| 1 | // SPDX-License-Identifier: Apache-2.0 | |
| 2 | // Copyright 2026 Egothor | |
| 3 | // Copyright 2026 Accenture | |
| 4 | package org.egothor.methodatlas.evidence; | |
| 5 | ||
| 6 | import java.util.Locale; | |
| 7 | import java.util.stream.Collectors; | |
| 8 | import java.util.stream.Stream; | |
| 9 | ||
| 10 | /** | |
| 11 | * Compliance frameworks that the {@code -evidence-pack} CLI mode can target. | |
| 12 | * | |
| 13 | * <p> | |
| 14 | * Each enum constant carries the canonical token used in pack metadata and in | |
| 15 | * the default output directory name. Tokens are kept stable because external | |
| 16 | * audit tooling treats them as identifiers, not labels. | |
| 17 | * </p> | |
| 18 | * | |
| 19 | * <p> | |
| 20 | * The {@link #parse(String)} factory accepts case-insensitive input but always | |
| 21 | * emits the canonical form in metadata files. | |
| 22 | * </p> | |
| 23 | * | |
| 24 | * @see EvidencePackOptions | |
| 25 | */ | |
| 26 | public enum EvidenceFramework { | |
| 27 | ||
| 28 | /** OWASP Application Security Verification Standard. */ | |
| 29 | ASVS("ASVS"), | |
| 30 | ||
| 31 | /** PCI DSS requirement 6.4.1 (software security requirements). */ | |
| 32 | PCI_6_4_1("PCI-6.4.1"), | |
| 33 | ||
| 34 | /** NIST Secure Software Development Framework, practice PW.8. */ | |
| 35 | NIST_SSDF_PW8("NIST-SSDF-PW.8"), | |
| 36 | ||
| 37 | /** ISO/IEC 27001:2022 control 8.29 (secure development lifecycle). */ | |
| 38 | ISO_27001_8_29("ISO-27001-8.29"); | |
| 39 | ||
| 40 | private final String canonicalToken; | |
| 41 | ||
| 42 | EvidenceFramework(String canonicalToken) { | |
| 43 | this.canonicalToken = canonicalToken; | |
| 44 | } | |
| 45 | ||
| 46 | /** | |
| 47 | * Returns the canonical, case-sensitive token used to identify this | |
| 48 | * framework in pack metadata and on disk. | |
| 49 | * | |
| 50 | * @return canonical token; never {@code null} | |
| 51 | */ | |
| 52 | public String canonicalToken() { | |
| 53 |
1
1. canonicalToken : replaced return value with "" for org/egothor/methodatlas/evidence/EvidenceFramework::canonicalToken → KILLED |
return canonicalToken; |
| 54 | } | |
| 55 | ||
| 56 | /** | |
| 57 | * Parses a framework token supplied on the command line. | |
| 58 | * | |
| 59 | * <p> | |
| 60 | * Matching is case-insensitive. The accepted tokens are exactly the | |
| 61 | * {@link #canonicalToken()} values of the enum constants. | |
| 62 | * </p> | |
| 63 | * | |
| 64 | * @param token raw token supplied by the user; must not be {@code null} | |
| 65 | * @return the matching enum constant; never {@code null} | |
| 66 | * @throws IllegalArgumentException if {@code token} does not match any | |
| 67 | * known framework; the exception message | |
| 68 | * lists every valid token | |
| 69 | */ | |
| 70 | public static EvidenceFramework parse(String token) { | |
| 71 | String upper = token.toUpperCase(Locale.ROOT); | |
| 72 | for (EvidenceFramework framework : values()) { | |
| 73 |
2
1. parse : removed conditional - replaced equality check with true → KILLED 2. parse : removed conditional - replaced equality check with false → KILLED |
if (framework.canonicalToken.toUpperCase(Locale.ROOT).equals(upper)) { |
| 74 |
1
1. parse : replaced return value with null for org/egothor/methodatlas/evidence/EvidenceFramework::parse → KILLED |
return framework; |
| 75 | } | |
| 76 | } | |
| 77 | String valid = Stream.of(values()) | |
| 78 | .map(EvidenceFramework::canonicalToken) | |
| 79 | .collect(Collectors.joining(", ")); | |
| 80 | throw new IllegalArgumentException( | |
| 81 | "Unknown framework '" + token + "'. Valid values: " + valid); | |
| 82 | } | |
| 83 | } | |
Mutations | ||
| 53 |
1.1 |
|
| 73 |
1.1 2.2 |
|
| 74 |
1.1 |