAdapter = MarkupMultilineAdapter.class
271    )
272    private MarkupMultiline _remarks;
273
274    public Facet() {
275      this(null);
276    }
277
278    public Facet(IMetaschemaData data) {
279      this.__metaschemaData = data;
280    }
281
282    @Override
283    public IMetaschemaData getMetaschemaData() {
284      return __metaschemaData;
285    }
286
287    public String getName() {
288      return _name;
289    }
290
291    public void setName(String value) {
292      _name = value;
293    }
294
295    public URI getSystem() {
296      return _system;
297    }
298
299    public void setSystem(URI value) {
300      _system = value;
301    }
302
303    public String getValue() {
304      return _value;
305    }
306
307    public void setValue(String value) {
308      _value = value;
309    }
310
311    public List<Property> getProps() {
312      return _props;
313    }
314
315    public void setProps(List<Property> value) {
316      _props = value;
317    }
318
319    /**
320     * Add a new {@link Property} item to the underlying collection.
321     * @param item the item to add
322     * @return {@code true}
323     */
324    public boolean addProp(Property item) {
325      Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
326      if (_props == null) {
327        _props = new LinkedList<>();
328      }
329      return _props.add(value);
330    }
331
332    /**
333     * Remove the first matching {@link Property} item from the underlying collection.
334     * @param item the item to remove
335     * @return {@code true} if the item was removed or {@code false} otherwise
336     */
337    public boolean removeProp(Property item) {
338      Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
339      return _props != null && _props.remove(value);
340    }
341
342    public List<Link> getLinks() {
343      return _links;
344    }
345
346    public void setLinks(List<Link> value) {
347      _links = value;
348    }
349
350    /**
351     * Add a new {@link Link} item to the underlying collection.
352     * @param item the item to add
353     * @return {@code true}
354     */
355    public boolean addLink(Link item) {
356      Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
357      if (_links == null) {
358        _links = new LinkedList<>();
359      }
360      return _links.add(value);
361    }
362
363    /**
364     * Remove the first matching {@link Link} item from the underlying collection.
365     * @param item the item to remove
366     * @return {@code true} if the item was removed or {@code false} otherwise
367     */
368    public boolean removeLink(Link item) {
369      Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
370      return _links != null && _links.remove(value);
371    }
372
373    public MarkupMultiline getRemarks() {
374      return _remarks;
375    }
376
377    public void setRemarks(MarkupMultiline value) {
378      _remarks = value;
379    }
380
381    @Override
382    public String toString() {
383      return new ReflectionToStringBuilder(this, ToStringStyle.MULTI_LINE_STYLE).toString();
384    }
385  }
386}