Source code

001package gov.nist.secauto.oscal.lib.model;
002
003import gov.nist.secauto.metaschema.core.datatype.adapter.TokenAdapter;
004import gov.nist.secauto.metaschema.core.datatype.adapter.UuidAdapter;
005import gov.nist.secauto.metaschema.core.datatype.markup.MarkupLine;
006import gov.nist.secauto.metaschema.core.datatype.markup.MarkupLineAdapter;
007import gov.nist.secauto.metaschema.core.datatype.markup.MarkupMultiline;
008import gov.nist.secauto.metaschema.core.datatype.markup.MarkupMultilineAdapter;
009import gov.nist.secauto.metaschema.core.model.IBoundObject;
010import gov.nist.secauto.metaschema.core.model.IMetaschemaData;
011import gov.nist.secauto.metaschema.core.model.JsonGroupAsBehavior;
012import gov.nist.secauto.metaschema.core.model.constraint.IConstraint;
013import gov.nist.secauto.metaschema.core.util.ObjectUtils;
014import gov.nist.secauto.metaschema.databind.model.annotations.AllowedValue;
015import gov.nist.secauto.metaschema.databind.model.annotations.AllowedValues;
016import gov.nist.secauto.metaschema.databind.model.annotations.BoundAssembly;
017import gov.nist.secauto.metaschema.databind.model.annotations.BoundField;
018import gov.nist.secauto.metaschema.databind.model.annotations.BoundFlag;
019import gov.nist.secauto.metaschema.databind.model.annotations.GroupAs;
020import gov.nist.secauto.metaschema.databind.model.annotations.MetaschemaAssembly;
021import gov.nist.secauto.metaschema.databind.model.annotations.ValueConstraints;
022import java.lang.Override;
023import java.lang.String;
024import java.util.LinkedList;
025import java.util.List;
026import java.util.UUID;
027import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
028import org.apache.commons.lang3.builder.ToStringStyle;
029
030/**
031 * Describes either recommended or an actual plan for addressing the risk.
032 */
033@MetaschemaAssembly(
034    formalName = "Risk Response",
035    description = "Describes either recommended or an actual plan for addressing the risk.",
036    name = "response",
037    moduleClass = OscalAssessmentCommonModule.class,
038    valueConstraints = @ValueConstraints(allowedValues = {@AllowedValues(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name", values = @AllowedValue(value = "type", description = "Risk Response Type")), @AllowedValues(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='type']/@value", values = {@AllowedValue(value = "avoid", description = "The risk will be eliminated."), @AllowedValue(value = "mitigate", description = "The risk will be reduced."), @AllowedValue(value = "transfer", description = "The risk will be transferred to another organization or entity."), @AllowedValue(value = "accept", description = "The risk will continue to exist without further efforts to address it. (Sometimes referred to as \"Operationally required\")"), @AllowedValue(value = "share", description = "The risk will be partially transferred to another organization or entity."), @AllowedValue(value = "contingency", description = "Plans will be made to address the risk impact if the risk occurs. (This is a form of mitigation.)"), @AllowedValue(value = "none", description = "No response, such as when the identified risk is found to be a false positive.")})})
039)
040public class Response implements IBoundObject {
041  private final IMetaschemaData __metaschemaData;
042
043  /**
044   * "A <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented\">machine-oriented</a>, <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique\">globally unique</a> identifier with <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance\">cross-instance</a> scope that can be used to reference this remediation elsewhere in <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#scope\">this or other OSCAL instances</a>. The locally defined <em>UUID</em> of the <code>risk response</code> can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency\">per-subject</a>, which means it should be consistently used to identify the same subject across revisions of the document."
045   */
046  @BoundFlag(
047      formalName = "Remediation Universally Unique Identifier",
048      description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope that can be used to reference this remediation elsewhere in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#scope). The locally defined *UUID* of the `risk response` can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same subject across revisions of the document.",
049      name = "uuid",
050      required = true,
051      typeAdapter = UuidAdapter.class
052  )
053  private UUID _uuid;
054
055  /**
056   * "Identifies whether this is a recommendation, such as from an assessor or tool, or an actual plan accepted by the system owner."
