feat: upgrade to OSCAL 1.1.3

Signed-off-by: Lou DeGenaro <[email protected]>

tests/test_utils.py

@@ -190,6 +190,30 @@ def text_files_equal(path_a: pathlib.Path, path_b: pathlib.Path) -> bool:
     return True
 
 
+def text_files_similar(path_a: pathlib.Path, path_b: pathlib.Path, skip: str) -> bool:
+    """Determine if files are similar, ignoring newline style and lines containing <skip> text."""
+    try:
+        with open(path_a, 'r') as file_a:
+            with open(path_b, 'r') as file_b:
+                lines_a = file_a.readlines()
+                lines_b = file_b.readlines()
+                nlines = len(lines_a)
+                if nlines != len(lines_b):
+                    logger.error(f'n lines differ: {len(lines_a)} vs. {len(lines_b)}')
+                    return False
+                for ii in range(nlines):
+                    if lines_a[ii].rstrip('\r\n') != lines_b[ii].rstrip('\r\n'):
+                        if skip in lines_a[ii] and skip in lines_b[ii]:
+                            continue
+                        logger.error('lines differ:')
+                        logger.error(lines_a[ii])
+                        logger.error(lines_b[ii])
+                        return False
+    except Exception:
+        return False
+    return True
+
+
 def confirm_text_in_file(file_path: pathlib.Path, tag: str, text: str) -> bool:
     """Confirm the expected text is in the file on same line or after the tag."""
     if not file_path.exists():

tests/trestle/tasks/ocp4_cis_profile_to_oscal_cd_test.py

@@ -21,7 +21,7 @@
 
 from _pytest.monkeypatch import MonkeyPatch
 
-from tests.test_utils import text_files_equal
+from tests.test_utils import text_files_similar
 
 import trestle
 import trestle.tasks.ocp4_cis_profile_to_oscal_cd as ocp4_cis_profile_to_oscal_cd
@@ -89,7 +89,7 @@ def test_ocp4_cis_profile_to_oscal_cd_execute(tmp_path: pathlib.Path, monkeypatc
     for fn in list_dir:
         f_expected = d_expected / fn
         f_produced = d_produced / fn
-        result = text_files_equal(f_expected, f_produced)
+        result = text_files_similar(f_expected, f_produced, 'oscal-version')
         assert result
 
 
@@ -115,7 +115,7 @@ def test_ocp4_cis_profile_to_oscal_cd_execute_selected_rules2(tmp_path: pathlib.
     for fn in list_dir:
         f_expected = d_expected / fn
         f_produced = d_produced / fn
-        result = text_files_equal(f_expected, f_produced)
+        result = text_files_similar(f_expected, f_produced, 'oscal-version')
         assert result
 
 
@@ -141,7 +141,7 @@ def test_ocp4_cis_profile_to_oscal_cd_execute_enabled_rules2(tmp_path: pathlib.P
     for fn in list_dir:
         f_expected = d_expected / fn
         f_produced = d_produced / fn
-        result = text_files_equal(f_expected, f_produced)
+        result = text_files_similar(f_expected, f_produced, 'oscal-version')
         assert result
 
 

tests/trestle/tasks/xlsx_to_oscal_cd_test.py

@@ -20,7 +20,7 @@
 import uuid
 from unittest.mock import Mock, patch
 
-from tests.test_utils import text_files_equal
+from tests.test_utils import text_files_similar
 
 import trestle.tasks.xlsx_to_oscal_cd as xlsx_to_oscal_cd
 from trestle.tasks.base_task import TaskOutcome
@@ -77,7 +77,7 @@ def test_xlsx_execute(tmp_path):
     for fn in list_dir:
         f_expected = d_expected / fn
         f_produced = d_produced / fn
-        result = text_files_equal(f_expected, f_produced)
+        result = text_files_similar(f_expected, f_produced, 'oscal-version')
         assert result
 
 

tests/trestle/tasks/xlsx_to_oscal_profile_test.py

@@ -20,7 +20,7 @@
 import uuid
 from unittest.mock import Mock, patch
 
-from tests.test_utils import text_files_equal
+from tests.test_utils import text_files_similar
 
 import trestle.tasks.xlsx_to_oscal_profile as xlsx_to_oscal_profile
 from trestle.tasks.base_task import TaskOutcome
@@ -77,7 +77,7 @@ def test_xlsx_execute(tmp_path):
     for fn in list_dir:
         f_expected = d_expected / fn
         f_produced = d_produced / fn
-        result = text_files_equal(f_expected, f_produced)
+        result = text_files_similar(f_expected, f_produced, 'oscal-version')
         assert result
 
 
@@ -103,7 +103,7 @@ def test_xlsx_execute_with_blank_rows(tmp_path):
     for fn in list_dir:
         f_expected = d_expected / fn
         f_produced = d_produced / fn
-        result = text_files_equal(f_expected, f_produced)
+        result = text_files_similar(f_expected, f_produced, 'oscal-version')
         assert result
 
 
@@ -129,7 +129,7 @@ def test_xlsx_execute_with_missing_control_id(tmp_path):
     for fn in list_dir:
         f_expected = d_expected / fn
         f_produced = d_produced / fn
-        result = text_files_equal(f_expected, f_produced)
+        result = text_files_similar(f_expected, f_produced, 'oscal-version')
         assert result
 
