-
Notifications
You must be signed in to change notification settings - Fork 187
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Modify validation for Phone Numbers #2041
Comments
@Telos-sa - can you please provide the version of the |
How will extensions be noted when the regex pattern "^[0-9]{3}[0-9]{1,12}$" is used? Also numbers with prefixes marked with () ? |
@iMichaela This is version 2.0.2 of the base OSCAL validator (no FedRAMP constraints were used). I downloaded the pre-built version from https://repo1.maven.org/maven2/dev/metaschema/oscal/oscal-cli-enhanced/2.0.2/ as outlined on https://github.com/metaschema-framework/oscal-cli. If this is an incorrect oscal-cli please let us know where we can go to install the correct. |
NIST https://github.com/metaschema-framework/oscal-cli is not a NIST repo. Here is NIST repo: https://github.com/usnistgov/oscal-cli Thank you. |
Apologies for the version confusion, I have installed v1.0.3 from https://github.com/usnistgov/oscal-cli: It makes sense that telephone-numbers>number would have a different validation regex pattern than strings, but that is not outlined in the v1.1.2 OSCAL metaschema. telephone-numbers section under parties:
Assembly for field_oscal-metadata_telephone-number:
StringDataType definition:
The regex pattern "^[0-9]{3}[0-9]{1,12}$" is used by the oscal-cli for validation, but is not outlined anywhere in the metaschema. |
Hi, - note, this is corrected from earlier. (I checked again!) The constraint being discussed is presumably this "WARNING"-level constraint at
This is non-operative in the JSON schema (or XSD) but will throw an error in a processor implementing the constraint as expressed. Presumably it's a WARNING because it was understood to be too broad. We could make the warning go away by removing or relaxing the constraint. |
Since many numbers can be noted with extensions that need to be documented with the phone number, or other, a with a + sign in front for international numbers , or have area code in parentheses, the warning (to me) is meant to raise human's attention to ensure the inserted number is correct, when non-numeric values are used. Tere is also the SIP protocol (https://en.wikipedia.org/wiki/SIP_URI_scheme) with valid format like sip:[email protected] |
Ah, "telephone numbers". They can be and are anything you want them to be. The word numbers is inadequate. Perhaps even telephone. TL;DR: The constraint mentioned — Without locale-specific presentation/formatting, even numeric telephone "numbers" look bad if subjected to artifical and unwarranted constraints. Some references:
Examples (mostly not E.123) (I frequently find demarcation of treasured "number" syllables via periods, hyphens, spaces, parentheses): |
Excellent point about validation against To the end of stabilizing testing and making cross-checks easier, if anyone is interested in schema field testing (either in theory or in practice), let me know or take a look at https://github.com/usnistgov/oscal-xproc3/tree/main/schema-field-tests Fantastic info @GaryGapinski - thanks for the links. |
Noting in passing that the current |
@wendellpiez - can you please elaborate how are the warnings from oscal-cli handled in the metaschema-xslt ? In which branch do you have these latest updates? |
@iMichaela recently merged into the main branch of the in metaschema-xslt repository (called The "Inspector XSLT" generator works the same way as the schema generators do - you call it with your metaschema (from a command line or under CI/CD), and it generates an output, in this case not a schema but an XSLT 'schema emulator' that you can use to validate your OSCAL XML. I'm happy to help anyone interested in testing. So far no one (tmk) has tried it except myself and one volunteer assistant, and on a testing metaschema, not OSCAL. However, I would also caution that I built this originally as a proof of concept, and subsequently to work up my skills in unit testing - but it has no maintenance model and no 'team' to help (no users, only one dev). This makes me hesitant to offer it as a solution (even if it could be a 'next step' as I mentioned). Indeed, another much simpler idea along the same lines is simply to cross-test the rules using Schematron - here is an example (testing port-range rules (an XSpec file for unit testing the Schematron implementation): https://github.com/wendellpiez/oscal-xproc3/blob/ssp-portrange-constraints-May2024/schema-field-tests/reference-sets/ssp-model/port-ranges-test.xspec - this is a piece of cake 🍰 if you can work an XSpec. |
libphonenumber may be of interest to those with a need to manipulate phone numbers. |
User Story
Currently the listed type for metadata>parties>telephone-numbers>number is a string, which has the regular expression pattern "\S(.*\S)?":
When validating using the oscal-cli, this field instead uses the regex pattern "^[0-9]{3}[0-9]{1,12}$" for validation, and throws warnings for varying (fake) phone numbers:
Goals
Validate using the string regex pattern which is outlined in the schema
Or
Create a new datatype for telephone-numbers>number that lists the regex pattern that is actually being used for validation
Dependencies
No response
Acceptance Criteria
(For reviewers: The wiki has guidance on code review and overall issue review for completeness.)
Revisions
No response
The text was updated successfully, but these errors were encountered: