[backend] Based on relationship should inherit markings & restriction…

…s when created from Indicators or observables (#6068)

opencti-platform/opencti-graphql/src/domain/stixCyberObservable.js

@@ -31,7 +31,7 @@ import {
   isStixCyberObservableHashedObservable,
   stixCyberObservableOptions
 } from '../schema/stixCyberObservable';
-import { ABSTRACT_STIX_CYBER_OBSERVABLE, buildRefRelationKey, INPUT_CREATED_BY, INPUT_LABELS, INPUT_MARKINGS } from '../schema/general';
+import { ABSTRACT_STIX_CYBER_OBSERVABLE, buildRefRelationKey, INPUT_CREATED_BY, INPUT_GRANTED_REFS, INPUT_LABELS, INPUT_MARKINGS } from '../schema/general';
 import { RELATION_CONTENT, RELATION_SERVICE_DLL } from '../schema/stixRefRelationship';
 import { RELATION_BASED_ON, RELATION_HAS } from '../schema/stixCoreRelationship';
 import { ENTITY_TYPE_VULNERABILITY } from '../schema/stixDomainObject';
@@ -137,6 +137,7 @@ const createIndicatorFromObservable = async (context, user, input, observable) =
         x_opencti_score: observable.x_opencti_score,
         createdBy: input.createdBy,
         objectMarking: input.objectMarking,
+        objectOrganization: input.objectOrganization,
         objectLabel: input.objectLabel,
         externalReferences: input.externalReferences,
         update: true,
@@ -154,8 +155,9 @@ export const promoteObservableToIndicator = async (context, user, observableId)
   const observable = await storeLoadByIdWithRefs(context, user, observableId);
   const objectLabel = (observable[INPUT_LABELS] ?? []).map((n) => n.internal_id);
   const objectMarking = (observable[INPUT_MARKINGS] ?? []).map((n) => n.internal_id);
+  const objectOrganization = (observable[INPUT_GRANTED_REFS] ?? []).map((n) => n.internal_id);
   const createdBy = observable[INPUT_CREATED_BY]?.internal_id;
-  await createIndicatorFromObservable(context, user, { objectLabel, objectMarking, createdBy }, observable);
+  await createIndicatorFromObservable(context, user, { objectLabel, objectMarking, objectOrganization, createdBy }, observable);
   return observable;
 };
 

opencti-platform/opencti-graphql/src/modules/indicator/indicator-domain.ts

@@ -14,6 +14,7 @@ import {
   buildRefRelationKey,
   INPUT_CREATED_BY,
   INPUT_EXTERNAL_REFS,
+  INPUT_GRANTED_REFS,
   INPUT_LABELS,
   INPUT_MARKINGS
 } from '../../schema/general';
@@ -154,7 +155,7 @@ export const findIndicatorsForDecay = (context: AuthContext, user: AuthUser, max
 export const createObservablesFromIndicator = async (
   context: AuthContext,
   user: AuthUser,
-  input: { objectLabel?: string[] | null; objectMarking?: string[] | null; createdBy?: string | null; externalReferences?: string[] | null; },
+  input: { objectLabel?: string[] | null; objectMarking?: string[] | null; objectOrganization?: string[] | null; createdBy?: string | null; externalReferences?: string[] | null; },
   indicator: StoreEntityIndicator,
 ) => {
   const { pattern } = indicator;
@@ -170,6 +171,7 @@ export const createObservablesFromIndicator = async (
       x_opencti_score: indicator.x_opencti_score,
       createdBy: input.createdBy,
       objectMarking: input.objectMarking,
+      objectOrganization: input.objectOrganization,
       objectLabel: input.objectLabel,
       externalReferences: input.externalReferences,
       update: true,
@@ -183,7 +185,13 @@ export const createObservablesFromIndicator = async (
   }
   await Promise.all(
     observablesToLink.map((observableToLink) => {
-      const relationInput = { fromId: indicator.id, toId: observableToLink, relationship_type: RELATION_BASED_ON };
+      const relationInput = {
+        fromId: indicator.id,
+        toId: observableToLink,
+        relationship_type: RELATION_BASED_ON,
+        objectMarking: input.objectMarking,
+        objectOrganization: input.objectOrganization,
+      };
       return createRelation(context, user, relationInput);
     })
   );
@@ -193,9 +201,10 @@ export const promoteIndicatorToObservable = async (context: AuthContext, user: A
   const indicator: StoreEntityIndicator = await storeLoadByIdWithRefs(context, user, indicatorId) as StoreEntityIndicator;
   const objectLabel = (indicator[INPUT_LABELS] ?? []).map((n) => n.internal_id);
   const objectMarking = (indicator[INPUT_MARKINGS] ?? []).map((n) => n.internal_id);
+  const objectOrganization = (indicator[INPUT_GRANTED_REFS] ?? []).map((n) => n.internal_id);
   const externalReferences = (indicator[INPUT_EXTERNAL_REFS] ?? []).map((n) => n.internal_id);
   const createdBy = indicator[INPUT_CREATED_BY]?.internal_id;
-  const input = { objectLabel, objectMarking, createdBy, externalReferences };
+  const input = { objectLabel, objectMarking, objectOrganization, createdBy, externalReferences };
   return createObservablesFromIndicator(context, user, input, indicator);
 };
 
