Add validation check for diagram document directly in @href

src/validations/constraints/fedramp-external-constraints.xml

@@ -235,20 +235,20 @@
                 <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#system-name-abbreviation-and-fedramp-unique-identifier"/>
                 <message>A FedRAMP SSP MUST have a short system name.</message>
             </expect>
-            <expect id="has-authorization-boundary-diagram-link-href-target" target="." test="exists(//resource[@uuid eq substring-after($authorization-boundary-link, '#')])" level="ERROR">
+            <expect id="has-authorization-boundary-diagram-link-href-target" target="." test="not(starts-with(system-characteristics/authorization-boundary/diagram/link/@href, '#')) or exists(//resource[@uuid eq substring-after($authorization-boundary-link, '#')])" level="ERROR">
                 <formal-name>Has Authorization Boundary Diagram Link Href Target</formal-name>
                 <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#authorization-boundary"/>
-                <message>A FedRAMP SSP authorization boundary diagram MUST reference a resource representing the diagram document.</message>
+                <message>A FedRAMP SSP MUST reference an authorization boundary diagram document.</message>
             </expect>
-            <expect id="has-data-flow-diagram-link-href-target" target="." test="exists(//resource[@uuid eq substring-after($data-flow-link, '#')])" level="ERROR">
+            <expect id="has-data-flow-diagram-link-href-target" target="." test="not(starts-with(system-characteristics/data-flow/diagram/link/@href, '#')) or exists(//resource[@uuid eq substring-after($data-flow-link, '#')])" level="ERROR">
                 <formal-name>Has Data Flow Diagram Link Href Target</formal-name>
                 <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#data-flow"/>
-                <message>A FedRAMP SSP data flow diagram MUST reference a resource representing the diagram document.</message>
+                <message>A FedRAMP SSP MUST reference a data flow diagram document.</message>
             </expect>
-            <expect id="has-network-architecture-diagram-link-href-target" target="." test="exists(//resource[@uuid eq substring-after($network-architecture-link, '#')])" level="ERROR">
+            <expect id="has-network-architecture-diagram-link-href-target" target="." test="not(starts-with(system-characteristics/network-architecture/diagram/link/@href, '#')) or exists(//resource[@uuid eq substring-after($network-architecture-link, '#')])" level="ERROR">
                 <formal-name>Has Network Architecture Diagram Link Href Target</formal-name>
                 <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#network-architecture"/>
-                <message>A FedRAMP SSP network architecture diagram MUST reference a resource representing the diagram document.</message>
+                <message>A FedRAMP SSP MUST reference a network architecture diagram document.</message>
             </expect>
         </constraints>
     </context>

src/validations/constraints/unit-tests/has-authorization-boundary-diagram-link-href-target-PASS.yaml

@@ -1,9 +1,12 @@
 test-case:
   name: Positive Test for has-authorization-boundary-diagram-link-href-target
   description: >-
-    This test case validates the behavior of constraint
-    has-authorization-boundary-diagram-link-href-target
-  content: ../content/ssp-all-VALID.xml
+    This test case validates the behavior of constraint has-authorization-boundary-diagram-link-href-target.
+    Scenario 1: Tests an @href that references a resource in the back-matter.
+    Scenario 2: Tests a link provided directly in the @href.
+  content: 
+    - ../content/ssp-all-VALID.xml
+    - ../content/ssp-has-authorization-boundary-diagram-link-href-target-VALID-1.xml
   expectations:
     - constraint-id: has-authorization-boundary-diagram-link-href-target
       result: pass

src/validations/constraints/unit-tests/has-data-flow-diagram-link-href-target-PASS.yaml

@@ -1,9 +1,12 @@
 test-case:
   name: Positive Test for has-data-flow-diagram-link-href-target
   description: >-
-    This test case validates the behavior of constraint
-    has-data-flow-diagram-link-href-target
-  content: ../content/ssp-all-VALID.xml
+    This test case validates the behavior of constraint has-data-flow-diagram-link-href-target.
+    Scenario 1: Tests an @href that references a resource in the back-matter.
+    Scenario 2: Tests a link provided directly in the @href.
+  content: 
+    - ../content/ssp-all-VALID.xml
+    - ../content/ssp-has-data-flow-diagram-link-href-target-VALID-1.xml
   expectations:
     - constraint-id: has-data-flow-diagram-link-href-target
       result: pass

src/validations/constraints/unit-tests/has-network-architecture-diagram-link-href-target-PASS.yaml

@@ -1,9 +1,12 @@
 test-case:
   name: Positive Test for has-network-architecture-diagram-link-href-target
   description: >-
-    This test case validates the behavior of constraint
-    has-network-architecture-diagram-link-href-target
-  content: ../content/ssp-all-VALID.xml
+    This test case validates the behavior of constraint has-network-architecture-diagram-link-href-target.
+    Scenario 1: Tests an @href that references a resource in the back-matter.
+    Scenario 2: Tests a link provided directly in the @href.
+  content: 
+    - ../content/ssp-all-VALID.xml
+    - ../content/ssp-has-network-architecture-diagram-link-href-target-VALID-1.xml
   expectations:
     - constraint-id: has-network-architecture-diagram-link-href-target
       result: pass