fix(generate): component generation fixed for many catalogs

[brandtkeller]

Description

This fixes a nil pointer dereference error caught while testing the fedramp catalog generation.

This also includes much better depth of control enumeration given how groups and controls can be potentially nested in catalogs.

Testing Targets

Outside of the unit testing for generation functionality - catalogs that can be used for testing:

https://raw.githubusercontent.com/usnistgov/oscal-content/main/examples/catalog/json/basic-catalog.json

https://raw.githubusercontent.com/GSA/fedramp-automation/93ca0e20ff5e54fc04140613476fba80f08e3c7d/dist/content/rev5/baselines/json/FedRAMP_rev5_HIGH-baseline-resolved-profile_catalog.json

https://raw.githubusercontent.com/usnistgov/oscal-content/main/nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5_catalog.json

Related Issue

Fixes #571

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Other (security config, docs update, etc)

Checklist before merging

• Test, docs, adr added or updated as needed
• Schema Updates applied
• Contributor Guide Steps followed

[meganwolf0]

I tried with the basic-catalog and got the following

❯ lula generate component -c https://raw.githubusercontent.com/usnistgov/oscal-content/main/examples/catalog/json/basic-catalog.json -r s1.1.1  -l debug   
  DEBUG   2024-08-02T13:14:14-04:00  -  Log level set to debug

 NOTE  Saving log file to
       /var/folders/6t/7mh42zsx6yv_3qzw2sfyh5f80000gn/T/lula-2024-08-02-13-14-14-2093984482.log
  DEBUG   2024-08-02T13:14:14-04:00  -  jsonschema: '' does not validate with http://csrc.nist.gov/ns/oscal/1.0/1.1.2/oscal-complete-schema.json#/oneOf/0/required: missing properties: 'catalog'
     ERROR:  error writing component to file
  DEBUG   2024-08-02T13:14:14-04:00  -  goroutine 1 [running]:
          runtime/debug.Stack()
                runtime/debug/stack.go:24 +0x64
          github.com/defenseunicorns/lula/src/pkg/message.Fatal({0x102718240?, 0x14000a4a960?}, {0x1400005a400, 0x1f})
                github.com/defenseunicorns/lula/src/pkg/message/message.go:169 +0x11c
          github.com/defenseunicorns/lula/src/pkg/message.Fatalf({0x102718240, 0x14000a4a960}, {0x101c75644?, 0x1?}, {0x0?, 0x140009e9b70?, 0x1?})
                github.com/defenseunicorns/lula/src/pkg/message/message.go:176 +0x78
          github.com/defenseunicorns/lula/src/cmd/generate.init.func1(0x103a65020, {0x14000114ae0?, 0x4?, 0x101c3f437?})
                github.com/defenseunicorns/lula/src/cmd/generate/generate.go:123 +0x4bc
          github.com/spf13/cobra.(*Command).execute(0x103a65020, {0x14000114a80, 0x6, 0x6})
                github.com/spf13/cobra@v1.8.1/command.go:989 +0x828
          github.com/spf13/cobra.(*Command).ExecuteC(0x103a641c0)
                github.com/spf13/cobra@v1.8.1/command.go:1117 +0x344
          github.com/spf13/cobra.(*Command).Execute(...)
                github.com/spf13/cobra@v1.8.1/command.go:1041
          github.com/defenseunicorns/lula/src/cmd.Execute()
                github.com/defenseunicorns/lula/src/cmd/root.go:57 +0x24
          main.main()
                github.com/defenseunicorns/lula/main.go:8 +0x1c

Is that expected? Seems like the basic catalog isn't providing some required data for the component-definition to be properly constructed (the error seems to indicate it's missing catalog though which doesn't make a ton of sense since that was the input?)

[brandtkeller]

I tried with the basic-catalog and got the following
...
Is that expected? Seems like the basic catalog isn't providing some required data for the component-definition to be properly constructed (the error seems to indicate it's missing catalog though which doesn't make a ton of sense since that was the input?)

That error is indicating a problem writing to a file - and given that a validation error is occurring - is there any chance you attempted to write this output (possibly the default file output) to a pre-existing and non-valid file?

[meganwolf0]

is there any chance you attempted to write this output (possibly the default file output) to a pre-existing and non-valid file?

Ok yep I went back and reviewed the commands I used -
First I ran this

lula generate component -c https://raw.githubusercontent.com/usnistgov/oscal-content/main/examples/catalog/json/basic-catalog.json -r s1 -l debug

Which output a component.yaml but there were no implemented requirements since s1 is not valid. I then ran:

lula generate component -c https://raw.githubusercontent.com/usnistgov/oscal-content/main/examples/catalog/json/basic-catalog.json -r s1.1.1 -l debug

Which tries to write to the same component-definition, but I guess is hitting that error that the file is invalid? Which is sort of weird because it was written the first time around... Definitely an edge case, but looks like the initial command output an invalid file or something.

[brandtkeller]

Which tries to write to the same component-definition, but I guess is hitting that error that the file is invalid? Which is sort of weird because it was written the first time around... Definitely an edge case, but looks like the initial command output an invalid file or something.

Agreed - I'll look at fixing some of this behavior.

[brandtkeller]

@meganwolf0 We now verify that at least one control was identified before the creation of the file otherwise producing an error that no controls could be found.

This should prevent the issue you saw before.