Skip to content

NPE when resolving profile selecting catalog children controls without parent #232

New issue
New issue
Open
#233
Open
NPE when resolving profile selecting catalog children controls without parent#232
#233
Assignees
aj-stein-nist
Labels
bugSomething isn't working
Milestone
Future
@GaryGapinski

Description

@GaryGapinski
GaryGapinski
opened on Feb 19, 2023

Describe the bug

oscal-cli throws Exception in thread "main" java.lang.NullPointerException when resolving a profile.

Who is the bug affecting?

Users of oscal-cli who wish to resolve a profile.

What is affected by this bug?

oscal-cli fails during execution.

When does this occur?

macOS Ventura 13.2.1 MacBook Pro Intel hardware.

How do we replicate the issue?

Build oscal-cli using main branch of cloned repo.

Create an OSCAL profile instance document.

gapinski@flexion-mac-C02FCBVSMD6N resolver-pipeline % cat c-ce-p.xml                                                         
<?xml version="1.0" encoding="UTF-8"?>
<?xml-model href="https://github.com/usnistgov/OSCAL/raw/v1.0.4/xml/schema/oscal_complete_schema.xsd" schematypens="http://www.w3.org/2001/XMLSchema" title="OSCAL complete schema" ?>
<profile xmlns="http://csrc.nist.gov/ns/oscal/1.0" uuid="3353e8e1-3eef-42ef-8163-1f71616bafca">
    <metadata>
        <title />
        <last-modified>2023-02-18T13:06:18Z</last-modified>
        <version>2023-02-18T13:06:18Z</version>
        <oscal-version>1.0.4</oscal-version>
    </metadata>
    <import href="c-ce-c.xml">
        <include-controls>
            <with-id>c1.1</with-id>
        </include-controls>
    </import>
</profile>

Create an OSCAL catalog instance document.

gapinski@flexion-mac-C02FCBVSMD6N resolver-pipeline % cat c-ce-c.xml
<?xml version="1.0" encoding="UTF-8"?>
<?xml-model href="https://github.com/usnistgov/OSCAL/raw/v1.0.4/xml/schema/oscal_complete_schema.xsd" schematypens="http://www.w3.org/2001/XMLSchema" title="OSCAL complete schema" ?>
<catalog xmlns="http://csrc.nist.gov/ns/oscal/1.0" uuid="37b7acd4-ab3f-4217-99d1-2ab9e490db49">
    <metadata>
        <title />
        <last-modified>2023-02-18T13:06:18Z</last-modified>
        <version>2023-02-18T13:06:18Z</version>
        <oscal-version>1.0.4</oscal-version>
    </metadata>
    <control id="c1">
        <title />
        <control id="c1.1">
            <title />
        </control>
    </control>
</catalog>

Perform a profile resolution. Receive exception.

gapinski@flexion-mac-C02FCBVSMD6N resolver-pipeline % alias oscal-cli=/Users/gapinski/Projects/github/usnistgov/oscal-cli/cli-core/target/cli-core-0.3.2-oscal-cli/bin/oscal-cli
gapinski@flexion-mac-C02FCBVSMD6N resolver-pipeline % oscal-cli --version
oscal-cli version 0.3.2 built on 2023-02-19 12:19 on commit d652eac
OSCAL version @oscal-git.closest.tag.name@ on commit @oscal-git.commit.id.abbrev@
gapinski@flexion-mac-C02FCBVSMD6N resolver-pipeline % oscal-cli profile resolve c-ce-p.xml
Exception in thread "main" java.lang.NullPointerException
	at gov.nist.secauto.oscal.lib.profile.resolver.merge.FlatteningStructuringVisitor.visitControl(FlatteningStructuringVisitor.java:123)
	at gov.nist.secauto.oscal.lib.profile.resolver.merge.FlatteningStructuringVisitor.visitControl(FlatteningStructuringVisitor.java:55)
	at gov.nist.secauto.oscal.lib.profile.resolver.support.AbstractCatalogEntityVisitor.visitControlInternal(AbstractCatalogEntityVisitor.java:168)
	at gov.nist.secauto.oscal.lib.profile.resolver.support.AbstractCatalogVisitor.visitControlItem(AbstractCatalogVisitor.java:145)
	at gov.nist.secauto.oscal.lib.profile.resolver.support.AbstractCatalogVisitor.lambda$visitControlContainer$2(AbstractCatalogVisitor.java:127)
	at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195)
	at java.base/java.util.AbstractList$RandomAccessSpliterator.forEachRemaining(AbstractList.java:720)
	at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484)
	at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
	at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913)
	at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
	at java.base/java.util.stream.ReferencePipeline.reduce(ReferencePipeline.java:553)
	at gov.nist.secauto.oscal.lib.profile.resolver.support.AbstractCatalogVisitor.visitControlContainer(AbstractCatalogVisitor.java:129)
	at gov.nist.secauto.oscal.lib.profile.resolver.support.AbstractCatalogEntityVisitor.visitControlContainer(AbstractCatalogEntityVisitor.java:120)
	at gov.nist.secauto.oscal.lib.profile.resolver.support.AbstractCatalogVisitor.visitGroupContainer(AbstractCatalogVisitor.java:73)
	at gov.nist.secauto.oscal.lib.profile.resolver.support.AbstractCatalogEntityVisitor.visitGroupContainer(AbstractCatalogEntityVisitor.java:108)
	at gov.nist.secauto.oscal.lib.profile.resolver.support.AbstractCatalogVisitor.visitCatalog(AbstractCatalogVisitor.java:50)
	at gov.nist.secauto.oscal.lib.profile.resolver.support.AbstractCatalogEntityVisitor.visitCatalog(AbstractCatalogEntityVisitor.java:96)
	at gov.nist.secauto.oscal.lib.profile.resolver.merge.FlatteningStructuringVisitor.visitCatalog(FlatteningStructuringVisitor.java:84)
	at gov.nist.secauto.oscal.lib.profile.resolver.ProfileResolver.structureFlat(ProfileResolver.java:485)
	at gov.nist.secauto.oscal.lib.profile.resolver.ProfileResolver.handleMerge(ProfileResolver.java:449)
	at gov.nist.secauto.oscal.lib.profile.resolver.ProfileResolver.resolveProfile(ProfileResolver.java:205)
	at gov.nist.secauto.oscal.lib.profile.resolver.ProfileResolver.resolve(ProfileResolver.java:234)
	at gov.nist.secauto.oscal.lib.profile.resolver.ProfileResolver.resolve(ProfileResolver.java:219)
	at gov.nist.secauto.oscal.tools.cli.core.commands.profile.ResolveSubcommand.executeCommand(ResolveSubcommand.java:250)
	at gov.nist.secauto.oscal.tools.cli.framework.CLIProcessor.invokeCommand(CLIProcessor.java:259)
	at gov.nist.secauto.oscal.tools.cli.framework.CLIProcessor.parseCommand(CLIProcessor.java:235)
	at gov.nist.secauto.oscal.tools.cli.framework.CLIProcessor.processCommand(CLIProcessor.java:195)
	at gov.nist.secauto.oscal.tools.cli.framework.CLIProcessor.parseCommand(CLIProcessor.java:143)
	at gov.nist.secauto.oscal.tools.cli.framework.CLIProcessor.process(CLIProcessor.java:127)
	at gov.nist.secauto.oscal.tools.cli.core.CLI.parse(CLI.java:64)
	at gov.nist.secauto.oscal.tools.cli.core.CLI.main(CLI.java:46)
gapinski@flexion-mac-C02FCBVSMD6N resolver-pipeline %

Expected behavior (i.e. solution)

A resolved profile catalog document should be produced.

Other Comments

The specimen instance documents are in the attached archive.
c-ce.zip

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Type

No type

Projects

NIST OSCAL Work Board

Status

In Progress

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions