[backend] check entity type when adding related restrictions

opencti-platform/opencti-graphql/src/database/middleware.js

@@ -2201,7 +2201,7 @@ export const updateAttributeMetaResolved = async (context, user, initial, inputs
         message: opts.commitMessage,
         external_references: references.map((ref) => convertExternalReferenceToStix(ref))
       } : undefined;
-      const relatedRestrictions = extractObjectsRestrictionsFromInputs(updatedInputs);
+      const relatedRestrictions = extractObjectsRestrictionsFromInputs(updatedInputs, initial.entity_type);
       const event = await storeUpdateEvent(context, user, initial, updatedInstance, message, { ...opts, commit, relatedRestrictions });
       return { element: updatedInstance, event, isCreation: false };
     }

opencti-platform/opencti-graphql/src/database/utils.js

@@ -4,7 +4,7 @@ import { Promise } from 'bluebird';
 import { DatabaseError, UnsupportedError } from '../config/errors';
 import { isHistoryObject, isInternalObject } from '../schema/internalObject';
 import { isStixMetaObject } from '../schema/stixMetaObject';
-import { isStixDomainObject } from '../schema/stixDomainObject';
+import { isStixDomainObject, isStixDomainObjectContainer } from '../schema/stixDomainObject';
 import { isStixCyberObservable } from '../schema/stixCyberObservable';
 import { isInternalRelationship } from '../schema/internalRelationship';
 import { isStixCoreRelationship } from '../schema/stixCoreRelationship';
@@ -327,14 +327,16 @@ export const extractIdsFromStoreObject = (instance) => {
   return ids;
 };
 
-export const extractObjectsRestrictionsFromInputs = (inputs) => {
+export const extractObjectsRestrictionsFromInputs = (inputs, entityType) => {
   const markings = [];
-  inputs.forEach((input) => {
-    if (input && input.key === INPUT_OBJECTS && input.value?.length > 0) {
-      const objectMarking = input.value.flatMap((value) => value[RELATION_OBJECT_MARKING] ?? []);
-      markings.push(...objectMarking);
-    }
-  });
+  if (isStixDomainObjectContainer(entityType)) {
+    inputs.forEach((input) => {
+      if (input && input.key === INPUT_OBJECTS && input.value?.length > 0) {
+        const objectMarking = input.value.flatMap((value) => value[RELATION_OBJECT_MARKING] ?? []);
+        markings.push(...objectMarking);
+      }
+    });
+  }
   return {
     markings
   };

opencti-platform/opencti-graphql/tests/01-unit/database/utils-test.ts

@@ -1,5 +1,6 @@
 import { describe, expect, it } from 'vitest';
 import { extractObjectsRestrictionsFromInputs } from '../../../src/database/utils';
+import { ENTITY_TYPE_CONTAINER_REPORT, ENTITY_TYPE_MALWARE } from '../../../src/schema/stixDomainObject';
 
 const inputs = [
   {
@@ -135,13 +136,18 @@ const relInputs = [
 
 describe('extractObjectsRestrictionsFromInputs testing', () => {
   it('should add inputs object-marking in stream when adding entity to a report', () => {
-    const relatedRestrictions = extractObjectsRestrictionsFromInputs(inputs);
+    const relatedRestrictions = extractObjectsRestrictionsFromInputs(inputs, ENTITY_TYPE_CONTAINER_REPORT);
     const expected = { markings: ['fa7fa933-7b65-463f-ac5e-aa33b2a36ce8', '056276ff-26dc-4774-a439-a36253a96939'] };
     expect(relatedRestrictions).toEqual(expected);
   });
   it('should add inputs object-marking in stream when adding relationship to a report', () => {
-    const relatedRestrictions = extractObjectsRestrictionsFromInputs(relInputs);
+    const relatedRestrictions = extractObjectsRestrictionsFromInputs(relInputs, ENTITY_TYPE_CONTAINER_REPORT);
     const expected = { markings: ['eaccd139-ec2e-48d9-b2ef-a17ba6e7e938'] };
     expect(relatedRestrictions).toEqual(expected);
   });
+  it('should not add inputs object-marking in stream if entity is not container', () => {
+    const relatedRestrictions = extractObjectsRestrictionsFromInputs(inputs, ENTITY_TYPE_MALWARE);
+    const expected = { markings: [] };
+    expect(relatedRestrictions).toEqual(expected);
+  });
 });