Handle multiple requirement mapping sets in libraries

backend/app_tests/api/test_api_libraries.py

@@ -137,7 +137,7 @@ def test_import_risk_matrix(self, test):
         )
         lib_detail_response = lib_detail_response.content
         lib_detail_response = json.loads(lib_detail_response)
-        lib_detail_response = lib_detail_response["risk_matrix"][0]
+        lib_detail_response = lib_detail_response["risk_matrices"][0]
 
         # Asserts that the library is not already loaded
         assert RiskMatrix.objects.all().count() == 0, (

backend/core/models.py

@@ -320,7 +320,7 @@ def store_library_content(
             outdated_library.delete()
 
         objects_meta = {
-            key: (1 if key in ["framework", "requirement_mapping_set"] else len(value))
+            key: (1 if key == "framework" else len(value))
             for key, value in library_data["objects"].items()
         }
 
@@ -391,7 +391,10 @@ def __init__(self, old_library: Type["LoadedLibrary"], new_library: StoredLibrar
         if self.dependencies is None:
             self.dependencies = []
         self.new_framework = new_library_content.get("framework")
-        self.new_matrices = new_library_content.get("risk_matrix")
+        # Meaning the risk_matrix field will be ignored if a risk_matrices field is defined during an update.
+        self.new_matrices = new_library_content.get(
+            "risk_matrices"
+        ) or new_library_content.get("risk_matrix")
         self.threats = new_library_content.get("threats", [])
         self.reference_controls = new_library_content.get("reference_controls", [])
         self.new_objects = {obj["urn"].lower(): obj for obj in self.threats}

backend/library/libraries/critical_risk_matrix_3x3.yaml

@@ -3,12 +3,12 @@ locale: en
 ref_id: critical_3x3
 name: Critical risk matrix 3x3
 description: Critical risk matrix 3x3
-version: 1
+version: 2
 publication_date: 2024-03-02
 provider: intuitem
 packager: intuitem
 objects:
-  risk_matrix:
+  risk_matrices:
     - urn: urn:intuitem:risk:matrix:critical_risk_matrix_3x3
       ref_id: critical_3x3
       name: critical 3x3