057   */
058  @BoundFlag(
059      formalName = "Remediation Intent",
060      description = "Identifies whether this is a recommendation, such as from an assessor or tool, or an actual plan accepted by the system owner.",
061      name = "lifecycle",
062      required = true,
063      typeAdapter = TokenAdapter.class,
064      valueConstraints = @ValueConstraints(allowedValues = @AllowedValues(level = IConstraint.Level.ERROR, allowOthers = true, values = {@AllowedValue(value = "recommendation", description = "Recommended remediation."), @AllowedValue(value = "planned", description = "The actions intended to resolve the risk."), @AllowedValue(value = "completed", description = "This remediation activities were performed to address the risk.")}))
065  )
066  private String _lifecycle;
067
068  @BoundField(
069      formalName = "Response Title",
070      description = "The title for this response activity.",
071      useName = "title",
072      minOccurs = 1,
073      typeAdapter = MarkupLineAdapter.class
074  )
075  private MarkupLine _title;
076
077  @BoundField(
078      formalName = "Response Description",
079      description = "A human-readable description of this response plan.",
080      useName = "description",
081      minOccurs = 1,
082      typeAdapter = MarkupMultilineAdapter.class
083  )
084  private MarkupMultiline _description;
085
086  @BoundAssembly(
087      formalName = "Property",
088      description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.",
089      useName = "prop",
090      maxOccurs = -1,
091      groupAs = @GroupAs(name = "props", inJson = JsonGroupAsBehavior.LIST)
092  )
093  private List<Property> _props;
094
095  @BoundAssembly(
096      formalName = "Link",
097      description = "A reference to a local or remote resource, that has a specific relation to the containing object.",
098      useName = "link",
099      maxOccurs = -1,
100      groupAs = @GroupAs(name = "links", inJson = JsonGroupAsBehavior.LIST)
101  )
102  private List<Link> _links;
103
104  @BoundAssembly(
105      formalName = "Origin",
106      description = "Identifies the source of the finding, such as a tool, interviewed person, or activity.",
107      useName = "origin",
108      remarks = "Used to identify the individual and/or tool that generated this recommended or planned response.",
109      maxOccurs = -1,
110      groupAs = @GroupAs(name = "origins", inJson = JsonGroupAsBehavior.LIST)
111  )
112  private List<Origin> _origins;
113
114  @BoundAssembly(
115      formalName = "Required Asset",
116      description = "Identifies an asset required to achieve remediation.",
117      useName = "required-asset",
118      maxOccurs = -1,
119      groupAs = @GroupAs(name = "required-assets", inJson = JsonGroupAsBehavior.LIST)
120  )
121  private List<RequiredAsset> _requiredAssets;
122
123  @BoundAssembly(
124      formalName = "Task",
125      description = "Represents a scheduled event or milestone, which may be associated with a series of assessment actions.",
126      useName = "task",
127      maxOccurs = -1,
128      groupAs = @GroupAs(name = "tasks", inJson = JsonGroupAsBehavior.LIST)
129  )
130  private List<Task> _tasks;
131
132  @BoundField(
133      formalName = "Remarks",
134      description = "Additional commentary about the containing object.",
135      useName = "remarks",
136      typeAdapter = MarkupMultilineAdapter.class
137  )
138  private MarkupMultiline _remarks;
139
140  public Response() {
141    this(null);
142  }
143
144  public Response(IMetaschemaData data) {
145    this.__metaschemaData = data;
146  }
147
148  @Override
149  public IMetaschemaData getMetaschemaData() {
150    return __metaschemaData;
151  }
152
153  public UUID getUuid() {
154    return _uuid;
155  }
156
157  public void setUuid(UUID value) {
158    _uuid = value;
159  }
160
161  public String getLifecycle() {
162    return _lifecycle;
163  }
164
165  public void setLifecycle(String value) {
166    _lifecycle = value;
167  }
168
169  public MarkupLine getTitle() {
170    return _title;
171  }
172
173  public void setTitle(MarkupLine value) {
174    _title = value;
175  }
176
177  public MarkupMultiline getDescription() {
178    return _description;
179  }
180
181  public void setDescription(MarkupMultiline value) {
182    _description = value;
183  }
184
185  public List<Property> getProps() {
186    return _props;
187  }
188
189  public void setProps(List<Property> value) {
190    _props = value;
191  }
192
193  /**
194   * Add a new {@link Property} item to the underlying collection.