@@ -272,7 +281,13 @@ export const addIndicator = async (context: AuthContext, user: AuthUser, indicat
   const created = await createEntity(context, user, finalIndicatorToCreate, ENTITY_TYPE_INDICATOR);
   await Promise.all(
     observablesToLink.map((observableToLink) => {
-      const input = { fromId: created.id, toId: observableToLink, relationship_type: RELATION_BASED_ON };
+      const input = {
+        fromId: created.id,
+        toId: observableToLink,
+        relationship_type: RELATION_BASED_ON,
+        objectMarking: indicator.objectMarking,
+        objectOrganization: indicator.objectOrganization,
+      };
       return createRelation(context, user, input);
     })
   );

opencti-platform/opencti-graphql/src/modules/playbook/playbook-components.ts

@@ -867,6 +867,7 @@ const PLAYBOOK_CREATE_INDICATOR_COMPONENT: PlaybookComponent<CreateIndicatorConf
         }
         const pattern = await createStixPattern(context, AUTOMATION_MANAGER_USER, key, value);
         const { score } = observable.extensions[STIX_EXT_OCTI_SCO];
+        const { granted_refs } = observable.extensions[STIX_EXT_OCTI];
         if (pattern) {
           const indicatorData = {
             name: indicatorName,
@@ -902,16 +903,26 @@ const PLAYBOOK_CREATE_INDICATOR_COMPONENT: PlaybookComponent<CreateIndicatorConf
           if (observable.extensions[STIX_EXT_OCTI_SCO].external_references) {
             indicator.external_references = observable.extensions[STIX_EXT_OCTI_SCO].external_references;
           }
+          if (granted_refs) {
+            indicator.extensions[STIX_EXT_OCTI].granted_refs = granted_refs;
+          }
           bundle.objects.push(indicator);
           const relationship = {
             id: `relationship--${generateInternalId()}`,
             type: 'relationship',
             source_ref: indicator.id,
             target_ref: observable.id,
             relationship_type: RELATION_BASED_ON,
+            object_marking_refs: observable.object_marking_refs ?? [],
             created: now(),
-            modified: now()
+            modified: now(),
+            extensions: {
+              [STIX_EXT_OCTI]: {}
+            }
           } as StixRelation;
+          if (granted_refs) {
+            relationship.extensions[STIX_EXT_OCTI].granted_refs = granted_refs;
+          }
           bundle.objects.push(relationship);
           return { output_port: 'out', bundle };
         }
@@ -954,12 +965,13 @@ const PLAYBOOK_CREATE_OBSERVABLE_COMPONENT: PlaybookComponent<CreateObservableCo
         for (let indexObservable = 0; indexObservable < observables.length; indexObservable += 1) {
           const observable = observables[indexObservable];
           const description = indicator.description ?? `Simple observable of indicator {${indicator.name || indicator.pattern}}`;
-          const { score } = indicator.extensions[STIX_EXT_OCTI];
+          const { score, granted_refs } = indicator.extensions[STIX_EXT_OCTI];
           const observableData = {
             ...R.dissoc('type', observable),
             x_opencti_score: score,
             x_opencti_description: description,
             extensions: {
+              [STIX_EXT_OCTI]: {},
               [STIX_EXT_OCTI_SCO]: {
                 score,
                 description,
@@ -987,16 +999,26 @@ const PLAYBOOK_CREATE_OBSERVABLE_COMPONENT: PlaybookComponent<CreateObservableCo
           if (indicator.external_references) {
             stixObservable.extensions[STIX_EXT_OCTI_SCO].external_references = indicator.external_references;
           }
+          if (granted_refs) {
+            stixObservable.extensions[STIX_EXT_OCTI].granted_refs = granted_refs;
+          }
           bundle.objects.push(stixObservable);
           const relationship = {
             id: `relationship--${generateInternalId()}`,
             type: 'relationship',
             source_ref: indicator.id,
             target_ref: stixObservable.id,
             relationship_type: RELATION_BASED_ON,
+            object_marking_refs: indicator.object_marking_refs ?? [],
             created: now(),
-            modified: now()
+            modified: now(),
+            extensions: {
+              [STIX_EXT_OCTI]: {}
+            }
           } as StixRelation;
+          if (granted_refs) {
+            relationship.extensions[STIX_EXT_OCTI].granted_refs = granted_refs;
+          }
           bundle.objects.push(relationship);
         }
         return { output_port: 'out', bundle };