backend/library/libraries/critical_risk_matrix_5x5.yaml

@@ -3,7 +3,7 @@ locale: en
 ref_id: critical_5x5
 name: Critical risk matrix 5x5
 description: Critical risk matrix 5x5
-version: 2
+version: 3
 publication_date: 2024-03-02
 provider: intuitem
 packager: intuitem
@@ -12,161 +12,161 @@ translations:
     name: Matrice de risque critique 5x5
     description: Matrice de risque critique 5x5
 objects:
-  risk_matrix:
-    - urn: urn:intuitem:risk:matrix:critical_risk_matrix_5x5
-      ref_id: critical_5x5
-      name: critical 5x5
-      description: critical risk matrix 5x5
-      translations:
-        fr:
-          name: Matrice de risque critique 5x5
-          description: Matrice de risque critique 5x5
-      probability:
-        - abbreviation: VL
-          name: Very Low
-          description: Very unfrequent event
-          hexcolor: '#BBF7D0'
-          translations:
-            fr:
-              name: Très faible
-              description: Événement très peu fréquent
-        - abbreviation: L
-          name: Low
-          description: Unfrequent event
-          hexcolor: '#BEF264'
-          translations:
-            fr:
-              name: Faible
-              description: Événement peu fréquent
-        - abbreviation: M
-          name: Medium
-          description: Occasional event
-          hexcolor: '#FEF08A'
-          translations:
-            fr:
-              name: Moyen
-              description: Événement occasionnel
-        - abbreviation: H
-          name: High
-          description: Frequent event
-          hexcolor: '#FBBF24'
-          translations:
-            fr:
-              name: Élevé
-              description: Événement fréquent
-        - abbreviation: VH
-          name: Very High
-          description: Very frequent event
-          hexcolor: '#F87171'
-          translations:
-            fr:
-              name: Très élevé
-              description: Événement très fréquent
-      impact:
-        - abbreviation: VL
-          name: Very Low
-          description: Very low impact
-          hexcolor: '#BBF7D0'
-          translations:
-            fr:
-              name: Très faible
-              description: Impact très faible
-        - abbreviation: L
-          name: Low
-          description: Low impact
-          hexcolor: '#BEF264'
-          translations:
-            fr:
-              name: Faible
-              description: Impact faible
-        - abbreviation: M
-          name: Medium
-          description: Medium impact
-          hexcolor: '#FEF08A'
-          translations:
-            fr:
-              name: Moyen
-              description: Impact moyen
-        - abbreviation: H
-          name: High
-          description: High impact
-          hexcolor: '#FBBF24'
-          translations:
-            fr:
-              name: Élevé
-              description: Impact élevé
-        - abbreviation: VH
-          name: Very High
-          description: Very high impact
-          hexcolor: '#F87171'
-          translations:
-            fr:
-              name: Très élevé
-              description: Impact très élevé
-      risk:
-        - abbreviation: VL
-          name: Very Low
-          description: negligible risk
-          hexcolor: "#BBF7D0"
-          translations:
-            fr:
-              name: Très faible
-              description: Risque négligeable
-        - abbreviation: L
-          name: Low
-          description: acceptable risk
-          hexcolor: "#BEF264"
-          translations:
-            fr:
-              name: Faible
-              description: Risque acceptable
-        - abbreviation: M
-          name: Medium
-          description: risk requiring mitigation within 2 years
-          hexcolor: "#FEF08A"
-          translations:
-            fr:
-              name: Moyen
-              description: Risque nécessitant une atténuation dans les 2 ans
-        - abbreviation: H
-          name: High
-          description: risk requiring mitigation within 6 months
-          hexcolor: "#FBBF24"
-          translations:
-            fr:
-              name: Élevé
-              description: Risque nécessitant une atténuation dans les 6 mois
-        - abbreviation: VH
-          name: Very High
-          description: unacceptable risk
-          hexcolor: "#F87171"
-          translations:
-            fr:
-              name: Très élevé
-              description: Risque inacceptable
-      grid:
-        - - 0
-          - 0
-          - 1
-          - 1
-          - 2
-        - - 0
-          - 1
-          - 1
-          - 2
-          - 2
-        - - 1
-          - 1
-          - 2
-          - 2
-          - 3
-        - - 1
-          - 2
-          - 2
-          - 3
-          - 4
-        - - 2
-          - 2
-          - 3
-          - 4
-          - 4
+  risk_matrices:
+  - urn: urn:intuitem:risk:matrix:critical_risk_matrix_5x5