195   * @param item the item to add
196   * @return {@code true}
197   */
198  public boolean addProp(Property item) {
199    Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
200    if (_props == null) {
201      _props = new LinkedList<>();
202    }
203    return _props.add(value);
204  }
205
206  /**
207   * Remove the first matching {@link Property} item from the underlying collection.
208   * @param item the item to remove
209   * @return {@code true} if the item was removed or {@code false} otherwise
210   */
211  public boolean removeProp(Property item) {
212    Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
213    return _props != null && _props.remove(value);
214  }
215
216  public List<Link> getLinks() {
217    return _links;
218  }
219
220  public void setLinks(List<Link> value) {
221    _links = value;
222  }
223
224  /**
225   * Add a new {@link Link} item to the underlying collection.
226   * @param item the item to add
227   * @return {@code true}
228   */
229  public boolean addLink(Link item) {
230    Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
231    if (_links == null) {
232      _links = new LinkedList<>();
233    }
234    return _links.add(value);
235  }
236
237  /**
238   * Remove the first matching {@link Link} item from the underlying collection.
239   * @param item the item to remove
240   * @return {@code true} if the item was removed or {@code false} otherwise
241   */
242  public boolean removeLink(Link item) {
243    Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
244    return _links != null && _links.remove(value);
245  }
246
247  public List<Origin> getOrigins() {
248    return _origins;
249  }
250
251  public void setOrigins(List<Origin> value) {
252    _origins = value;
253  }
254
255  /**
256   * Add a new {@link Origin} item to the underlying collection.
257   * @param item the item to add
258   * @return {@code true}
259   */
260  public boolean addOrigin(Origin item) {
261    Origin value = ObjectUtils.requireNonNull(item,"item cannot be null");
262    if (_origins == null) {
263      _origins = new LinkedList<>();
264    }
265    return _origins.add(value);
266  }
267
268  /**
269   * Remove the first matching {@link Origin} item from the underlying collection.
270   * @param item the item to remove
271   * @return {@code true} if the item was removed or {@code false} otherwise
272   */
273  public boolean removeOrigin(Origin item) {
274    Origin value = ObjectUtils.requireNonNull(item,"item cannot be null");
275    return _origins != null && _origins.remove(value);
276  }
277
278  public List<RequiredAsset> getRequiredAssets() {
279    return _requiredAssets;
280  }
281
282  public void setRequiredAssets(List<RequiredAsset> value) {
283    _requiredAssets = value;
284  }
285
286  /**
287   * Add a new {@link RequiredAsset} item to the underlying collection.
288   * @param item the item to add
289   * @return {@code true}
290   */
291  public boolean addRequiredAsset(RequiredAsset item) {
292    RequiredAsset value = ObjectUtils.requireNonNull(item,"item cannot be null");
293    if (_requiredAssets == null) {
294      _requiredAssets = new LinkedList<>();
295    }
296    return _requiredAssets.add(value);
297  }
298
299  /**
300   * Remove the first matching {@link RequiredAsset} item from the underlying collection.
301   * @param item the item to remove
302   * @return {@code true} if the item was removed or {@code false} otherwise
303   */
304  public boolean removeRequiredAsset(RequiredAsset item) {
305    RequiredAsset value = ObjectUtils.requireNonNull(item,"item cannot be null");
306    return _requiredAssets != null && _requiredAssets.remove(value);
307  }
308
309  public List<Task> getTasks() {
310    return _tasks;
311  }
312
313  public void setTasks(List<Task> value) {
314    _tasks = value;
315  }
316
317  /**
318   * Add a new {@link Task} item to the underlying collection.
