[backend/frontend] Add new IMEI, ICCID and IMSI Observables (#3182)

[labo-flg]

Proposed changes

• Added support for three new observable types
  • IMEI
  • ICCID
  • IMSI
• Added relationships
  • IMEI ↔ ICCID — uses
  • IMSI ↔ IMEI — uses
  • ICCID ↔ IMSI — has
  • IMSI ↔ phone number — uses
  • ICCID ↔ phone number — resolves-to
  • IMEI → MAC address — has

Related issues

• Related to Add new observable types: IMEI / ICCID / IMSI #3182

Checklist

• I consider the submitted work as finished
• I tested the code for its functionality
• I wrote test cases for the relevant uses case (coverage and e2e)
• I added/update the relevant documentation (either on github or on notion)
• Where necessary I refactored code to improve the overall quality

Further comments

This PR initial state is a mirror of #13588 by @scarletmerlin123
We identified some problems that need to be addressed before merging this new feature again.

[labo-flg]

thanks @lndrtrbn !

The e2e test you added is a good start. We need to expand the suite and test more observables types.

[lndrtrbn]

1. Global approach

To manage IMEI, ICCID and IMSI values correctness in frontend: code does not make any implicit transformation, user has to enter a valid value without any dashes. If any other character than number is entered or length is invalid, the input is red with an error message on it, the form cannot be submitted.

It's what you have done already for ICCID and IMSI, need to do the same for IMEI.

2. Client Python

EDIT: this part is done

Code looks good to me, just the documentation in constans.py can be extended a bit to be similar to other observables.
For example for IMEI:

"""IMEI observable.

Represents an International Mobile Equipment Identity which is a phone serial number.

:param value: The IMEI value (required)
:type value: str
:param spec_version: STIX specification version, fixed to "2.1"
:type spec_version: str
:param object_marking_refs: List of marking definition references
:type object_marking_refs: list
"""

3. Frontend

EDIT: this part is done

Most of the changes are good, in the STIX Cyber Observable creation form (StixCyberObservableCreation.jsx):

• Simplify the regex that validate the IMEI value, only digits allowed, regex should be the same in frontend and backend,
• Remove the transformation of IMEI value in the submit function.

Add e2e tests that, for each new observable type: create one, create multiple in bulk.

For e2e tests, I have added a commit that contains an example of observable creation, I will also add a test for bulk creation for example.

When modifications are done, verify if some translations are no more used and remove them.

4. Backend

Verify that stix converter is ok in stix-2-1-converter.ts. I'll ask confirmation but I think the following is enough (@SouadHadjiat do you confirm?):

const convertIMEIToStix = (instance: StoreCyberObservable, type: string): SCO.StixIMEI => {
  assertType(ENTITY_IMEI, type);
  const stixCyberObject = buildStixCyberObservable(instance);
  return {
    ...stixCyberObject,
    value: instance.value,
    // No need for the rest as it's already present in extension
    // create by the function buildStixCyberObservable
  };
};

If my thoughts are confirmed, make the changes for the 3 observables.

On the same topic of stix conversion in stix-2-1-sco.d.ts. If I am correct, classes can be simplified to:

export interface StixIMEI extends StixCyberObject {
  value: string;
}

ABout tests, the test suite on observable CRUD operation is good. It would be nice to put them in separate files instead of all in stixCyberObservable-test.js as it is already a huge file.

I suggest having 3 files: imei-test.ts, imsi-test.ts, iccid-test.ts in the same folder as stixCyberObservable-test.js.

Note that new files are in TypeScript.

And on each file add some tests on the new relationships that can be created. There is examples in the file stixCoreRelationship-test.js.

---

As you can see there is not that much to change, mainly tests to add.

Thank you! You can ping me here when modifications are done.