+    ref_id: critical_5x5
+    name: critical 5x5
+    description: critical risk matrix 5x5
+    translations:
+      fr:
+        name: Matrice de risque critique 5x5
+        description: Matrice de risque critique 5x5
+    probability:
+      - abbreviation: VL
+        name: Very Low
+        description: Very unfrequent event
+        hexcolor: '#BBF7D0'
+        translations:
+          fr:
+            name: Très faible
+            description: Événement très peu fréquent
+      - abbreviation: L
+        name: Low
+        description: Unfrequent event
+        hexcolor: '#BEF264'
+        translations:
+          fr:
+            name: Faible
+            description: Événement peu fréquent
+      - abbreviation: M
+        name: Medium
+        description: Occasional event
+        hexcolor: '#FEF08A'
+        translations:
+          fr:
+            name: Moyen
+            description: Événement occasionnel
+      - abbreviation: H
+        name: High
+        description: Frequent event
+        hexcolor: '#FBBF24'
+        translations:
+          fr:
+            name: Élevé
+            description: Événement fréquent
+      - abbreviation: VH
+        name: Very High
+        description: Very frequent event
+        hexcolor: '#F87171'
+        translations:
+          fr:
+            name: Très élevé
+            description: Événement très fréquent
+    impact:
+      - abbreviation: VL
+        name: Very Low
+        description: Very low impact
+        hexcolor: '#BBF7D0'
+        translations:
+          fr:
+            name: Très faible
+            description: Impact très faible
+      - abbreviation: L
+        name: Low
+        description: Low impact
+        hexcolor: '#BEF264'
+        translations:
+          fr:
+            name: Faible
+            description: Impact faible
+      - abbreviation: M
+        name: Medium
+        description: Medium impact
+        hexcolor: '#FEF08A'
+        translations:
+          fr:
+            name: Moyen
+            description: Impact moyen
+      - abbreviation: H
+        name: High
+        description: High impact
+        hexcolor: '#FBBF24'
+        translations:
+          fr:
+            name: Élevé
+            description: Impact élevé
+      - abbreviation: VH
+        name: Very High
+        description: Very high impact
+        hexcolor: '#F87171'
+        translations:
+          fr:
+            name: Très élevé
+            description: Impact très élevé
+    risk:
+      - abbreviation: VL
+        name: Very Low
+        description: negligible risk
+        hexcolor: "#BBF7D0"
+        translations:
+          fr:
+            name: Très faible
+            description: Risque négligeable
+      - abbreviation: L
+        name: Low
+        description: acceptable risk
+        hexcolor: "#BEF264"
+        translations:
+          fr:
+            name: Faible
+            description: Risque acceptable
+      - abbreviation: M
+        name: Medium
+        description: risk requiring mitigation within 2 years
+        hexcolor: "#FEF08A"
+        translations:
+          fr:
+            name: Moyen
+            description: Risque nécessitant une atténuation dans les 2 ans
+      - abbreviation: H
+        name: High
+        description: risk requiring mitigation within 6 months
+        hexcolor: "#FBBF24"
+        translations:
+          fr:
+            name: Élevé
+            description: Risque nécessitant une atténuation dans les 6 mois
+      - abbreviation: VH
+        name: Very High
+        description: unacceptable risk
+        hexcolor: "#F87171"
+        translations:
+          fr:
+            name: Très élevé
+            description: Risque inacceptable
+    grid:
+      - - 0
+        - 0
+        - 1
+        - 1
+        - 2
+      - - 0
+        - 1
+        - 1
+        - 2
+        - 2
+      - - 1
+        - 1
+        - 2
+        - 2
+        - 3
+      - - 1
+        - 2
+        - 2
+        - 3
+        - 4
+      - - 2
+        - 2
+        - 3
+        - 4
+        - 4

backend/library/libraries/map-nist-csf-1.1-iso27001-2022.yaml

@@ -3,7 +3,7 @@ locale: en
 ref_id: map-nist-csf-1.1-iso27001-2022
 name: Mapping from nist-csf-1.1 to iso27001-2022
 description: Mapping from nist-csf-1.1 to iso27001-2022
-version: 1
+version: 2
 publication_date: 2024-06-24
 copyright: NIST and ISO/IEC
 provider: NIST and ISO/IEC
@@ -12,8 +12,8 @@ dependencies:
 - urn:intuitem:risk:library:iso27001-2022
 - urn:intuitem:risk:library:nist-csf-1.1
 objects:
-  requirement_mapping_set:
-    urn: urn:intuitem:risk:req_mapping_set:nist-csf-1.1-to-iso27001-2022
+  requirement_mapping_sets:
+  - urn: urn:intuitem:risk:req_mapping_set:nist-csf-1.1-to-iso27001-2022
     ref_id: mapping-nist-csf-1.1-iso27001-2022
     name: mapping-nist-csf-1.1-iso27001-2022
     source_framework_urn: urn:intuitem:risk:framework:nist-csf-1.1