319   * @param item the item to add
320   * @return {@code true}
321   */
322  public boolean addTask(Task item) {
323    Task value = ObjectUtils.requireNonNull(item,"item cannot be null");
324    if (_tasks == null) {
325      _tasks = new LinkedList<>();
326    }
327    return _tasks.add(value);
328  }
329
330  /**
331   * Remove the first matching {@link Task} item from the underlying collection.
332   * @param item the item to remove
333   * @return {@code true} if the item was removed or {@code false} otherwise
334   */
335  public boolean removeTask(Task item) {
336    Task value = ObjectUtils.requireNonNull(item,"item cannot be null");
337    return _tasks != null && _tasks.remove(value);
338  }
339
340  public MarkupMultiline getRemarks() {
341    return _remarks;
342  }
343
344  public void setRemarks(MarkupMultiline value) {
345    _remarks = value;
346  }
347
348  @Override
349  public String toString() {
350    return new ReflectionToStringBuilder(this, ToStringStyle.MULTI_LINE_STYLE).toString();
351  }
352
353  /**
354   * Identifies an asset required to achieve remediation.
355   */
356  @MetaschemaAssembly(
357      formalName = "Required Asset",
358      description = "Identifies an asset required to achieve remediation.",
359      name = "required-asset",
360      moduleClass = OscalAssessmentCommonModule.class
361  )
362  public static class RequiredAsset implements IBoundObject {
363    private final IMetaschemaData __metaschemaData;
364
365    /**
366     * "A <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented\">machine-oriented</a>, <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique\">globally unique</a> identifier with <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance\">cross-instance</a> scope that can be used to reference this required asset elsewhere in <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#scope\">this or other OSCAL instances</a>. The locally defined <em>UUID</em> of the <code>asset</code> can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned <a href=\"https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency\">per-subject</a>, which means it should be consistently used to identify the same subject across revisions of the document."
367     */
368    @BoundFlag(
369        formalName = "Required Universally Unique Identifier",
370        description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope that can be used to reference this required asset elsewhere in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#scope). The locally defined *UUID* of the `asset` can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same subject across revisions of the document.",
371        name = "uuid",
372        required = true,
373        typeAdapter = UuidAdapter.class
374    )
375    private UUID _uuid;
376
377    @BoundAssembly(
378        formalName = "Identifies the Subject",
379        description = "A [human-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#human-oriented) identifier reference to a resource. Use type to indicate whether the identified resource is a component, inventory item, location, user, or something else.",
380        useName = "subject",
381        remarks = "Identifies an asset associated with this requirement, such as a party, system component, or inventory-item.",
382        maxOccurs = -1,
383        groupAs = @GroupAs(name = "subjects", inJson = JsonGroupAsBehavior.LIST)
384    )
385    private List<SubjectReference> _subjects;
386
387    @BoundField(
388        formalName = "Title for Required Asset",
389        description = "The title for this required asset.",
390        useName = "title",
391        typeAdapter = MarkupLineAdapter.class
392    )
393    private MarkupLine _title;
394
395    @BoundField(
396        formalName = "Description of Required Asset",
397        description = "A human-readable description of this required asset.",
398        useName = "description",
399        minOccurs = 1,
400        typeAdapter = MarkupMultilineAdapter.class
401    )
402    private MarkupMultiline _description;
403
404    @BoundAssembly(
405        formalName = "Property",
406        description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.",
407        useName = "prop",
408        maxOccurs = -1,
409        groupAs = @GroupAs(name = "props", inJson = JsonGroupAsBehavior.LIST)
410    )
411    private List<Property> _props;
412
413    @BoundAssembly(
414        formalName = "Link",
415        description = "A reference to a local or remote resource, that has a specific relation to the containing object.",
416        useName = "link",
417        maxOccurs = -1,
418        groupAs = @GroupAs(name = "links", inJson = JsonGroupAsBehavior.LIST)
419    )
420    private List<Link> _links;
421
422    @BoundField(
423        formalName = "Remarks",
424        description = "Additional commentary about the containing object.",
425        useName = "remarks",
426        typeAdapter = MarkupMultilineAdapter.class
427    )
428    private MarkupMultiline _remarks;
429
430    public RequiredAsset() {
431      this(null);
432    }
433
434    public RequiredAsset(IMetaschemaData data) {
435      this.__metaschemaData = data;
436    }
437
438    @Override
439    public IMetaschemaData getMetaschemaData() {
440      return __metaschemaData;
441    }
442
443    public UUID getUuid() {
444      return _uuid;
445    }
446
447    public void setUuid(UUID value) {
448      _uuid = value;
449    }
450
451    public List<SubjectReference> getSubjects() {
452      return _subjects;
453    }
454
455    public void setSubjects(List<SubjectReference> value) {
456      _subjects = value;
457    }
458
459    /**
460     * Add a new {@link SubjectReference} item to the underlying collection.