 
@@ -157,7 +157,7 @@ def test_xlsx_execute_with_missing_rule_name_id(tmp_path):
     for fn in list_dir:
         f_expected = d_expected / fn
         f_produced = d_produced / fn
-        result = text_files_equal(f_expected, f_produced)
+        result = text_files_similar(f_expected, f_produced, 'oscal-version')
         assert result
 
 
@@ -183,7 +183,7 @@ def test_xlsx_execute_filter(tmp_path):
     for fn in list_dir:
         f_expected = d_expected / fn
         f_produced = d_produced / fn
-        result = text_files_equal(f_expected, f_produced)
+        result = text_files_similar(f_expected, f_produced, 'oscal-version')
         assert result
 
 
@@ -210,7 +210,7 @@ def test_xlsx_execute_by_control(tmp_path):
     for fn in list_dir:
         f_expected = d_expected / fn
         f_produced = d_produced / fn
-        result = text_files_equal(f_expected, f_produced)
+        result = text_files_similar(f_expected, f_produced, 'oscal-version')
         assert result
 
 
@@ -237,7 +237,7 @@ def test_xlsx_execute_by_rule(tmp_path):
     for fn in list_dir:
         f_expected = d_expected / fn
         f_produced = d_produced / fn
-        result = text_files_equal(f_expected, f_produced)
+        result = text_files_similar(f_expected, f_produced, 'oscal-version')
         assert result
 
 
@@ -264,7 +264,7 @@ def test_xlsx_execute_by_check(tmp_path):
     for fn in list_dir:
         f_expected = d_expected / fn
         f_produced = d_produced / fn
-        result = text_files_equal(f_expected, f_produced)
+        result = text_files_similar(f_expected, f_produced, 'oscal-version')
         assert result
 
 

trestle/oscal/__init__.py

@@ -1,6 +1,6 @@
 # -*- mode:python; coding:utf-8 -*-
 
-# Copyright (c) 2024 IBM Corp. All rights reserved.
+# Copyright (c) 2025 IBM Corp. All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -15,5 +15,5 @@
 # limitations under the License.
 
 #TODO: Ensure this is automatically updated successfully.
-OSCAL_VERSION = '1.1.2'
-OSCAL_VERSION_REGEX = r'^1\.1\.[0-2]$'
+OSCAL_VERSION = '1.1.3'
+OSCAL_VERSION_REGEX = r'^1\.1\.[0-3]$'

trestle/oscal/common.py

@@ -362,7 +362,7 @@ class Config:
     ) = Field(
         ...,
         description=
-        "A textual label, within a namespace, that uniquely identifies a specific attribute, characteristic, or quality of the property's containing object.",
+        "A textual label, within a namespace, that identifies a specific attribute, characteristic, or quality of the property's containing object.",
         title='Property Name'
     )
     uuid: Optional[constr(
@@ -410,17 +410,21 @@ class PortRangeValidValues(Enum):
 
 class PortRange(OscalBaseModel):
     """
-    Where applicable this is the IPv4 port range on which the service operates.
+    Where applicable this is the transport layer protocol port range an IPv4-based or IPv6-based service uses.
     """
 
     class Config:
         extra = Extra.forbid
 
     start: Optional[conint(ge=0, multiple_of=1)] = Field(
-        None, description='Indicates the starting port number in a port range', title='Start'
+        None,
+        description='Indicates the starting port number in a port range for a transport layer protocol',
+        title='Start'
     )
     end: Optional[conint(ge=0, multiple_of=1)] = Field(
-        None, description='Indicates the ending port number in a port range', title='End'
+        None,
+        description='Indicates the ending port number in a port range for a transport layer protocol',
+        title='End'
     )
     transport: Optional[PortRangeValidValues] = Field(
         None, description='Indicates the transport type.', title='Transport'
@@ -556,6 +560,7 @@ class NamingSystemValidValues(Enum):
     http___www_first_org_cvss_v2_0 = 'http://www.first.org/cvss/v2.0'
     http___www_first_org_cvss_v3_0 = 'http://www.first.org/cvss/v3.0'
     http___www_first_org_cvss_v3_1 = 'http://www.first.org/cvss/v3.1'
+    https___www_first_org_cvss_v4_0 = 'https://www.first.org/cvss/v4-0'
 
 
 class Name(Enum):
@@ -1592,8 +1597,8 @@ class Config:
         'A machine-oriented, globally unique identifier with cross-instance scope that can be used to reference this service protocol information elsewhere in this or other OSCAL instances. The locally defined UUID of the service protocol can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned per-subject, which means it should be consistently used to identify the same subject across revisions of the document.',
         title='Service Protocol Information Universally Unique Identifier',
     )
-    name: constr(regex=r'^\S(.*\S)?$') = Field(
-        ...,
+    name: Optional[constr(regex=r'^\S(.*\S)?$')] = Field(
+        None,
         description=
         'The common name of the protocol, which should be the appropriate "service name" from the IANA Service Name and Transport Protocol Port Number Registry.',
         title='Protocol Name'