[lndrtrbn]

Same remark for simplification

[lndrtrbn]

@SouadHadjiat cannot it be simplified with:

export interface StixIMEI extends StixCyberObject {
  value: string;
}

as the other props are already defined in extension of StixCyberObject

[lndrtrbn]

Same remark on simplification

[lndrtrbn]

Same remark on simplification

[Copilot]

Pull request overview

This pull request adds support for three new observable types - IMEI (International Mobile Equipment Identity), ICCID (Integrated Circuit Card Identifier), and IMSI (International Mobile Subscriber Identity) - to the OpenCTI platform. This is a mirror of PR #13588 with identified issues being addressed. The implementation includes the observable types themselves, validation logic, GraphQL schema definitions, frontend UI components, and Python client support. Additionally, it defines relationships between these observables and with existing types like phone numbers and MAC addresses.

Changes:

• Added three new observable types (IMEI, ICCID, IMSI) with validation, schema definitions, and conversion logic across backend, frontend, and Python client
• Implemented bidirectional and unidirectional relationships between the new observables and existing types (phone numbers, MAC addresses)
• Added comprehensive backend integration tests for create, read, update, and delete operations on the new observables

Reviewed changes

Copilot reviewed 37 out of 39 changed files in this pull request and generated 8 comments.

Show a summary per file

File	Description
opencti-platform/opencti-graphql/src/utils/syntax.js	Added regex validators for IMEI (15-16 digits), ICCID (18-22 digits), and IMSI (14-15 digits)
opencti-platform/opencti-graphql/src/schema/stixCyberObservable.ts	Registered new observable type constants
opencti-platform/opencti-graphql/src/database/stix.ts	Added relationship mappings between new observables and existing types
opencti-platform/opencti-graphql/config/schema/opencti.graphql	Added GraphQL type definitions and input types for IMEI, ICCID, and IMSI
opencti-platform/opencti-graphql/tests/03-integration/02-resolvers/stixCyberObservable-test.js	Added comprehensive CRUD tests for all three new observable types
opencti-platform/opencti-front/src/private/components/observations/stix_cyber_observables/StixCyberObservableCreation.jsx	Added form validation and IMEI special character handling
opencti-platform/opencti-front/src/utils/Colors.js	Added color mappings for new observable types
opencti-platform/opencti-front/lang/front/*.json	Added translations for new observable types and validation messages in 7 languages
opencti-platform/opencti-front/tests_e2e/observables/emailMessage.spec.ts	Added E2E test file (unrelated to this PR)
client-python/pycti/utils/constants.py	Added custom observable class definitions for IMEI, ICCID, and IMSI
client-python/pycti/entities/opencti_stix_cyber_observable.py	Added creation logic for new observable types

[codecov]

Codecov Report

❌ Patch coverage is 50.79365% with 93 lines in your changes missing coverage. Please review.
✅ Project coverage is 25.71%. Comparing base (4096009) to head (2cd305e).
⚠️ Report is 1 commits behind head on master.

Files with missing lines	Patch %	Lines
...opencti-graphql/src/database/stix-2-1-converter.ts	15.00%	51 Missing ⚠️
..._cyber_observables/StixCyberObservableCreation.jsx	0.00%	12 Missing ⚠️
...on/pycti/entities/opencti_stix_cyber_observable.py	25.00%	9 Missing ⚠️
...pencti-graphql/src/database/stix-representative.ts	0.00%	9 Missing ⚠️
...encti-platform/opencti-graphql/src/utils/syntax.js	50.00%	6 Missing ⚠️
...platform/opencti-front/src/components/ItemIcon.tsx	0.00%	3 Missing ⚠️
opencti-platform/opencti-front/src/utils/Entity.ts	0.00%	3 Missing ⚠️

❗ There is a different number of reports uploaded between BASE (4096009) and HEAD (2cd305e). Click for more details.

HEAD has 2 uploads less than BASE

Flag	BASE (4096009)	HEAD (2cd305e)
opencti-graphql	6	4

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #14237      +/-   ##
==========================================
- Coverage   32.36%   25.71%   -6.66%     
==========================================
  Files        3097     3097              
  Lines      210976   211165     +189     
  Branches    38233    35460    -2773     
==========================================
- Hits        68280    54296   -13984     
- Misses     142696   156869   +14173     

Flag	Coverage Δ
opencti-client-python	45.51% <62.50%> (+0.03%)	⬆️
opencti-front	2.82% <0.00%> (-0.01%)	⬇️
opencti-graphql	51.85% <55.10%> (-15.89%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.