461     * @param item the item to add
462     * @return {@code true}
463     */
464    public boolean addSubject(SubjectReference item) {
465      SubjectReference value = ObjectUtils.requireNonNull(item,"item cannot be null");
466      if (_subjects == null) {
467        _subjects = new LinkedList<>();
468      }
469      return _subjects.add(value);
470    }
471
472    /**
473     * Remove the first matching {@link SubjectReference} item from the underlying collection.
474     * @param item the item to remove
475     * @return {@code true} if the item was removed or {@code false} otherwise
476     */
477    public boolean removeSubject(SubjectReference item) {
478      SubjectReference value = ObjectUtils.requireNonNull(item,"item cannot be null");
479      return _subjects != null && _subjects.remove(value);
480    }
481
482    public MarkupLine getTitle() {
483      return _title;
484    }
485
486    public void setTitle(MarkupLine value) {
487      _title = value;
488    }
489
490    public MarkupMultiline getDescription() {
491      return _description;
492    }
493
494    public void setDescription(MarkupMultiline value) {
495      _description = value;
496    }
497
498    public List<Property> getProps() {
499      return _props;
500    }
501
502    public void setProps(List<Property> value) {
503      _props = value;
504    }
505
506    /**
507     * Add a new {@link Property} item to the underlying collection.
508     * @param item the item to add
509     * @return {@code true}
510     */
511    public boolean addProp(Property item) {
512      Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
513      if (_props == null) {
514        _props = new LinkedList<>();
515      }
516      return _props.add(value);
517    }
518
519    /**
520     * Remove the first matching {@link Property} item from the underlying collection.
521     * @param item the item to remove
522     * @return {@code true} if the item was removed or {@code false} otherwise
523     */
524    public boolean removeProp(Property item) {
525      Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
526      return _props != null && _props.remove(value);
527    }
528
529    public List<Link> getLinks() {
530      return _links;
531    }
532
533    public void setLinks(List<Link> value) {
534      _links = value;
535    }
536
537    /**
538     * Add a new {@link Link} item to the underlying collection.
539     * @param item the item to add
540     * @return {@code true}
541     */
542    public boolean addLink(Link item) {
543      Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
544      if (_links == null) {
545        _links = new LinkedList<>();
546      }
547      return _links.add(value);
548    }
549
550    /**
551     * Remove the first matching {@link Link} item from the underlying collection.
552     * @param item the item to remove
553     * @return {@code true} if the item was removed or {@code false} otherwise
554     */
555    public boolean removeLink(Link item) {
556      Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
557      return _links != null && _links.remove(value);
558    }
559
560    public MarkupMultiline getRemarks() {
561      return _remarks;
562    }
563
564    public void setRemarks(MarkupMultiline value) {
565      _remarks = value;
566    }
567
568    @Override
569    public String toString() {
570      return new ReflectionToStringBuilder(this, ToStringStyle.MULTI_LINE_STYLE).toString();
571    }
572  }
573}